lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: securitynews at wanadoo.fr (securitynews)
Subject: Publishing exploit code ruled illegal in France?

Hi ,
so , in France , since three years , the laws are very hard ,
by default , alls security researchers community are criminals !
you don't have the right to have or use a security tool , you don't have the 
right
to have a copy of a virus for studing , you don't have the right to publish 
some technical details
about a vulnerability or provide an exploit, until a judge after many years 
of justice tell you are not a criminal.
see the last LEN/LCEN laws.("Le fait d'importer , de detenir,d'offrir ou de 
mettre a disposition un instrument ou programme informatique" 
art.323-3-1,...)
Currently , this law is not really apply (like many other laws in france) 
but it's in the laws and
maybe one day , policemens can knock at your door in order to arrest you 
because you are doing your job !

for reverse engineering case , according to me ,you only have the right to 
reverse sofware for compatibility ,
of course you need to have a valid license for this software.

so , for tena case , it's not only because he didn't have a valid license , 
it's the tree that hide the forest , the main
reason is because he bothered viguard business .

Stephane.

ps: sorry for my poor english...



----- Original Message ----- 
From: "Burnes, James" <james.burnes@....com>
To: "jean-philippe Gaulier" <jean-philippe.gaulier@...lim.fr>; 
<full-disclosure@...ts.grok.org.uk>
Sent: Thursday, March 10, 2005 5:59 PM
Subject: RE: [Full-disclosure] Publishing exploit code ruled illegal in 
France?


So, in France, which of the following statements are true?

1. You must literally own the software in question before reverse
engineering it?  A normal user license is not good enough.  In other
words, only Microsoft may reverse engineer its own software.  Pointless,
but whatever...

2. You may reverse engineer a copy that you have licensed.

3. You may reverse engineer a copy that a license owner has given you
permission to examine.

4. You must have formal permission of a license owner in hand and
notarized before you may examine such a piece of software.

Any comments from our friends in France?

JB



-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of
jean-philippe Gaulier
Sent: Thursday, March 10, 2005 1:40 AM
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Publishing exploit code ruled illegal in
France?

On Wed, 09 Mar 2005 15:40:46 +0100
sec-list@...og.org wrote:

Hi,

> in France some strange things happen:
> http://www.zdnet.com.au/news/security/0,2000061744,39183862,00.htm

I disagree with this article. I'm french, I know Guillaume and don't
like
Viguard, so I think that I could chat about that a little more.

Guillaume was convicted not for his publication, but because he used
first
a "pseudo" illegal copy of tegam viguard, and disassemble not for
compatibility

The decision of the court is defined as "really friendly" for the
researcher
community.

This point of view is explained by a french lawyer there :
http://maitre.eolas.free.fr/journal/index.php?2005/03/08/87-guillermito-
condamne-mais-tres-legerement


See ya.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/



-- 
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.7.1 - Release Date: 09/03/2005




-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.7.1 - Release Date: 09/03/2005



Powered by blists - more mailing lists