Publishing Exploit Code Ruled Illegal In France

Dexter writes "A French Court has condemned the security researcher Guillame Tena for publishing a security vulnerability in the Viguard anti-virus software of Tegam. This ruling makes the publication of security vulnerabilities and their proof of concept through reverse engneering illegal in France."

Contrary

[Ghetto_D]

I'm sure just to spite France President Bush will make it mandatory for all programmers to post exploits.

The 'condemned' him?

Did they send him to the dungeon or the guillotine?

France

[clinko]

IF instr(HEADLINE, "FRANCE") > 0 THEN
PONDER_FRENCH_MATTERING
LAUGH("FRANCE")
ELSE
READ_ARTICLE
END IF

It's VB (SCREW YOU FOR JUDGING ME!)

Re:WOW!

[Rude+Turnip]

I don't know, but I hear these guys already did a search on Google to find out:

http://www.albinoblacksheep.com/text/victories.h tm l

Re:Blame the victim

[scottennis]

Software? A 'dangerous' product? Well, I did hear about a guy who lost his eye to an early version of Windows, but that was a really freak accident.

Seriously though, you have a point. If a gas station was selling gasoline with sugar in it (very bad for your car engine) they would be liable for damages. It seems, however, that sofyware companies have no liability for their crappy product. Must be due to those lengthy licenses you agree to by opening the package.

Maybe gas stations should start printing up a 'licensing' agreement on their pumps.

"Notice: By lifting the handle, you agree to check the compatability of this product with your vehicle, etc., etc."

Re:French Court: "Surrender Now"

You decide which is more valuable: A company keeping their PR image spotless, or getting serious software bugs fixed.

How about, not going to jail for disclosing a bug! It's very valuable to me!

obSimpsons

[The+Amazing+Fish+Boy]

What kind of crappy lawyer lets their client get punished for telling the truth about dangerous products?

Hutz: Thank you, Dr. Hibbert. I rest my case.
Judge: You rest your case?
Hutz: What? Oh no, I thought that was just a figure of speech. CASE CLOSED.

VULNERABILITY

[Spy+der+Mann]

A vulnerability has been found in France's new legislation regarding publication of exploits.

The legislation has a loophole that allows people to give such info to 3rd parties outside France so they can publish such exploit.

The government's illegality detection can be easily bypassed with an SSL connection, provided one does not disclose his identity.

Proof of concept

Reclassify your "exploit" as a "hidden feature"

[Anonymous+Custard]

Just reclassify what you would have called an "exploit" as a "hidden feature".

As in,

"Hey there's a great new hidden feature I found in Internet Explorer for people who need to get remote root access their own systems:

Just load up this javascript + assembly code in a page in the browser, and Internet Explorer will automatically generate a stack overflow, so you can execute the assembly code! What a great new hidden feature I've found."

Maginot II?

[ka9dgx]

Of course, the country that gave rise to the Maginot Line is going to want to legislate away anyone who suggests software might be insecure because there are ways around it.

History doesn't repeat itself, but it sure does rhyme.

--Mike--

Re:French Court: "Surrender Now"

Posting this as anonymous 'cos I'm scared of the wrath...

This is a Linux / Open source orientated site you fool! Since when did user friendly make it onto the requirements list?