SoylentNews is people
SoylentNews
Grant Willcox, a student studying ethical hacking at the University of Northumbria in the UK, is claiming that the Wassenaar Arrangement, an arms control treaty that was expanded last year to prohibit the export of various kinds of software exploit, is forcing him to censor his dissertation.
Willcox's research investigates ways in which Microsoft's EMET software can be bypassed. EMET is a security tool that includes a variety of mitigation techniques designed to make exploiting common memory corruption flaws harder. In the continuing game of software exploit cat and mouse, EMET raises the bar, making software bugs harder to take advantage of, but does not outright eliminate the problems. Willcox's paper explored the limitations of the EMET mitigations and looked at ways that malware could bypass them to enable successful exploitation. He also applied these bypass techniques to a number of real exploits.
Typically this kind of dissertation would be published in full. Security researchers routinely explore techniques for bypassing system protections, with this research being one of the things that guides the development of future mitigations. Similarly, publishing the working exploit code (with a safe payload, to prove the concept) is standard within the research community.
However, Willcox's paper doesn't do this. Writing on his blog, he explains that some pages have been removed due to a combination of the Wassenaar Arrangement's restrictions, and the university's ethics board forbidding the release of exploits. He says that he will release the exploits only to consultancies within the UK, thereby avoiding any exports.
Original Submission
(Score: 3, Interesting) by kaszz on Saturday July 04 2015, @11:25PM
Move to the Netherlands? Asfair they allow tools to audit security without authors or users being legally exposed.
Or he could publish and EFF could have a field day with any opponent through public pressure and sueing?