Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Tag Archives: brucon

{Quick Post} DBAD License

In one of the many weird and wonderful hallway track conversations at this years BruCON conference, the topic of licensing came up. Not usually a wonderful topic, but something that seems to be a bit of a hot topic on a few fronts currently. As I’d just done some quick research on licenses for the Scythe framework, I thought back to the decisions I made on how and what my code could be used for. I wanted to make it as free as possible, but still retain some control over things. One thing I couldn’t control though was abusive companies using the software. Making something free for all to use means it’s free for ALL to use… not just the great people you meet at cons, be also the bad apples of the industry that continue to give us all a bad name.

This bought up a thought in my head, and despite that fact that people will poke holes in it, I wanted to share it with you before It drifts from my mind.

The basics are as follows. An addition that can be appended to any supporting license to add a single additional stipulation. That stipulation being that people listed on the Attrition.org charlatan list are not permitted to use the software. I’m no lawyer, but something like the following wording seems like it would make sense:

DBAD Clause

Redistribution, and use in source and binary forms, with or without modification, are permitted only to people or organizations not currently listed on the Attrition.org Charlatans list. An up to date version of this list can be found on the Arrition.org website at the following URL – http://attrition.org/errata/charlatan/

This clause does not affect or alter any other sections of the main license and is used only as an additional clause to a selected licensing scheme.

Feedback from the Twitters was mixed… and I know that licensing (especially amongst the GNU / Free Software community) is a tricky subject!

Yeah, I’m no lawyer… still, it’s a thought 😉

So DBAD… Don’t Be A Dick!

{BruCON LT} SSL Impersonation in 5 minutes or less!

After the roaring success acceptance of my lightning talk from day one of BruCON I decided to quickly throw together some slides on the on-going work I’m doing on SSL Impersonation in Metasploit. It’s only a quick dance through the reasons for the module and what it can do… with the odd sarcastic comment mixed in for good measure. Still, have fun 😉

As always if you have any constructive feedback please let me know… if you suck this bad, you can only get better right 😉

Hope to see you all at BruCON next year. Like I said at the end of my talk. Bring your lightning talks next year, else I’ll have to talk again… and nobody wants THAT!

BruCON 2011

It’s that time of year again when all the European hackers flock to Brussels to experience the best beer security Europe has to offer. BruCON is in its 3rd year now, and if the first 2 years have any say in it, I’m sure year 3 will be a blast.

I’ll be helping out a little with the lightning talks on day 2 and hopefully (if I can get time to finish start some slides), doing a quick lightening talk about as well. So many topics, so little time 😉 The organisers are still however looking for a few helping hands… so if you have an hour to help make BruCON great, head over here and put your name down! Be part of the solution!

If you’re interested in signing up for a lightening talk, head over to the BruCON site and sign-up… lots of fun to be had! There’s also a great list by @Security4all of the events going on around the conference (meet-ups parties, etc…). So make sure to check it out to get the best out of your trip.

I’ll be sticking around after the conference to attend the mobile application security testing class by Joe McCray… so if you’re around come and say hi!

Hope to see you there…

Links .: