14 matches found
U.S. Government Bans Sale of Hacking Tools to Authoritarian Regimes
The U.S. Commerce Department on Wednesday announced new rules barring the sales of hacking software and equipment to authoritarian regimes and potentially facilitate human rights abuse for national security NS and anti-terrorism AT reasons. The mandate, which is set to go into effect in 90 days,...
Wassenaar Renegotiation Will Be in Trump Administration's Hands
A nearly two-year effort to renegotiate language related to export controls around intrusion software in the Wassenaar Arrangement was rejected earlier this month during the member states’ plenary meeting. This means that the overly broad language in the first draft of the rules, introduced in Ma...
White House Wants Wassenaar Renegotiation
The White House, lawmakers said yesterday, wants to renegotiate the divisive U.S. implementation of the Wassenaar Arrangement rules as they relate to intrusion software. A draft of the rules was pulled off the table in July by the Commerce Department’s Bureau of Industry and Security BIS followin...
Citing Wassenaar, HP Pulls out of Mobile Pwn2Own
More evidence of the potential chilling effect the Wassenaar Arrangement could have on security research surfaced this week when it was revealed HP has decided not to take part in November’s Mobile Pwn2Own hacking contest in Japan. Dragos Ruiu, who organizes the CanSecWest and PacSecWest...
'Prohibition Era' Of Security Research May Be Ahead
LAS VEGAS–Export controls have become a dirty phrase in the security community, especially among researchers, pen testers, and others who rely on vulnerability information and exploits to do their jobs. And if the Wassenaar Arrangement rules proposed by the United States aren’t modified...
Stakeholders Argue Against Restrictive Wassennaar Proposal
The commenting period regarding the Wassenaar Arrangement expired on Monday but the echo chamber around the largely maligned proposal continues to reverberate. Several stakeholders implicated in the proposal added their voices to that chamber on Friday morning, urging the government to revise...
Google Calls Proposed U.S. Wassenaar Rules 'Not Feasible'
As the clock winds down on the comment period for the United States government’s proposed implementation of the Wassenaar Arrangement export controls for intrusion software, Google officials say that the rules would have a “significant negative impact” on security research. The Department of...
Coalition of Security Companies Forms to Oppose Wassenaar Rules
A large group of security companies have formed a coalition to oppose the proposed rules from the Department of Commerce that would regulate the export of so-called intrusion software, a broad term that researchers and legal experts are concerned would limit security research and development. The...
Hackers Release Hacking Team Internal Documents After Breach
Attackers have compromised the network of Italian intrusion software vendor Hacking Team and released a large cache of the company’s private documents, including customer invoices that show sales to oppressive governments. The incident came to light Sunday evening when unnamed attackers released ...
Senator Demands Answers on FBI's Use of Zero Days, Phishing
The chairman of the powerful Senate Judiciary Committee is asking some pointed questions of the FBI director about the bureau’s use of zero-day vulnerabilities, phishing attacks, spyware, and other controversial tools. Sen. Charles Grassley R-Iowa has sent a letter to FBI Director James Comey...
Wassenaar, Bug Bounties and Vulnerability Rewards Programs
Bug bounties have gone from novelty to necessity, not only for enterprises looking to take advantage of the skills of an organized pool of vulnerability hunters, but also for a slew of independent researchers who make a living contributing to various vendor and independent bounty and reward...
Security Researchers Publish Comments on Wassenaar Rules
With the two-month comment period for the proposed U.S. Wassenaar Arrangement rules barely under way, a cast of influential security researchers has wasted no time preparing and submitting their thoughts on the controversial proposal. Researchers who seek out vulnerabilities in software—developin...
Proposed U.S. Wassenaar Rules on Intrusion Software
Two things worth noting from yesterday’s unveiling of the Bureau of Industry and Security’s proposed Wassenaar rules for the U.S. that weren’t so overt: a The U.S. generally leads the way in implementing Wassenaar changes, and this time it’s been beaten by the EU by almost 18 months; and b reques...
Researchers Wary of Wassenaar Arrangement Proposed Rules
Professional security researchers concerned about proposed changes to the Computer Fraud and Abuse Act CFAA that include stiff penalties for what today is considered legitimate offensive research, are worried about another impending punch to the gut. The Commerce Department’s Bureau of Industry a...