Slashdot Mirror
KisMAC Developer Discontinues Project
mgv writes to let us know that the lead developer of KisMAC, a passive wireless network discovery tool for Mac OS X, is discontinuing the project. Michael Rossberg lives in Germany and that country has recently passed laws that would make his participation dangerous. He urges visitors to take a copy of KisMAC and its source as long as the site is up, so that development might be continued outside the US or EU. From the website: "There has not been a lot of time for KisMAC lately. However the motivation for this drastic step [lies] somewhere different. German laws change and are being adapted for 'better' protection against something politicians obviously do not understand. It will become illegal to develop, use or even posses KisMAC in this banana republic [i.e., Germany]."
... Kismac doesn't break into Apples, it lets Apples passively monitor networks and has some basic attack functionality integrated. Your post might be [vaguely] on topic if this was a discussion about an Apple firewall, but for a passive wireless network stumbler? I don't think so...
No matter what kind of bullshit laws get put into place to restrict 'cracking tools' - criminals will have them. Legally sticking your head in the sand will not make you any safer. Far better that tools like this are spread far and wide so that countermeasures, or at least recognition of the problems, are also spread far and wide.
When information is power, privacy is freedom.
Because of its vagueness, this yet to be commenced, but already passed law is a severe threat to the German security community! Experts of different interest groups have repeatedly expressed their serious concerns, but the politicans - naturally knowing better than any expert can - decided otherwise. For more information, please visit: http://www.phenoelit.de/202/202.html
Because if you put the book at the back of the shelf no one will ever find it?
Well if he were going to do that he probably wouldn't announce it.
Well, I have used it a bit, and I'm no professional. But having shown people how quickly their encryption fails is a good thing.
At the end of the day, your comment is one of security through obscurity.
Kismac doesn't hack the unhackable, it can however open up access points that are much less secure than their owners think, mostly due to failures by the vendors to use proper algorithms. Why this should bother you is unclear to me.
At the end of the day, the vendors are more likely to change their hardware if this sort of tool is widely available. If it was kept obscure, most hardware vendors would never patch their access points.
I've used it alot, but never actually hacked into anyone's computer by using it.
Its likely to be forked anyway and exist on in another country...
Michael (as the original poster of the article).
There is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.
If they wanted to charge him they still would and while he may still win because the program is running on a computer in a different country it still would cost him alot of time, money, and energy that he probably doesn't want to spend.
"Is there even a legitimate use for that?"
Under German law, now, even nmap could be considered evil. Tools like this and kismac are mostly used to see if your pants are around your ankles with regards to your network, either home or commercial.
Why should people with home networks not have this tool available? The German law is stupid and makes everyone a victim while not taking the tools out of the hands of people who will use them anyway for nefarious purposes.
I can kill people with a hammer, or I can use it to build things. I choose the latter. Should we outlaw hammers because some people illegaly misuse them?
--
BMO
What bothers me (i've never heard about this software before) is the trend for western countries to move away from individual freedom. I live in Australia, it is happening here - the doctor that was held without charge for 3 weeks. I know it's happening in the US, but now it seems to be happening in other western countries too. Are there any western countries whose citizens aren't losing their individual freedoms?
At least we are having an inquiry into the matter. How is it in other countries?
No matter what kind of bullshit laws get put into place to restrict 'cracking tools'
It's not to restrict the tools, it's just so they have more things to accuse you of when you're charged to get something to stick.
Your hair look like poop, Bob! - Wanker.
www.tribalnetworks.org - helping tribal people around the world to own their own means of high-tech communications
cool, just what every community needs - more ways to have charges stick when the government takes a dislike to you! assholes.
If you mod me down, I will become more powerful than you can imagine....
Brings to mind the riots in Sydney about a year ago. A sporting goods shop almost sold out of baseball bats in a couple of hours. The manager called the police to ask for a suggested course of action. The cops suggested the store stop selling baseball bats for the time being.
http://michaelsmith.id.au
Darn submit button! noticed that myself afterwards. I'm aware that on the older Macbooks (pre 2007) it works fine. But Apple has changed the chipset recently to Atheros and all kinds of problems have crept up, airport dropping connection and so on. It's understandable that KisMAC doesn't support it because its completely different chipset and they haven't updated KisMAC's hardware support after 2006.
www.tribalnetworks.org - helping tribal people around the world to own their own means of high-tech communications
a family of lawyers, I'd caution anyone tempted to think of this as an Us Vs. Them scenario. This kind of shit happens everywhere, and it's really only by having the protection of the guns of any particular country that you gain any measure of freedom past the average level that the man on the street considers the lowest possible. It sucks, but this is the reality of the situation. You've only got as much freedom as isn't either explicitly protected, or passed by when politicians make their rounds in "protecting" you against harming yourself.
Everything will be taken away from you.
Open-source should buy and island and form a new "country". Call it Stallmanland? Stalland? Nah. Needs work.
Table-ized A.I.
That is a difficult one. Whilst I think that the problem there is the person, not the bat, sometimes it is worth restricting some actions. I think that even the most pro gun supporter would say there is a limit on selling weapons. Its just where you want to draw the line. Baseball bats, knives, guns, semi-automatics, hand grenades, small tactical nukes? Somewhere along the line most people will agree its not a good idea to have these things for sale in the sports section of k-mart, irrespective of the individual's personal freedom. Most peoples rights to freedom should stop somewhere short of their right to kill them selves with a 10 megaton nuke in a densely populated city.
Now this is a little different from what KisMAC is about, however. Kismac is fairly useless if you have a good password and a network secured by a proper protocol. On networks that aren't properly secured, it can open them up with various amounts of grunt work, ranging from minutes to days.
Mostly, KisMAC helps secure the network by letting you attack your own network. It has very little to do with most current criminal activity online.
Criminalising this tool will not make people much safer, if at all. Arguably it makes things more secure - I've persuaded a number of people to change their encryption to WPA by demonstrating how quickly their base stations can be compromised.
Much better I do it than someone else.
I think the German authorities would be much better working on philshing attacks, scam emails, and so on.
Of course, that would require some real work, not like this...
Michael
There is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.
Kismet showed some family members why they needed both wireless encryption and MAC filtering. Telling them I was going to log every IM conversation, and then showing them the logs went a ways towards convincing them that their wireless was not really all that secure. They now know that MAC filtering only keeps out the honest, and WEP only hides their data with a thin layer of gauze, but at least it is their informed choice now.
Kismet and other wireless scanners have helped me pick out channels for my router based on where they have the least interference. I blame a cranky windows 'wireless assist tool' for picking the strongest AP instead of the one I select, but since it was what I was dealing with I just made the best out of it.
And yes, wireless scanners have also found me open hotspots to connect to when I am traveling. If the coffee shop leaves it on after hours, how am I supposed to ask for permission anyways?
Yes, but a politician can understand a hammer. It's heavy, blunt and simple on the whole (no comments on similarity ;) ) where as this new-fangled intarwebs-net-tubes and its associated applications must be dangerous in some way, otherwise children wouldn't be using it.
Or something like that.
Sirs,
Eventually you are missing the point. KisMac is a tool that can discover APs and Point to Point wireless network, Crack WEP, Crack WAP (given a dictionary) and make Injection Attacks with selected hardware (prism cards mostly). So it's just not a purely listening software neither limited to only apple basestations (Airport).
So long the problem is that Germany choose to make illegal tampering with telecomunications, which could be good, but eventually forgot to leave a exception of fair use for research pourposes which is not good.
Enrico
The locked door analogy just doesn't cut it. Think of the coffee shop having a robot butler that they forget to program correctly. It serves at all hours instead of just working hours. Who's fault would that be? Now, take your archaic straw man and get lost.
Note: I did not suggest or imply that I decoded their WEP key to get an internet connection.
To bring in the car analogy, this seems more like making cars and alcohol illegal instead of the act of drunk driving..
Of course driving and drinking everyone knows, so making them illegal would never even come into question.
Well, that particular example was some time ago, but I believe it was AIM. I think that was back between '00 and '03 but if I tried to narrow it down someone would probably point out that I couldn't have used Kismet since it was only release last month or something.
The irony of the situation is that the German government actively sponsors work on security tools such as GPG, OpenVAS, BOSS.
Tim Brown
MSN does not encrypt messages being transmitted at all, which I really hate, given it's popularity amongst friends of mine.
Part of being a good manager is that you directly manage only stuff you understand.
So if the owner of the company you work for has hired a competent CIO and lets him do his job, that is perfectly OK. In my experience, those who are halfway tech-savvy and start micromanaging things cause a lot more problems.
C - the footgun of programming languages
Umm, all of the most-used ones? AFAIK, Google Talk is the only one of the popular networks that does it, and that's because it's based on XMPP (Jabber).
Yahoo, MSN, AIM/ICQ, none of them have encryption. Whenever I find someone using Pidgin/Gaim I can convince them to install a plugin like gaim-encryption, but my buddies who use the official clients are sitting ducks (and me along with them).
i ate crayons when i was a kid and now i have two braincells and the blue ones taste nicer
How about Gnufoundland?
You're wrong: rights are a privilege, not a right.
First: If he accesses the server from germany, development will not be considered to happen outside of germany. Second: Won't matter anyway, as german law declares itself to be applicable to what a german does even outside of germany.
I don't buy this analogy, partly because trying your key randomly in order doors isn't going to work (ok there are certain flawed implementations but..) and secondly because it's not the use the tool was designed for. If anything you could say it's like a lock pick. You can use it to test how easy it is to break in to your house or you could use it to break in to someone else's house. Again, the problem is that people might be inclined to agree that lock picks should only be made available to licensed professionals. Don't get me wrong, I think both Kismac and lockpicks are fine. But I'm not sure society in general would agree with me.
I think that's against some unwritten rule. I mean, what would happen if there was a riot and a hockey game broke out?
It's not offtopic, dumbass. It's orthogonal.