lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: securitynews at wanadoo.fr (securitynews) Subject: Publishing exploit code ruled illegal in France? Hi , so , in France , since three years , the laws are very hard , by default , alls security researchers community are criminals ! you don't have the right to have or use a security tool , you don't have the right to have a copy of a virus for studing , you don't have the right to publish some technical details about a vulnerability or provide an exploit, until a judge after many years of justice tell you are not a criminal. see the last LEN/LCEN laws.("Le fait d'importer , de detenir,d'offrir ou de mettre a disposition un instrument ou programme informatique" art.323-3-1,...) Currently , this law is not really apply (like many other laws in france) but it's in the laws and maybe one day , policemens can knock at your door in order to arrest you because you are doing your job ! for reverse engineering case , according to me ,you only have the right to reverse sofware for compatibility , of course you need to have a valid license for this software. so , for tena case , it's not only because he didn't have a valid license , it's the tree that hide the forest , the main reason is because he bothered viguard business . Stephane. ps: sorry for my poor english... ----- Original Message ----- From: "Burnes, James" <james.burnes@....com> To: "jean-philippe Gaulier" <jean-philippe.gaulier@...lim.fr>; <full-disclosure@...ts.grok.org.uk> Sent: Thursday, March 10, 2005 5:59 PM Subject: RE: [Full-disclosure] Publishing exploit code ruled illegal in France? So, in France, which of the following statements are true? 1. You must literally own the software in question before reverse engineering it? A normal user license is not good enough. In other words, only Microsoft may reverse engineer its own software. Pointless, but whatever... 2. You may reverse engineer a copy that you have licensed. 3. You may reverse engineer a copy that a license owner has given you permission to examine. 4. You must have formal permission of a license owner in hand and notarized before you may examine such a piece of software. Any comments from our friends in France? JB -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of jean-philippe Gaulier Sent: Thursday, March 10, 2005 1:40 AM To: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Publishing exploit code ruled illegal in France? On Wed, 09 Mar 2005 15:40:46 +0100 sec-list@...og.org wrote: Hi, > in France some strange things happen: > http://www.zdnet.com.au/news/security/0,2000061744,39183862,00.htm I disagree with this article. I'm french, I know Guillaume and don't like Viguard, so I think that I could chat about that a little more. Guillaume was convicted not for his publication, but because he used first a "pseudo" illegal copy of tegam viguard, and disassemble not for compatibility The decision of the court is defined as "really friendly" for the researcher community. This point of view is explained by a french lawyer there : http://maitre.eolas.free.fr/journal/index.php?2005/03/08/87-guillermito- condamne-mais-tres-legerement See ya. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/ -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.7.1 - Release Date: 09/03/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.7.1 - Release Date: 09/03/2005
Powered by blists - more mailing lists