Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Rewrites Wassenaar Arms Control Pact To Protect The Infosec Industry (theregister.co.uk)

Posted by EditorDavid on from the chilling-effects dept.

The Wassenaar Arrangement "is threatening to choke the cyber-security industry, according to a consortium of cyber-security companies...supported by Microsoft among others," reports SC Magazine. "'Because the regulation is so overly broad, it would require cyber responders and security researchers to obtain an export license prior to exchanging essential information to remediate a newly identified network vulnerability, even when that vulnerability is capable of being exploited for purposes of surveillance,' wrote Alan Cohn from the CRC on a Microsoft blog." Reporter Darren Pauli contacted Slashdot with this report: If the Wassenaar Arrangement carries through under its current state, it will force Microsoft to submit some 3800 applications for arms export every year, company assistant general counsel Cristin Goodwin says... The Wassenaar Arrangement caught all corners of the security industry off guard, but its full potentially-devastating effects will only be realised in coming months and years... Goodwin and [Symantec director of government affairs] Fletcher are calling on the industry to lobby their agencies to overhaul the dual-use software definition of the Arrangement ahead of a closed-door meeting in September where changes can be proposed.

20 comments

  1. fuck microsoft by Anonymous Coward · · Score: 0

    they should institute the pact the way it is. its good. its there for good reason. do you want russia, china, india getting american software and more imporantly tech support???

    1. Re:fuck microsoft by Intron · · Score: 2

      they should institute the pact the way it is. its good. its there for good reason. do you want russia, china, india getting american software and more imporantly tech support???

      The problem is that although it is intended to make you more secure it might have the effect of making you less secure. Kind of like Norton AV.

      --
      Intron: the portion of DNA which expresses nothing useful.
    2. Re:fuck microsoft by sittingnut · · Score: 1

      do you know what you are talking about?

      do you want russia, china, india getting american software and more imporantly tech support???

      in the 1st place russia is part of wassenaar arrangement . while china and india aren't. so you can't group[ all three together in relation to this.

      -
      lefty protectionist editors here, as usual, display their ignorance and bias by linking M$ to denigrate. .

    3. Re:fuck microsoft by Anonymous Coward · · Score: 0

      What does "display their ignorance and bias by linking M$ to denigrate" mean, exactly? More importantly, what did it mean before you tried to translate it from Russian to English on Google?

      Fuck you, fuck paid shills and fuck Russia. Ignorance and bias indeed, I suppose coming from Stalin's homeland you'd be more than familiar with fucking ignorance.

    4. Re:fuck microsoft by Calydor · · Score: 1

      You need to take a deep breath and eat some ice cream before your next post.

      --
      -=This sig has nothing to do with my comment. Move along now=-
    5. Re:fuck microsoft by NotInHere · · Score: 1

      I think there is more tech support going from india to the US than from the US to india.

    6. Re:fuck microsoft by sittingnut · · Score: 1

      no surprise that sjw lefty editordavid, posting as AC, and driven mad by facts and exposure, has lost his basic ability to comprehend english. and vomit up his racist prejudices

  2. Its just greed...shut them down by Anonymous Coward · · Score: 0

    Microsoft should not be shipping security vulnerability fixes to hostile countries. That would be insane to aid states that work against the west. It should be harder for the China, Russia, and Syria of the world.

    1. Re:Its just greed...shut them down by jaredm1 · · Score: 2

      What about users in those countries who without a patch might get their computers compromised and become unwitting victims in the next botnet attack in the land of the free and its allies?

    2. Re: Its just greed...shut them down by Anonymous Coward · · Score: 0

      And you think those governments don't have hackers? That the governments themselves might use those exploits against their own domestic populations?

  3. I.e. by Anonymous Coward · · Score: 0

    Bribe like you have always bribed before!

  4. Another "secret" treaty... by houstonbofh · · Score: 1

    When the discussion of what goes in a treaty has to be secret, you know it is going to be bad for most people. (And very good for a select few.) How many times do we have to see this? I wonder what a cyber-spring will look like?

    1. Re:Another "secret" treaty... by Anonymous Coward · · Score: 0

      When the discussion of what goes in a treaty has to be secret, you know it is going to be bad for most people. (And very good for a select few.) How many times do we have to see this? I wonder what a cyber-spring will look like?

      If more citizens would stand up to their governments, they wouldn't pull crap like this. To quote a favorite line, "The people you are after are the people you depend on. We cook your meals, we haul your trash, we connect your calls, we drive your ambulances. We guard you while you sleep. Do not... fuck with us."

  5. We go through crap like this now by SwashbucklingCowboy · · Score: 1

    Dealing with UK export laws. I've had too many conversations with our trade compliance people about restrictions when having a dev team in the UK and pen testers in the US.

    1. Re: We go through crap like this now by Anonymous Coward · · Score: 0

      I'd think both sides of the pond would be interested in your traffic. Always nice to have some known neutral 3rd party actors to key filters off of and make sure the monitoring is working as intended.

  6. Good ol' 90's by Anonymous Coward · · Score: 0

    This reminds me of the Neder Hop song Wassenaar by Ross & Iba!

  7. Help yourself US GOV MICROSOFT? by Anonymous Coward · · Score: 0

    Microsoft arms? The public totally is for this right? Get fucking fuuuuuuuuuuuucked.

    >Symantec director of government affairs

    This line says volumes and is the low-level message in the summary. Spies better learn a trade. Build fucking something.

  8. Wassenaar disaster by WaffleMonster · · Score: 1

    Basically every bit of technology worth using is enumerated by this thing as dual use.

  9. Re:Wassenaar disaster... targetting Open Source by knorthern+knight · · Score: 1

    This may sound like tinfoil-hat territory, but consider the following possibility. Software is allowed to cross borders... if a $100,000 annual licence fee is paid for "inspection". The big outfits like Microsoft and the big anti-virus companies like Symantec/Norton would have no problems finding $100,000 between the cushions of their sofas. It's loose change for them. But consider iptables, pfsense, tripwire, openssl, openssh etc, etc.

    This would be impossible for a few volunteers to do for their pet projects. Patches are submitted by developers from all over the planet... export. Mailing list archives are accessable from all over the planet.. export. Github and Sourceforge are accessable from all over the planet...export. A strict interpretation could shut down any open source effort that peripherally touches security. A *REALLY* strict interpretation could include any security fixes to Firefox or Pale Mooon or any other Open Source program.

    --

    I'm not repeating myself
    I'm an X window user; I'm an ex-Windows user