Slashdot Mirror
Publishing Exploit Code Ruled Illegal In France
Dexter writes "A French Court has condemned the security researcher Guillame Tena for publishing a security vulnerability in the Viguard anti-virus software of Tegam. This ruling makes the publication of security vulnerabilities and their proof of concept through reverse engneering illegal in France."
What good is it to publish software vulnerability, especially on closed source products?
If one really wants to help, isn't it better to inform the software maker? If the latter couldn't care less, maybe one shouldn't care more?
However, as the friendly article pointed out, the fine was for a copyright infringement charge, so it looks like you can still publish a vulnerability as long as it is subtle enough.
Rock that crushes, Paper & Scissors that don't matter.
What about Tegam? They published the exploit in every copy of Viguard. While telling everyone it would protect them. Why aren't they guilty? What kind of crappy lawyer lets their client get punished for telling the truth about dangerous products?
--
make install -not war
I'm sure just to spite France President Bush will make it mandatory for all programmers to post exploits.
Hopefully thefreeworld.org isn't hosted in France, otherwise we need to move our changelogs...again...
welp, only outlaws will know. Simple as that.
Did they send him to the dungeon or the guillotine?
Oh lets make it illegal to find problems in software, then if they cant be found they cant exist right?
Watch as the security community suddenly stops notifying the French of holes. I predict they will have to go back on this pretty soon. I just hope mandrake doesn't suffer too much.
I am trolling
IF instr(HEADLINE, "FRANCE") > 0 THEN
PONDER_FRENCH_MATTERING
LAUGH("FRANCE")
ELSE
READ_ARTICLE
END IF
It's VB (SCREW YOU FOR JUDGING ME!)
You may notice the article has no details.
I did a Google News Search and found this one which is much better.
Also, the guys own website.
Hope this helps.
- Jax
What you don't know can't hurt you, and likewise its corollary: ignorance is bliss. What are their French equivalents?
~Someday, I hope to be an aspiring author.
I don't know, but I hear these guys already did a search on Google to find out:
h tm l
http://www.albinoblacksheep.com/text/victories.
Bill Clinton: Pimp we can believe in. - The Shirt!!!
The condemned seems to think differently.
MOD (PARENT, -1, MOD_TROLL)
This is simlar to the fact that you can distribute the exploit in text form for something, but you're not allowed to have a compiled version.
It's just weird, how hard is it to compile something?
I was wondering why the first comment was defending what normally on slashdot would be considered censorship with 1,000's of post about how it's bad. Then i realized it wasn't the american government so it can't be bad.
Let's hear it for the Virgin Islands and the Bahamas! No software patents there. No export restrictions. True freedom of speech.
Si la vida me da palo, yo la voy a soportar Si la vida me da palo, yo la voy a espabilar
Why not work to change the law(s) in question? I don't know how French legislative works, perhaps someone can shed some light on the subject?
ELOI, ELOI, LAMA SABACHTHANI!?
Yea! Let's make it illegal to discuss illegal things also. I am idiot: I haven't read the ruling; I hope they are using a really liberal definition for "code"!
Wait, can they also make it illegal to describe exploit code? That would be great too! Kudos to France for working so hard to "cut down on crime"! With laws like this we all will either be in jail or fugitives "Real Soon Now"! ( For extra credit, covert this text to binary and find the exploit! Then get put in jail for doing so - or create a law and then put yourself in jail!)exploits online UNTIL official fix is released. In my opinion, it is a flawed tactic. Having usable exploit around motivates vendor to actually DO fixes. I greatly doubt MS will patch its bugs faster if exploits are unavailable to public.
"That the fine is suspended means that Guillermito will have to pay up if he continues to publish about the vulnerability and other software vulnerabilities. As a result he has taken the Tegam publication, and a dozen others, from his website."
WOW, you are a retard to miss that.
the part you mentioned was in regards to DIFFERENT legal proceedings.
good lord you suck enermous balls for missing that stuff.
I thought these sort of oppressive rulings only happened in Amerikkka. Isn't France supposed to be the capital of the enlightened universe? The article must be a misprint.
It's simultaneously comforting and terrifying to see that stupid rulings by stupid judges aren't confined to the USA.
At least I'll feel better about it the next time the 9th Circuit Court of Appeals makes an insane decision.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Well, let's see, they provided weapons, military training and aid to the American Colonists in the Revolutionary War. They developed the most heavily armored and gunned tanks during the early German Blitz, one French Char B1-Bis held up an entire German Division for an entire day. One little short frenchie with a bad attitude almost conquered the entire world, twice.
:))
They've developed nuclear weapons, were one of the original founders of the European Union, who's Euro continues to dominate the American Dollar. They were one of the first modern countries to pick on the buzzword "Democracy" long before a bunch of colonists got pissed at their King's latest tax law.
Oh, did I mention numerous American, Australian and British courts have upheld the same reverse engineering proof of concept rulings?
You Sir, are an uneducated bigot.
(Note: I am not anti-American, I'm just hitting him where it hurts.
Yeah, and timothy seems to be especially biased. So, folks! Let's remove timothy from our front page. (look under authors, and remove the mark in front of the one you don't like...)
Assembling etherkillers for fun an profit
Hackers: now you don't have to compete with legitimate security research! Your exploit vectors will remain safe from view. Feel free to build up a toolbox of 0-day 'splots (or even 10-day or 100-day, there's no rush!) Laugh as you see version after version of popular software released with the same obvious holes!
Programmers: companies who put their customers at risk by placing security holes in their software no longer have to worry about public embarrassment. Now that useless QA team can be pared down, and software can be delivered more quickly! Only the requirements have to be met, no longer do you have to worry about unexpected input! It's like college freshman year all over again.
Consumers of software? Sorry, maybe you'll get something next time. For now, check out some web sites for common ways to protect yourself from identity theft and hack attacks. You'll need it!
I did read the article and the link in it to a previous article. The previous article stated that his exploit code was judged to be an illegal copy of Teagam's (or whatever their name is) code. I'm not sure exactly where you are getting the idea that his antivirus copy was not legitimate, but this conclusion does not seem to be supported by the articles.
There are top notch security experts in France, specifically the folks at K-Otik http://www.k-otik.com/
I'm a security consultant and I look to these folks as a source of reputable information. I spent a LOT of time on their site when Microsoft was trying to deal with the fallout of the MSO3-026 vulnerability which begat the MSBlaster worm. I even got the source code for blaster from the K-Otik crew.
This is going to have huge ramifications if it is interpreted as described here.
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
I understand the argument against security through obscurity, but I can also observe a correlation between the publication of an exploit and a steep increase in usage of that exploit. Also, I do not observe a correlation between these events and the vulnerability being fixed.
The person who coined the phrase, "security through obscurity is no security at all", did so before we got wire to *everybody* and before there were so many script kiddies.
There might be some merit in attempting to keep stuff under wraps. It won't fix the problem, but if the disclosure itself tends to exacerbate the problem, the case can be made that it is prudent to do everything possible to limit the disclosure.
The error is in the idea that a *government* has any power to stop this kind of disclosure.
The "virus definitions" files published by Symantic, McAfee, et. al. would seem to be in violation of this law.
According to Babel Fish:
Ce que vous ne savez pas ne peut pas vous blesser and l'ignorance est bonheur.
1nf0rm4710n w4n75 70 b3 fr33!!!
The problem is that software makers tend not to care too much about security problems if it doesn't affect their sales. When a security concern gets published the fix priority jumps and get very important because the clients now have the choice of choosing a better product. With this kind of judgment the security holes will become a guarded secrets amongst hackers and they will probably live a better life. Granted the hole will also less hackers but then again the ones that are actually capabable of exploiting the holes probably knew about the hole anyway.
Symantec tried this about a year ago. Sadly, this is going to affect the businesses of security-based companies all over France.
Richard Stallmann has written a text about a future scenario, where owning debuggers is forbidden. It's recomended reading, and at least has showed me why we have to fight for our rights! The Right To Read also carries a informational part, which is non-ficitional, and highly interesting reading. Both parts is here
Assembling etherkillers for fun an profit
Are you the french VB programmer who writes all those word virusz.
I would like to remind you that France is a democracy, and it does not have a Department of Fatherland Security. Actually, the "Old Europe", as the present Administration like to talk about, are the European countries whose democratically elected Governments listened to the overwhelming majority public opinion.
There used to be a great geocities-like free web space provider called altern.org.
.phtml. I actually only began mucking around with PHP and server-side scripting because altern.org offered it. I still cook up some solutions with PHP and MySQL -- something that'd never have happened without mr. Valentin Lacambre's Flying Circus.
I say geocities-like so you get the picture, but it was nothing like geocities. No nonsense interface -- all text, no pictures, no ads --, great webmail interface -- again, all text, no pictures, no ads. It was also the first (maybe the last, I just got my own paid hosting when it got ultracheap -- it wasn't, in the day) free web space provider to support PHP.
Yes, PHP. In the days where extensions were
Apparently, the whole thing was ran by a techno-anarchist who prophecized in the future technology would make working unnecessary yadda yadda yadda. A sort of techno-optimist Guy Debord.
One day, one of altern.org's free websites had a parody of a France Telecom logo. Tartalacrem, if I'm not wrong. Legal hell ensued.
Not only it wasn't covered under any kind of fair use provisions, but France Telecom sued VALENTIN LACAMBRE, THE GUY WHO RAN THE FREE SERVICE.
Courts rejected his defense of not being responsible for everything hosted in his server as anyone could anonymously host content. Mr. Lacambre was forced to pay up fines and was told he was still responsible for anything held in altern.org.
So altern.org was taken down. That's France, folks.
What kind of crappy lawyer lets their client get punished for telling the truth about dangerous products?
Hutz: Thank you, Dr. Hibbert. I rest my case.
Judge: You rest your case?
Hutz: What? Oh no, I thought that was just a figure of speech. CASE CLOSED.
just as a side-note: it is possible to publish a description of a vulnerability/weakness without publishing example code that exploits said weakness. Thus, even if providing exploit code is illegal, we can still put pressure on a company to fix a security hole by publicizing an explanation of a security vulnerability.
(Admitedly, this description could probably be turned into code very quickly by any hacker, but that's not the point.)
In any case, the article in question is about copyright violation, not making exploit-publication illegal.
And so, the french who want to publish vulnerability reports and proof-of-concept code will have to travel abroad before doing so.
If I understood correctly, he was fined because his proof of concept code infringed the copyright of the original program he was trying to prove as vulnerable. Maybe some more careful coding could have avoided that.
What will happen under a more unified Europe? Will decisions made in one country be upheld in other countries - will other europeans have to worry about this decision in France?
http://www.dieblinkenlights.com
What are you talking about? That's not what the article says at all.
Patrick Doyle
I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
Am I the only one who finds this whole "Fix this now or else I will publish the exploit!" business a little shady?
I know it's not QUITE the same as extortion, as the person with the vulnerability knowledge isn't seeking financial gain.
But what is the purpose of publishing the exploit? What if the developers can't come up with a patch in time to meet thier imposed deadline?
It just doesn't seem very professional to me at all.
"Ask not what your country can do for you." --John F. Kennedy
The french are saying that finding and publishing expolit code is illegal. If someone finds an exploit and does not publish it, and the exploit eventually gets out into the wild, who is ultimately responsible for the damages? Is it the hackers who wrote the code, the company for not finding and patching the vulnerability, the person who found and did not publish the exploit, or is it the french gov't for gross legal mismanagement?
Feed the need: Digitaladdiction.net
Oh, that's a great idea. If you keep a problem secret, it's not a problem anymore!
"The newly born animals are then whisked off for a quick run through a giant baking oven." --heard on Food Network
They will publich remotely using servers in a 3rd country. The info can still be obtained. When will the bureaucracy understand how today's IT world operates? Heck, drugs (cocaine, marijuana) and the like are illegal but still obtainable by anyone who trys.
I hear it's one of the more pleasant ones in general, but personally I'd rather not accidentally step on a maladjusted cop's toe whilst visiting the Louvre and later find that he searched my hotel room on a whim, and found the book of prostitute phone numbers the previous tenant left there, leaving me to somehow prove to the courts that it isn't mine.
Do you dummies ever consider getting a passport and *going* *somewhere* instead of yapping mindlessly about how anything bad, or merely annoying, is a uniquely American problem? Your stupid parochiality is even more irritating than the "USA! USA!" types.
Sorry, but the source here is a Blog post, which in turn refers to the convicted guy's home page.
Nowhere does it say what, exactly the guy was convicted of, or why. So how are we possibly supposed to be able to react to this?
I have a hard time accepting statements like:
This ruling can cripple the security research in France, making it illegal to publish security vulnerabilities or the proof thereof by reverse engineering. Without being able to tamper software the actually studying and consequent publication of vulnerabilities is made impossible.
Without seeing the judgement or at least a description of it from a neutral source.
Reverse engineering is legal in Europe, and is a protected right under European law. (91/250/EEC, article 6.)
I have a strong feeling the whole story is not being given here.
Please, read the articles before commenting. As usual on Slashdot, the news is misleading : he was not condemned for releasing exploit code, but simply for software piracy (the antivirus copy he had used was not legitimate).
After reading the article I see no information there about software piracy.
Following the links I did find some interesting tidbits that would indicate the company in question is less than honorable:
A factual issue, not part of the trial but seemingly of Tegam's scare tactics, is that Guillermito was accused publicly by the software company to be a "terrorist wanted by the DST (French secret service) and the FBI". This has not lead him to recluse in fear, but he is hardly optimistic of the outcome, scheduled for March this year...
It seems he was being procecuted for violating a European Directive which prohibits tampering with copyright protection measures. Ergo, that this researcher had to by-pass copyright-protection measures to find the flaws in their product.
Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
In this case an appeal to the European Court on grounds of effective suppression of fair comment sounds as though it might just be possible if funds were somehow made available. It seems on the fac of it obvious that the real reason for the case was a corporation trying to prevent any adverse publicity and using its superior economic power to get the decision it wanted, but it will need expensive experienced judges to point out what seems obvious to the majority of people.
Panurge has posted for the last time. Thanks for the positive moderations.
It has always annoys me when people say a ruling makes something illegal. Rulings don't make something illegal. Laws make things illegal. Rulings just enforce those laws. So either it was already illegal in the law or the court overstepped their bounds. Happens all the time here in the states. The courts say something is illegal and we just blithely go on about our business never once questioning whether they have the right to create law or not.
If you see spelling or grammatical errors don't blame me. I tried to preview but IE here at work borked the CSS
Awesome! French software manufacturers can now use the threat of prosecution to avoid having faulty software criticized. French software manufacturers thus have less incentive to fix their broken software products.
Hopefully the French will start buying their software products from America!
It would be nice if somebody could point to the detailed condamnation and the motivations.
For all I've been able to (quickly) find, he has been condemned for intellectual property, namely counterfeiting.
One possibility is that it's becausehe has published source code, which looks strange because it would be probably be the fair use (short citation for eduction).
But it's probably because he pirated Tegam's software and didn't buy it.
You can also read on this lawyer blog that
"Il ne faut pas interpréter cette décision comme une condamnation du (EDIT : full disclosure), à mon sens : la même chose faite sur un programme licite ne tomberait probablement pas sous le coup de la loi."
So that it is NOT condemning full disclosure and that such publiction made on a legal software wouldn't be sanctionned.
At the moment, it really looks like some people are screaming as loud as possible about that, but until the details are know that just PR operations from Guillermito and the others.
#include "coucou.h"
I now eagerly await some script kiddie writing a 'Freedom Virus' that posts anti-French messages all over your machine.
There are 2 types of people in the world, those who find that stupid binary joke funny, and those who don't.
IANAL, but the French Civil Code system's rulings would find difficulty in being applied in a common law jurisdiction like the UK or Ireland.
For action to be taken, there would have to be some kind of framework like the European Arrest Warrant. Given the way the Eurocrats bullied through the recent patent legislation one can't rule it out.
See this analysis by a lawyer who followed the trial: http://maitre.eolas.free.fr/journal/index.php?2005 /03/08/87-guillermito-condamne-mais-tres-legeremen t
(quote: "Ce qui a perdu Guillermito, c'est que sa version de ViGuard était piratée", eg. "What lost Guillermito was that his version of ViGuard was pirated").
God, root, what is difference ?
lol...
Okay, buddy. Your points are pointless, and even demonstrate a lack of economic understanding.
Congratulations, dumbfuck.
only the outlaws will have exploit knowledge. (to paraphrase a wingnut bumper-sticker)
A vulnerability has been found in France's new legislation regarding publication of exploits.
The legislation has a loophole that allows people to give such info to 3rd parties outside France so they can publish such exploit.
The government's illegality detection can be easily bypassed with an SSL connection, provided one does not disclose his identity.
Proof of concept
If you believe that Napoleon almost conquered the entire world, you have little room to question anyone's education.
"Ask not what your country can do for you." --John F. Kennedy
...why not the hackers too?
I am very small, utmostly microscopic.
i guess all those pictures i saw of germans completely dominating paris dont really exist.
france was quickly made Germany's bitch.
the french have certain aspects of a great society, battle is not one of them.
Yes, the French continue to be well-known for always willing to make a profit, regardless of consequences.
One little short frenchie with a bad attitude almost conquered the entire world, twice.
Europe != World
developed the most heavily armored and gunned tanks during the early German Blitz, one French Char B1-Bis held up an entire German Division for an entire day.
Sadly, it appears that the next day, they surrendered. We'll skip over the Marshall Plan at the end of said war while we're at it.
They've developed nuclear weapons
First? Second? Third world countries have developed nuclear weapons. BFD.
Euro continues to dominate the American Dollar
You might want to look back a little further in historical performance of USD vs EUR.
They were one of the first modern countries to pick on the buzzword "Democracy" long before a bunch of colonists got pissed at their King's latest tax law.
Hmm Declaration of Independence: 1776. French Revolution: 1789.
You Sir, are an uneducated bigot
Glass houses.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Tegam refutes his claims...
and
Tegam is adamant that Tena's claims are false and his motives are questionable.
BTW, was it already illegal in France to do what he did? If so, then the people should get the laws changed, not trash the judeges and judicial system for doing their jobs by upholding them...
Then I'm all in favor it. Dr. Twister will need to find a new place of exhile...
"Waste not one watt!" - CZ
It's called the Ministry of the Interior.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
Just reclassify what you would have called an "exploit" as a "hidden feature".
As in,
"Hey there's a great new hidden feature I found in Internet Explorer for people who need to get remote root access their own systems:
Just load up this javascript + assembly code in a page in the browser, and Internet Explorer will automatically generate a stack overflow, so you can execute the assembly code! What a great new hidden feature I've found."
$8.95/mo web hosting
One little short frenchie with a bad attitude almost conquered the entire world, twice.
He really kicked Russia's ass
What, and miss the dupes?
Actually you've just hit upon the reason the dupe problem is so bad on slashdot. Obviously, the editors have each unchecked the boxes of all the other editors.
It's not offtopic, dumbass. It's orthogonal.
Everybody already knows that the secret to getting past the Maginot Line is to simply go around it.
Even if nobody was allowed to talk about it, everybody would still know how to defeat it.
I guess now instead of Freedom Fries (Instead of French Fries)Instead of Shoestring Potatoes fried in vats of lard)) I will have to start calling them 'Don't Reverse Engineer Software and Publish Vulnerabilities or you will rot in jail Fries'.
I do believe they are going to start hating me at McDonalds.
Like arts? Like cheesy little Indie mags? Check out www.artwerkmag.com, and don't laugh at the bad coding please.
One little short frenchie with a bad attitude almost conquered the entire world, twice.
Actually, Napolean wasn't really French: he came from the island of Corsica, which I believe was a French territory at the time. Part of his bad attitude, IIRC, was that he wasn't accepted by his French peers while he was in school.
It looks like the rest of the world has pretty much caught up with the USA. France denies free speech, the EU bows to big corps and OKs software patents, AU is considering fines for people or corporations if they use the Internet to incite or promote suicide methods.
Is there any decent government left in the world?
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
They developed the most heavily armored and gunned tanks during the early German Blitz, one French Char B1-Bis held up an entire German Division for an entire day.
They capitulated and had a fairly sizable number of collaborators too. Not sure what either of these sound-bytes has to do with the current situation....
One little short frenchie with a bad attitude almost conquered the entire world, twice.
http://www.napoleonguide.com/ajaccio.htm
Corsican. That ain't the same thing, really.
They were one of the first modern countries to pick on the buzzword "Democracy" long before a bunch of colonists got pissed at their King's latest tax law.
Sure. Starting something gets you some credit. What have they done that was democratic lately? Seems the trend is in the opposite direction. These are the same people who invented (or at the very least endorse) the idea of policing their language. That's about as anti-democratic as you can really get.
France hasn't done much useful for about 150 years now. Resting on your historical laurels isn't really all that respectable and the willingness to sell weapons to both sides in just about every conflict regardless of the consequences doesn't exactly inspire one to think of France as a bastion of worldly wisdom. Nor, unfortunately, does the attitude referenced in this article. I give you that the US has gotten a wee bit adle-pated about patents and IP law, and France is not alone in Europe in being brain-absent, but that doesn't make them any sort of champion to herald....
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
From the FA:
Yesterday the French security researcher Guillame Tena, aka Guillermito, has been fined a suspended fine of 5000 euros by a French court for publishing a vulnerability in the Viguard anti-virus software of the company Tegam.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
Now all I need is a story to stick this headline to. Anyone know of a "Dorothy" that's having legal problems in Australia?
Wait.. they developed Nuclear Weapons?
They better watch out.. Bush doesn't like countries with the bomb...
Maybe we will attack them next, and revenge all of the high school students forced to sit through endless hours of French class.
The tried and true French method of "stick your head in the sand, and hope it will go away on it's own."
I like you, Stuart. You're not like everyone else, here, at Slashdot.
Leaflet
Considering a lot of what they are saying and implying, I can understand why McDonalds's is suing. Lets start with McDonald's is directly involved in this economic imperialism, which keeps most black people poor and hungry while many whites grow fat. Hmm... like I've never seen a black person eat at Mics before nor a skiny white guy.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
After all, if they can just not admit people who hack their admissions web pages, the problem doesn't exist, right?
... couldn't be that they should just fix the code, could it?
Right?
Um, how come Zaphod Beeblebrox just graduated from Harvard
The same applies to the French firm.
-- Tigger warning: This post may contain tiggers! --
I found this one quite interesting:. php?num=88
http://www.viguard.com/en/news_view
Have no idea about the truth, though.
I've heard of this happening once in the USSR with a KV-1. I've never heard if it happening with a Char B.
Also, for what it's worth, the KV-1 had both heavier armour and a better gun than the Char B. And a better engine, better tracks & suspension, and a better crew layout to boot.
One little short frenchie with a bad attitude almost conquered the entire world, twice
Umm, no. The little Corsican (not Frenchman) didn't even come close to conquering "the entire world". He never quite managed to conquer Europe (Hitler did better), much less Eurasia, much less the rest of the world.
NOTE: I am not anti-French. I am truly grateful for the help they provided in our Revolution, since we would not likely have won without their aid. But since then, they've managed to look like complete imbeciles more often than not.
"I do not agree with what you say, but I will defend to the death your right to say it"
What I'd do is this:
One: Nag the company. Tell them the exploit. Tell them how I found it. Give them a Proof Of Concept. Wait for reply. I would most likely use a fake email with Tor/Privoxy for security.
Now two things can happen:
Scenario A) The company gives me a pat on the back, patches the hole, and gives me $1000 in hard US currency.
Assuming that pigs don't fly, the second scenario is much more likely.
Scenario B) They ignore me. Six months later it isn't patched even after they said they'd do it. So I get pissed off. I call up Secunia and tell them of my discovery. I put it in BugTraq as well. I would of course do this with Tor/Privoxy so I couldn't be traced.
But seriously, if there was a car on the road which had a faulty gas tank which could easily explode upon impact of anything sharp, would I tell the public? Hell yes. I'd take it to the company. I'd take it to the press for a Public Service Announcement. I'm not going to let a few peoples lives be ruined because of this flaw. Many people use computers for actual work - my mother, for example, uses her computer for journalism and authoring. She makes major changes to her pieces every day - backing up isn't an option. HOURS or even WEEKS of work can be lost due to a compromise. I'm good at keeping her computer up on patches and security... but what of the other people who are artists, not techies? They need to know a software has a hole so they can badger the company about this hole, even if they don't understand what it entirely is. It's a flaw. And it needs to be fixed.
I'm just a lonely tech kid sitting in his basement, trying to make cyberspace happy and all of the people who use any operating system not to have to deal with shitty technical design and beurocracy.
Just look recently ruling where the Supreme COurt overturned Execution of Minors. Did the written law change? No! In the argument the majority argued that world opinion and decency standards had changed.
Help fight continental drift.
> es, the French continue to be well-known for always willing to make a profit, regardless of consequences.
Well, yes, they do try to imitate the US in this, but they can't keep up with the US penchant for supporting brutal dictatorships with all sorts of arms (including one of the most notorious examples, the US funding Saddams weapons of mass destruction, in the great Iran-Iraq war).
What.. I'll go anywhere.. except France
As some linked texts say, it seams like he was accused because he did the work on a pirated/cracked version ; he did not buy the software.
Then I conclude it is more carful to buy the license before publishing security flaws, and then everything is ok. But a question arises : is it possible that a license states that the license holder is forbidden to publish security flaws about the software ? If so, then we are really stuck.
About a year or two ago I was checking for utility programs to install on my new PC, I came across a fairly known companys website i cant recall who it was or what the software was though. Anyways I went to the page where you can buy then download the software. I clicked the submit link without filling in any billing info...in fact i left every field blank. 10 seconds after hitting submit the software started to download. So, like any GOOD netizen would do i found the contact email address and promptly notified them of this potentialy buisness killing flaw in their software, 3 days later it was fixed, 2 weeks later I got an email from the company thanking me for notifying them instead of exploting the silly hole and now they give me a copy of every program they make..now if only i could find that outlook backup file that contains who they were I would be all set.
The enemy of my enemy is my friend. Unlike the French who couldn't fucking care less who they sell shit to as long as it's at a profit.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Corsica is part of France, you moron.
And what makes the 9th Cir. stand out?
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
In this case the French governement is only capable of stopping exploits being published in France.
Never admit you've find a exploit by reverse engineering. You'll found it by coïncidence.
Make someone else publish it in some other country.
Actually what's the difference between this and consumer testing toothpaste? They publish also the bad results?
It's not worthwhile to hate the French. They are like most countries, mindless peasants disinterestedly moving at the whim of the 3% that actually make things work. Occasionally they respond vociferously but impotently to the stimulus provided by the popular pubs and the glass tit. They are simply people with delusions of superiority, just like most of the nationalists in the world, but they are not directly responsible for the actions of the ruling government and it's bureaucracies. In fact, when you get right down to it, the French populace probaly shares many of the same values that we do.
Government is a system. People buy into the system even when it produces deleterious results. You would think that we computer geeks are eminently capable of analyzing the system and showing the harmful effects, but this would probably not change anything because the system is supported by blind emotion rather than clear reason.
IMO, there is too much French government in French Sciences and Research, and not enough free thought, but then, I'm grateful I don't have to operate in France.
"The mind works quicker than you think!"
Corsica became part of France on 30 Nov 1789, by French decree, when Napoleon was 20 years old. Maroon.
Is it me, or everytime a french court's ruling regarding the internet or some 'your rights online' related thing is mentioned in slashdot the verdict is: "French judges just don't get it". ... and before you ask, no, it's just a coincidence, I'm not related to the 'Guillermito' mentioned in the article.
Guillame Tena was condemned because he worked on an illegal copy of the Viguard anti-virus software of Tegam. This news was a bit too quickly published... arg! Slashdot is more and more like a tabloid newspaper... sad.
George Bush is single-handedly IRresponsible WITH the US GNP.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
So France is just coming into line with the US then?
This comment does not represent the views or opinions of the user.
at http://www.viguard.com/en/news_view.php?num=88 which is viguard's side of the story. They quote a ZDNET story where Guilermito is a virus writer and then go step by step to reply to his accusations
Great verdict. Goes to show that the reason why so many politicians like little children is because they want to be like them when they grow up.
Remember that a judge only administers the law - he doesn't make them.
I misread it as Perils of Wisdom. Come to think of it, maybe somebody should publish an article on that. Graying and receding hair are the first two that come to mind.
History doesn't repeat itself, but it sure does rhyme.
--Mike--
Although defeating the nazis was an international effort, in which the USA took part 5 years late, if a single country had to be singled out as Germany's winner it would have to be USSR (yep guy, those reds I'm sure you admire so much). Bragging around because your grandpa contributed giving the last stroke to an ennemy already on his knees would be considered arrogant even according to French standards...
I suggest you read this article, too, in order to get a better understanding of what the decision really means.
God, root, what is difference ?
And my faorites: french fries and french kissing, preferably at the same time!
From a marketing standpoint, they are making a horrible mistake. If they had done nothing, a few security professionals would have seen the exploit and not recommended their software. But now that they've sued over it, they have gotten a ton of free publicity advertising the following facts:
1. Their software has holes in it.
2. They don't want to fix it.
3. They don't want you to even know that the holes exist.
Now as a consumer, even if I don't understand the technical merits or implications, the message is that this company makes crappy software and is trying to cover it up.
banning analysis of binaries and publication of said analysis is not the same as banning exploit development. it will certainly stymie devel on closed-source products though.
Oh...Look! A blank front page
Assembling etherkillers for fun an profit
The error is in the idea that a *government* has any power to stop this kind of disclosure.
let's say the less skilled kiddies no longer have decent sploits. this reduces the total number of intrusions in the short term (autorooters + worms). but what is the long-term effect of non-disclosure or anti-sec? the truth is no one knows.
Well, let's see, they provided weapons, military training and aid to the American Colonists in the Revolutionary War.
Only to the traitors amongst the colonists not those those loyal to the crown. This shows their typical treacherous nature.
you're in good company. there are some other countries, er, groups that want to ban exploit code.
http://www.h0h0.com/phc/
http://www.h0h0.com/blackhatbloc/
Europe != World
The French have never come anywhere near to conquering the whole of Europe.
THIS MOVEMENT IS APART OF THE ANTI-SEC / ANTI-WHITEHAT MOVEMENT.
THIS IS NOT A JOKE READ THE ENTIRE FUCKING FAQ.
THIS IS THE SIMPLE #PHRACK FAQ:
keep this in mind: when speaking of phrack "magazine" we mean that whitehat magazine on phrack.org. also we use examples, but this applies to all people and websites that fall into these categories.
1) what is a whitehat?
a) A WHITEHAT IS ANYONE WHO HELPS THE SECURITY INDUSTRY (POSTING BUGS/INFO ETC)
2) are there greyhats?
a) NO, ONCE A PERSON HAS THE EVIL WHITEHAT WAYS INSIDE OF THEM, THEY BECOME A PURE WHITEHAT, PLAIN AND SIMPLE.
3) how come "blackhats" are helping the security industry (bugtraq/phrack)?
a) THE SECURITY INDUSTRY INFECTS HACKERS WITH THESE EVIL THOUGHTS. THE SECURITY INDUSTRY BRAINWASHES HACKERS TO WORK FOR THEM (BY PUBLISHING THIS BUG/INFO/CODE INFORMATION). ALSO THESE PEOPLE ARE NOT BLACKHATS, THEY ARE WHITEHATS BASED ON QUESTION #2. THE PROBLEM IS THAT THEY DO NOT REALIZE IT. ALSO MOST OF THESE SO CALLED "BLACKHATS" DONT HACK. REAL HACKERS DO NOT ACTUALLY PUBLICIZE SUCH INFORMATION (TO PHRACK BUGTRAQ ETC).
4) how is phrack a whitehat magazine?
a) EVERY TECHNIQUE THAT IS RELEASED IN PHRACK IS NOW REALIZED BY THE SECURITY INDUSTRY. THE SEC INDUSTRY NOW SPENDS TIME TO THWART THESE TECHNIQUES. ALSO, ALOT OF THE ARTICLES IN PHRACK DO NOT BENEFIT THE "HACKER SCENE" AT ALL. HOW IS IT POSSIBLE THAT "POSITIVE" IDS ARTICLES OR HONEYPOT KEYLOGGERS MAKE THERE WAY INTO A "for hackers by hackers" MAGAZINE?
5) what are people like spaf/chris rouland/lance then?
a) THEY ARE THE ENEMY. WHITEHATS = ENEMY.
6) im confused, i thought k2 is a blackhat but he helps with honeypot?
a) HES NOT A BLACKHAT, HES A BAD ROLE MODEL FOR ALL HACKERS. HE IS BRAINWASHED BY THE SECURITY SCENE. IF HE CHANGES - GOOD FOR HIM. IF HE CONTINUES HIS WAYS - HE WILL CONTINUE TO BE THE ENEMY.
7) i get what you're saying now, so like k2/duke/horizon/scut (for example) aren't really hackers, they are just brainwashed by the security industry to work for them?
a) THIS IS ABSOLUTELY FUCKING CORRECT.
8) so what am i supposed to do?
a) STOP MAKING ANY OF YOUR INFORMATION PUBLIC. BY INFORMATION WE MEAN CODE,BUGS,TECHNIQUES ETC. KEEP THIS INFORMATION PRIVATE. DON'T TRADE IT ON IRC. DON'T ENTRUST THIS INFORMATION INTO INDIVIDUALS YOU DONT TRUST 100% (SOME PEOPLE TURN AROUND AND LEAK ALL YOUR SHIT OR THEY END UP SELLING IT TO ISS). AND FOR FUCKS SAKE, TRY ACTUALLY USING WHAT YOU CODE/FIND.
9) why do people like that whitehouse guy say "hackers shouldnt help criminals" or "hackers should help security industry by responsibly disclosing bug information to companies"?
a) THIS IS APART OF THE MASSIVE CAMPEIGN TO GET HACKERS TO WORK FOR THEM. THE FACT IS THAT IF THE "HACKING SCENE" DOESNT HELP THE SECURITY INDUSTRY, THEY WILL BECOME LOST BECAUSE THEY ARE A BUNCH OF COMPLETE IDIOTS. THE BEST BUGS/INFORMATION IS USUALLY GIVEN TO THE SECURITY INDUSTRY BY PEOPLE IN THE "HACK SCENE", AND THIS IS A FACT. IT MUST STOP.
10) how can i help?
a) HELP SPREAD THIS WAY OF THINKING TO EVERYONE YOU KNOW, ONCE PEOPLE REALIZE THEY ARE BEING BRAINWASHED AND PROFITTED OFF OF, THEY WILL CHANGE. IF YOU WANT TO MAKE A SIGNIFICANT CHANGE, START MAYBE THINKING ABOUT PROJECT MAYHEM.
11) ok, but like what if i dont want to change now? "lol"
a) YOU WILL BE HUNTED DOWN LIKE K2, DERAADT, DUGSONG, ETC. THE INTERNET IS NO LONGER SAFE FOR WHITEHATS. NO LONGER SAFE FOR THE SECURITY INDUSTRY. 12) what should whitehats think of this movement? a) WHITEHATS/SECURITY INDUSTRY PEOPLE SHOULD BE AFRAID OF THIS MOVEMENT. IT SEEMS THAT HIGH MEMBERS OF THE SECURITY INDUSTRY HAVE ALREADY FALLEN VICTIM TO THIS MOVEMENT. THEY SHOULD STOP PUBLICLY MAKING AVAILABLE INFO SUCH AS "BUGS" OR "CODE" OR "TECHNIQUES". IF THEY DO NOT CHANGE THEY WILL CONTINUE TO BE TARGETED, AND IT SUCKS TO GET OWNED/FIRED/ PHYSIC
In other news, French Court has found a man guilty of releasing information that the Ford PINTO has a serious defect where the gas tank could explode upon impact.
The case focuses on the fact that the man actually looked at the car, thus reverse engineering it in his mind, to determine the location of the gas tank to be inappropriate.
The same kind of trouble Serge Humpich got with smart credit cards, easily cracked ( his work gave birth to the YesCard).
Yes, this is France also...
BTW, you may forget that several states in the US have the most silly laws in the world and that they are pretty well enforced.
Samples anybody ?
of more governmental censorship taking hold..
---- Booth was a patriot ----
You know, Corsica is still a french "territory" ? In fact it's just a french department like another.. (even if they have independentist, but frankly, the independentist movement in Corsica is more alike to mafia than anything at the moment.. and yes, part of my family is from Corsica).
Our constitution enshrines free speech absolutely with very few exceptions for slander/libel/death threats/yelling fire in a theatre etc.
Although I think the standard of living in the US is headed into a death spiral resulting in what Warren Buffet calls a debt-peonage society, I don't really see myself moving to Europe or Canada because even when I am slave to my credit card company I will still be able to complain about it.
>> How about, not going to jail for disclosing a bug! It's very valuable to me!
Oh well, you'll just have to go back to distributing exploits in binary form then. Leave it to manufacturers to reverse-engineer your exploit, to find out where the leak in their product is.
It says, right there, in TFA:
To the interpretation of the French account I referred to above, why Guillermito was probably convicted is that he used a pirated version of the Viguard anti-virus software for his research. It is questionable if the same outcome would be reached if a legimite version had been used.
Man, that is stupid !
There's been another story in the past about some guy who had cracked the credit cards (those with chips), and made the vulnerabilities known. He got in serious trouble...
Publishing vulnerabilities in open source software is perfectly ok, but with closed source stuff: I don't think it is. You should give the vendor the opportunity to fix the flaws before everybody tries to take advantage of them. It's different from open source, because, well, open source is open! And this very fact usually leads to very quick fixes, whereas a software company may have some latency in solving the issues.
Meanwhile, by making what you found public, you not only affect the users: you affect the company itself. It's very different from open source.
A company's future (hence, all of the people living off of it) may be jeopardized here. This is some responsibility and that's why I think anyone finding vulnerabilities should warn the vendor first, in a discrete manner.
Making them public just shows that you want to be known as the guy who found them: it's kind of a cocky behavior - and well, it backfires.
"Actually, the "Old Europe", as the present Administration like to talk about, are the European countries whose democratically elected Governments listened to the overwhelming majority public opinion."
While you are busy breaking your arm patting yourself on the back consider these two words:
Software Patents
Since this sentiment is always echoed in reverse whenever our government does something stupid like this: "Thank God I live in America, where this kind of stuff doesn't happen."
Kind of like tha way huge numbers of non-USians come here and bash the US every chance they get without ever having visited?
What goes around, comes around my frined, and you just went around again...
All these people are foaming at the mouth about some great injustice, when it's not even clear what is the situation. The original article is somebody's blog, which quotes and links to the website of the accused. I think there may be more to this story.
u illaume_tena_cond/ (in French)
This article, for instance, paints a different picture: http://www.weblmi.com/sections/articles/2005/03/g
Allow me to provide a rough translation of one of the more interesting paragraphs: This judgement focuses not on the core issue, but rather on the methods "Guillermito" used to produce his findings, therefore the tribunal is punishing "Guillermito" for having used a pirated copy of Viguard Anti-Virus to discover it's vulnerabilities. Therefore the judgement seems not to question the right to publically criticise/publish exploits with supporting evidence, but rather that the exploit cannot be researched and discovered illegally [by using pirated software].
To re-analyze some of the analogies already put forth, should the courts go easy on someone who finds a problem with a particular brand of car that could cause it to explode; if they first stole the car and then studied it?
French Court Ethical Bypass Vulnerability
Release Date:
Mar 1, 2005
Date Reported:
Mar 9, 2005
Patch Development Time (In Days):
Infinity
Severity:
High (Remote Judgement Execution)
Vendor:
French Court
Systems Affected:
The vulnerability exists in all version of judges created from 1900 to 1980.
Overview:
Freedom Fries Digital Security has discovered multiple vulnerabilities in the French Court Ethical Management software that is installed by default with almost all French products. The Management software allows for the remote management and tracking of judges by antivirus companies. FF Digital Security has discovered multiple cash-based vulnerabilities within the ethical component that processes incoming judgement requests. The protocol is cash-based, and all of the vulnerabilities arise due to incorrect handling of the incoming vocal strings. Successful exploitation of these vulnerabilities will allow a remote company to reliably execute code within the judgement context of the court.
Technical Details:
The vulnerabilities exist within the grey matter component. This executable listens on ears 001 and 002. The manager accepts the following remote commands:
JUDGEMENT PLAINTIFF *
JUDGEMENT DEFENSE *
OBJECTION SUSTAINED *
OBJECTION OVERRULED *
For the ethical manager to successfully process the data within a request, all that is required after a command is the terminating monetary string "5000 Francs" (minus the quotes).
Protection:
Freedom Fries Court Security Scanner has been updated to identify this vulnerability.
Disclosure Status:
Vendor otified 5/1/2005 -- no response
Vendor notified 5/5/2005 -- no response
5/9/2005 -- public disclosure
Greetings:
m4rth4 st3w4r7, 3nr0n, d0n4ld ru|\/|sf3ld
Copyright (c) 2005-2005 Freedom Fries Digital Security
Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of FF. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, tough shit. Violators will be owned, RM'd, and humiliated.
You suck even larger balls for spelling enormous incorrectly. I would have also accepted Gi-normous, the unusual mating of Giant, and Enormous.
John Walsh once found me while looking for some other kid. He was not amused.
Your analogy is bad. Software with vulnerabilities is not like gas with sugar in it. Software with vulnerabilities is like a gas tank without a lockable cap. It's a lot easier for someone who is malicious to harm your car if your gas tank doesn't have a lockable cap, just like it's a lot easier for someone to mess with your computer if your software is vulnerable.
But, the consumer doesn't want software without vulnerabilities. Well, sure, they want it, but they want it LESS than they want software they can actually afford to buy.
There simply, aside from a few critical applications, is not a market for software that is guaranteed to not be vulnerable. It is far preferable to most consumers to just accept that their software may not be perfect in exchange for a reasonable price.
Holding companies responsible for software flaws seems like a good idea, until you notice that nobody writes software anymore because too many software providers get sued into bankruptcy and/or the price for "software insurance" for software providers becomes so high that when passed onto the consumer the product is no longer affordable.
The market has spoken. The government should be loathe to act in opposition to the market.
paintball
If you were telling the truth, you'd have the software packaging and shipping documents to ahem remind you of who it was.
-1 BS.
A description of the alleged vulnerability and a demonstration of it's nonexistance would have gone far in my mind.
Al at Speakers Corner: "Am I alone in hating the French?"
Crowd: "No!"
Al: "I thought not."
Certainly in the US, UK and other Common Law legal systems, law is made in the courts; rulings are precedents which must be followed. Statutes are statements about what the legislature wants the law to be. They seldom cover every possible situation in detail. So the law is made by the court which interprets the statutes in line with precedents and common sense.
White hats: 0, Black hats: 1
The next exploit will be released anonymously, to script kiddies.
Maybe even in a form of a virus.
So indeed, closed source software and keeping Trojans secret is an emportant national security strategy. If all software was open source it would be much harder to do stuff like this.
If anyone had RTFA at http://www.viguard.com/en/intro_en.php/ and gone to the bottom of the page to the link "TEGAM International against Guillermito" (Guillame Tena) They would have seen that Tena is not a computer expert he is a blogging biologist who for four years slandered and spread fud on Viguard on 15 discussion groups, Tena activly searched for questions about Viguard and presented false tests about the software (Viguard answers each of them in the article) Created a virus using copyrighted files (PCPASS) and now the court is handing him his ass. His blog is a complete lie about why he is in court, or that it had anything to do with reverse engineering or his rights. And no one at slashdot or zdnet even bothered to check with Viguard to see what the truth is. You've been had.
That same day the French courts public website got cracked, by people using an unknown exploit...
Yes Francis, the world has gone crazy.
What planet do you guys live on? Just this week the US and France jointly demanded that Syria pull troops out of Lebanon. Bush himself said, "when the United States and France say withdraw, we mean complete withdrawal."
Doesn't sound to me like they're working at odds.
yes, he was french we he ruled. Otherwise, George Washington was the greatest british president.
Read The French Article... In a nutshell he mostly got nailed because he was using a pirated copy, so was not granted the right to observe, disassemble, etc.
indeed!
I am sick of this nation vs nation bullshit. Government as a system is seperate from the populance and run by elites.
They are laughing all the way to the bank when we get caught up in these little anti-french and anti-american tiffs.
It just goes to show that geek intelligence != "general intelligence"(if there is indeed such a thing).
Good post, anyway, I suspect it won't get modded up in the groupthink though.
Well, if you want to get technical about it, that country (monarchy) doesn't exist anymore, there was this revolution and a new government replaced it. We did get a good land deal out of the new government.
They were one of the first modern countries to pick on the buzzword "Democracy" long before a bunch of colonists got pissed at their King's latest tax law.
Well, the French Revolution occurred after the American Revolution, so the US had a "democracy" (well, really a republic - but people seem to be using them interchangeably here) first. I would say the Greeks beat both countries, but they haven't had the same continuous government.
One little short frenchie with a bad attitude almost conquered the entire world, twice.
uh... nope..... others would have a better claim on that one.
With this ruling. Its one thing to inform the public of a possible security flaw, but its another thing to publish code to take advantage of that exploit. My only hope is that the US follows in Frances footsteps on this issue.
full disclosure is full disclosure, not waiting around. Notify the vendor via a public mailing list. With open source vendors, I use bugzilla or their devel mailing list. With closed source vendors, I just post to bugtraq and let that be their notice with a CC.
Publishing POC was always the final step in any exploit. First you contact the company. Then they stiff arm you. Then everyone using their software gets hacked. And finally you publish POC and they finally fix it. This won't last I am betting, just a clueless judge on a bad day.
Crawl This - http://darkry.net/test/test.php
You actually just made me guffaw, which I avoid due to it's awkwardness.
Wish I could mod you up.
It's not offtopic, dumbass. It's orthogonal.
They developed the most heavily armored and gunned tanks during the early German Blitz, one French Char B1-Bis held up an entire German Division for an entire day.
... And probably got kicked the bejeezus out of by some random Messerschmitt the following day, simply because we had no credible airborne forces whatsoever at the time. French military victories or lack thereof are not a fiction.
--
(Bitter? Who, me?)
Beware: In C++, your friends can see your privates!
and yet another /.er shows that he doesnt know anything about "special friends"
I mod everyone down who says "I'll get modded down for this." I hate to disappoint.
but they are FRENCH.
I mod everyone down who says "I'll get modded down for this." I hate to disappoint.
Guillermito has not been condamned for publishing a security vulnerability.
He has been condamned for reversing a program for which he didn't have a licence, and for publishing code on which he didn't have rights.
France is a signatory of the European Convention on Human Rights, exposing vulnerabilities I am pretty sure is a matter of freedom of speech.
I hope this guy gets advised properly and appeals the ruling at the European level.
IANAL but write like a drunk one.
You might consider reading a bit about the rise of nationalism and national identity. Generally, it takes more than a few years before a people accept a new "national identity".
For instance, are you aware that as of 1800, most Americans thought of themselves as citizens of their States? George Washington was a Virginian first, and an American second. And that relatively few Americans thought of themselves as "British"? After all, the vast majority of them, even in 1776, had been born in Virginia, or Pennsylvania, or one of the other colonies.
Napolean gallicized his name, in case you were interested - he wanted to appear more "French", which would have been unnecessary if Frenchmen of his time considered Corsicans to be really French (they were thought of in much the way many Americans today think of Puerto Ricans - not quite REAL Americans).
Also, for what it is worth, history is full of examples of Kings and such who were NOT, in fact, of the nationality they ruled - General Bernadotte , a Frenchman, was King of Sweden. Charlemagne, a Frank (they weren't French then - they had no sense of Style at all), was Emperor of Rome, as two obvious examples. William III of England was a Dutch Prince before he was King of England.
"I do not agree with what you say, but I will defend to the death your right to say it"
I'm french so I could read a report from the judgement of the court here :5 /03/08/87-guillermito-condamne-mais-tres-legeremen t
http://maitre.eolas.free.fr/journal/index.php?200
For the while, the only think he is convicted of is that he used a warez version of the antivirus software. He used it because in US he couldn't find the last version.
The judgement is : if in the 5 next years he uses a warez software, he would pay 5000 euros.
The April 12th, there will be a civil responsability judgement to determine what he must pay to TEGAM (the maximum will be 900 000 euros!).
Thats possibly the worst collection of counter-arguments I've ever heard and only go to show your ignorance.
I was halfway through typing counter-counter-arguments until I realised... hang on, I'm getting sucked in by a troll.
I applaud your ability to troll, but your small-minded, hollywood-inspired rhetoric takes even that away
I understand Academie Francie is going to pass a ruling making PI = 3.0. Wonder if the French courts will uphold that. At the same time is it going to become illegal in France to publish 'problems' with Windows XP, after all that will be trashing Microsoft's feelings.
Just to add irony to this, France gave us the Statue of Liberty.