In-Reply-To: <81637804AB36A644BBDE3ED9DD4E73FDC94B22@hermes.eCompany.gov> well ! this story is just a beta version of the new french liberticide law wich will come into effect very soon (next week). France became a pseudo-monarchical-democracy, where the laws are made without requiring the opinion of the concerned people. The article 323-3-1 of this "Law" will prohibit publication of any vuln. technical details, any proof of concept and any exploit. We can see that "searching & finding vulnerabilties" is/and will be a crime ! The legislators forgot that finding vulnerabilties and publishing exploits is not the cause of the problem, it's just a consequence of the insecurity. They want to show reality as they wish it, and not as it exists ... God bless (in)security and god bless (in)liberty ! Bekrar Chaouki - Security Consultant http://www.k-otik.com >Received: (qmail 11436 invoked from network); 31 Mar 2004 22:12:32 -0000 >Received: from outgoing3.securityfocus.com (205.206.231.27) > by mail.securityfocus.com with SMTP; 31 Mar 2004 22:12:32 -0000 >Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) > by outgoing3.securityfocus.com (Postfix) with QMQP > id 69B15A3C45; Wed, 31 Mar 2004 15:03:09 -0700 (MST) >Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@securityfocus.com> >List-Help: <mailto:bugtraq-help@securityfocus.com> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> >List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> >Delivered-To: mailing list bugtraq@securityfocus.com >Delivered-To: moderator for bugtraq@securityfocus.com >Received: (qmail 28325 invoked from network); 31 Mar 2004 14:06:37 -0000 >X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 >Content-class: urn:content-classes:message >MIME-Version: 1.0 >Content-Type: text/plain; > charset="us-ascii" >Content-Transfer-Encoding: quoted-printable >Subject: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France >Date: Wed, 31 Mar 2004 12:20:39 -0800 >Message-ID: <81637804AB36A644BBDE3ED9DD4E73FDC94B22@hermes.eCompany.gov> >X-MS-Has-Attach: >X-MS-TNEF-Correlator: >Thread-Topic: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France >Thread-Index: AcQXXaIuxPoBesWyT3SJ6PLz7USnzQ== >From: "Drew Copley" <dcopley@eeye.com> >To: <bugtraq@securityfocus.com>, <full-disclosure@lists.netsys.com> > >http://www.guillermito2.net/archives/2004_03_25e.html > >[thanks to AJ 'Effin' Reznor] > >[Disclaimer: I don't know who has seen this already, and I do not >pretend to know the full facts of the case. -- Drew ] > >Excerpt: > >It's quite interesting to discover, from the inside, how the french >justice system works. I'm back from Paris. I've just been indicted and >charged of distributing programs that violated Intellectual Property >rights (literally translated, it's "counterfeiting and concealment of >counterfeiting"). Maximum punishment for these charges are two years in >jail and a fine of 150.000 euros. I'm not yet judged guilty or innocent, >but I already had to pay around two or three thousands dollars for two >trips to Paris (I live in Boston, MA, USA), plane tickets, and lawyer >fees. I already talked about my story here (in french). > >... > > In march 2002, I published on my website a long analysis about this >software. This webpage showed how the program worked, demonstrated a few >security flaws, and some tests with real viruses. I showed that, unlike >the advertizing claimed, this software didn't detect and stopped "100% >of viruses". So, nothing really extraordinary. The company first reacted >in a weird way: they denounced me publicly as a "terrorist", probably a >nice attempt to make me change my mind. Later on, they filed a formal >complaint against me in a Paris tribunal.=20 > >... > > >
