Ripping a morsel of a meal from the talons of El Reg, we end up with something indigestible.
Rapid7, the flingers of the exploitation / testing framework that is Metasploit have revealed the effect of recent US regulatory changes via their blog.
A snippet:
Due to changes in regulatory requirements that are applicable to Metasploit (Pro and Community) and similar products, as of Sunday, April 19, 2015, individuals outside of the US and Canada who would like to use Metasploit Pro or the Metasploit Community Edition will need to request a licence and provide additional information regarding themselves or their organization designation.
In accordance with the new requirements, the request will be reviewed by Rapid7 and, unless the user is a non-US or non-Canadian government agency (or is otherwise ineligible to receive the products without approval from the US Department of Commerce), the request will be fulfilled.
This affects licence requests made through Rapid7.com as well as any third party sites that currently offer Metasploit Pro or Community products for download.
It seems we are yet again on the Magic Roundabout of encryption export controls and Clipper chip madness... who knows, maybe this time around it will be effective.
(Score: 3, Informative) by frojack on Thursday April 23 2015, @05:15PM
Further, the announcement reads:
Due to increasing US and international regulatory restrictions...
It could just as well have been potential EU sanctions that the are attempting to avoid. Both Germany and the UK are actively penetrating private networks, and both of them have reason to not want penetration testing tools used by their targets. What better way than to get their buddies in the US government to make some bluster about exports? Mutual back scratching.....
That said, there have been no new regulatory changes on export encryption for a long time.
No, you are mistaken. I've always had this sig.