lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: 3 Apr 2004 20:42:52 -0000
From: Chris Wysopal <cwysopal@...take.com>
To: bugtraq@...urityfocus.com
Subject: Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France


In-Reply-To: <20040402143855.27920.qmail@....securityfocus.com>


From: K-OTiK Security <Special-Alerts@...tik.com>

>The article 323-3-1 of this "Law" will prohibit publication of any vuln. technical details, any proof of concept and any exploit. 

Googling and translating the law gives this:

http://www.iris.sgdg.org/actions/lsi/evol/art35.html

After article 323-3 of the penal code, it is inserted article 323-3-1 thus
written:

"Art. 323-3-1. - The fact of offering, of yielding or of placing at the
disposal a data-processing program conceived to commit the offences
envisaged by articles 323-1 to 323-3 is punished sorrows planned for the
infringement itself or the infringement most severely repressed "

Sure looks like the penalty for publishing an exploit tool will be equivalent to using the tool to commit a computer crime. I guess there aren't going to be any computer security conferences in France ever again.  Will Securityfocus and PacketStorm need to filter French addresses?  Will we have to stop selling penetration testing products to French citizens? 

Cheers,

Chris

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ