lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040404015102.25420.qmail@www.securityfocus.com>
Date: 4 Apr 2004 01:51:02 -0000
From: K-OTiK Security <Special-Alerts@...tik.com>
To: bugtraq@...urityfocus.com
Subject: Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France


In-Reply-To: <20040403204252.8002.qmail@...rch.securityfocus.com>


>From: Chris Wysopal <cwysopal@...take.com>
>Subject: Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
>
>Sure looks like the penalty for publishing an exploit tool will be equivalent to using the tool to commit a computer crime. I guess there aren't going to be any computer security conferences in France ever again.  Will Securityfocus and PacketStorm need to filter French addresses?  Will we have to stop selling penetration testing products to French citizens? 
>

Here is the last updated version of this Art. 323-3-1 :

"The fact, without legitimate reason, to import, hold, offer, yield or place at the disposal a data-processing program conceived or especially adapted to commit one or more offences envisaged by articles 323-1 to 323-3 is punished sorrows planned for the infringement itself or the infringement most severely repressed"

As you can see, the vicious legislators introduced into the new version of this article the term "hold...without legitimate reason" - 

Concretely, this wants to say : "Any person handling exploits/viruses (researcher,consultant,hacker or kiddie) is guilty, and is in an illegal situation which could lead him to be charged - And if you are charged, YOU have to prove that you are innocent"

(Remember? "Universal Declaration of Human Rights (Article 11)")

So, if this law is voted next week, France will replace the presumption of innocence by the "presumption of culpability", and all security consultants/researchers here, will have the criminal status !

Bekrar Chaouki - Security Consultant
http://www.k-otik.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ