BugTraq
Back to list
|
Post reply
Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
Apr 02 2004 02:38PM
K-OTiK Security (Special-Alerts k-otik com)
In-Reply-To: <81637804AB36A644BBDE3ED9DD4E73FDC94B22 (at) hermes.eCompany (dot) gov [email concealed]>
well ! this story is just a beta version of the new french liberticide law wich will come into effect very soon (next week).
France became a pseudo-monarchical-democracy, where the laws are made without requiring the opinion of the concerned people.
The article 323-3-1 of this "Law" will prohibit publication of any vuln. technical details, any proof of concept and any exploit.
We can see that "searching & finding vulnerabilties" is/and will be a crime !
The legislators forgot that finding vulnerabilties and publishing exploits is not the cause of the problem, it's just a consequence of the insecurity.
They want to show reality as they wish it, and not as it exists ...
God bless (in)security and god bless (in)liberty !
Bekrar Chaouki - Security Consultant
http://www.k-otik.com
>Received: (qmail 11436 invoked from network); 31 Mar 2004 22:12:32 -0000
>Received: from outgoing3.securityfocus.com (205.206.231.27)
> by mail.securityfocus.com with SMTP; 31 Mar 2004 22:12:32 -0000
>Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
> by outgoing3.securityfocus.com (Postfix) with QMQP
> id 69B15A3C45; Wed, 31 Mar 2004 15:03:09 -0700 (MST)
>Mailing-List: contact bugtraq-help (at) securityfocus (dot) com [email concealed]; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq (at) securityfocus (dot) com [email concealed]>
>List-Help: <mailto:bugtraq-help (at) securityfocus (dot) com [email concealed]>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe (at) securityfocus (dot) com [email concealed]>
>List-Subscribe: <mailto:bugtraq-subscribe (at) securityfocus (dot) com [email concealed]>
>Delivered-To: mailing list bugtraq (at) securityfocus (dot) com [email concealed]
>Delivered-To: moderator for bugtraq (at) securityfocus (dot) com [email concealed]
>Received: (qmail 28325 invoked from network); 31 Mar 2004 14:06:37 -0000
>X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
>Content-class: urn:content-classes:message
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="us-ascii"
>Content-Transfer-Encoding: quoted-printable
>Subject: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
>Date: Wed, 31 Mar 2004 12:20:39 -0800
>Message-ID: <81637804AB36A644BBDE3ED9DD4E73FDC94B22 (at) hermes.eCompany (dot) gov [email concealed]>
>X-MS-Has-Attach:
>X-MS-TNEF-Correlator:
>Thread-Topic: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
>Thread-Index: AcQXXaIuxPoBesWyT3SJ6PLz7USnzQ==
>From: "Drew Copley" <dcopley (at) eeye (dot) com [email concealed]>
>To: <bugtraq (at) securityfocus (dot) com [email concealed]>, <full-disclosure (at) lists.netsys (dot) com [email concealed]>
>
>http://www.guillermito2.net/archives/2004_03_25e.html
>
>[thanks to AJ 'Effin' Reznor]
>
>[Disclaimer: I don't know who has seen this already, and I do not
>pretend to know the full facts of the case. -- Drew ]
>
>Excerpt:
>
>It's quite interesting to discover, from the inside, how the french
>justice system works. I'm back from Paris. I've just been indicted and
>charged of distributing programs that violated Intellectual Property
>rights (literally translated, it's "counterfeiting and concealment of
>counterfeiting"). Maximum punishment for these charges are two years in
>jail and a fine of 150.000 euros. I'm not yet judged guilty or innocent,
>but I already had to pay around two or three thousands dollars for two
>trips to Paris (I live in Boston, MA, USA), plane tickets, and lawyer
>fees. I already talked about my story here (in french).
>
>...
>
> In march 2002, I published on my website a long analysis about this
>software. This webpage showed how the program worked, demonstrated a few
>security flaws, and some tests with real viruses. I showed that, unlike
>the advertizing claimed, this software didn't detect and stopped "100%
>of viruses". So, nothing really extraordinary. The company first reacted
>in a weird way: they denounced me publicly as a "terrorist", probably a
>nice attempt to make me change my mind. Later on, they filed a formal
>complaint against me in a Paris tribunal.=20
>
>...
>
>
>
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
well ! this story is just a beta version of the new french liberticide law wich will come into effect very soon (next week).
France became a pseudo-monarchical-democracy, where the laws are made without requiring the opinion of the concerned people.
The article 323-3-1 of this "Law" will prohibit publication of any vuln. technical details, any proof of concept and any exploit.
We can see that "searching & finding vulnerabilties" is/and will be a crime !
The legislators forgot that finding vulnerabilties and publishing exploits is not the cause of the problem, it's just a consequence of the insecurity.
They want to show reality as they wish it, and not as it exists ...
God bless (in)security and god bless (in)liberty !
Bekrar Chaouki - Security Consultant
http://www.k-otik.com
>Received: (qmail 11436 invoked from network); 31 Mar 2004 22:12:32 -0000
>Received: from outgoing3.securityfocus.com (205.206.231.27)
> by mail.securityfocus.com with SMTP; 31 Mar 2004 22:12:32 -0000
>Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
> by outgoing3.securityfocus.com (Postfix) with QMQP
> id 69B15A3C45; Wed, 31 Mar 2004 15:03:09 -0700 (MST)
>Mailing-List: contact bugtraq-help (at) securityfocus (dot) com [email concealed]; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq (at) securityfocus (dot) com [email concealed]>
>List-Help: <mailto:bugtraq-help (at) securityfocus (dot) com [email concealed]>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe (at) securityfocus (dot) com [email concealed]>
>List-Subscribe: <mailto:bugtraq-subscribe (at) securityfocus (dot) com [email concealed]>
>Delivered-To: mailing list bugtraq (at) securityfocus (dot) com [email concealed]
>Delivered-To: moderator for bugtraq (at) securityfocus (dot) com [email concealed]
>Received: (qmail 28325 invoked from network); 31 Mar 2004 14:06:37 -0000
>X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
>Content-class: urn:content-classes:message
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="us-ascii"
>Content-Transfer-Encoding: quoted-printable
>Subject: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
>Date: Wed, 31 Mar 2004 12:20:39 -0800
>Message-ID: <81637804AB36A644BBDE3ED9DD4E73FDC94B22 (at) hermes.eCompany (dot) gov [email concealed]>
>X-MS-Has-Attach:
>X-MS-TNEF-Correlator:
>Thread-Topic: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
>Thread-Index: AcQXXaIuxPoBesWyT3SJ6PLz7USnzQ==
>From: "Drew Copley" <dcopley (at) eeye (dot) com [email concealed]>
>To: <bugtraq (at) securityfocus (dot) com [email concealed]>, <full-disclosure (at) lists.netsys (dot) com [email concealed]>
>
>http://www.guillermito2.net/archives/2004_03_25e.html
>
>[thanks to AJ 'Effin' Reznor]
>
>[Disclaimer: I don't know who has seen this already, and I do not
>pretend to know the full facts of the case. -- Drew ]
>
>Excerpt:
>
>It's quite interesting to discover, from the inside, how the french
>justice system works. I'm back from Paris. I've just been indicted and
>charged of distributing programs that violated Intellectual Property
>rights (literally translated, it's "counterfeiting and concealment of
>counterfeiting"). Maximum punishment for these charges are two years in
>jail and a fine of 150.000 euros. I'm not yet judged guilty or innocent,
>but I already had to pay around two or three thousands dollars for two
>trips to Paris (I live in Boston, MA, USA), plane tickets, and lawyer
>fees. I already talked about my story here (in french).
>
>...
>
> In march 2002, I published on my website a long analysis about this
>software. This webpage showed how the program worked, demonstrated a few
>security flaws, and some tests with real viruses. I showed that, unlike
>the advertizing claimed, this software didn't detect and stopped "100%
>of viruses". So, nothing really extraordinary. The company first reacted
>in a weird way: they denounced me publicly as a "terrorist", probably a
>nice attempt to make me change my mind. Later on, they filed a formal
>complaint against me in a Paris tribunal.=20
>
>...
>
>
>
[ reply ]