Ripping a morsel of a meal from the talons of El Reg, we end up with something indigestible.
Rapid7, the flingers of the exploitation / testing framework that is Metasploit have revealed the effect of recent US regulatory changes via their blog.
A snippet:
Due to changes in regulatory requirements that are applicable to Metasploit (Pro and Community) and similar products, as of Sunday, April 19, 2015, individuals outside of the US and Canada who would like to use Metasploit Pro or the Metasploit Community Edition will need to request a licence and provide additional information regarding themselves or their organization designation.
In accordance with the new requirements, the request will be reviewed by Rapid7 and, unless the user is a non-US or non-Canadian government agency (or is otherwise ineligible to receive the products without approval from the US Department of Commerce), the request will be fulfilled.
This affects licence requests made through Rapid7.com as well as any third party sites that currently offer Metasploit Pro or Community products for download.
It seems we are yet again on the Magic Roundabout of encryption export controls and Clipper chip madness... who knows, maybe this time around it will be effective.
(Score: 4, Informative) by cykros on Thursday April 23 2015, @12:53PM
UNLESS the user is a non-US or non-Canadian government agency (or is otherwise ineligible to receive the products without approval from the US Department of Commerce), the request will be fulfilled.
Doesn't sound like they're actually going quite as far as the old PGP restrictions did, wherein export was just banned, but it also doesn't sound like they've learned much about how software travels across wires that for whatever reason don't have any respect for where borders are since then. I suspect this will stop even fewer people than the PGP ban did, but it probably sure did help some politician look tough on hackers for his constituents.
I think this may function more as a test. "If you can't figure out how to proxy into the US to acquire Metasploit, you're probably not qualified to use it in the first place".
(Score: 2) by frojack on Thursday April 23 2015, @05:06PM
Doesn't sound like they're actually going quite as far as the old PGP restrictions did,
Who is this THEY that you refer to?
There has been no changes in US regulations.
No, you are mistaken. I've always had this sig.