(EDIT: It has been noted that the translation of the "ban" word implies that this law is final. It is not until the law goes under a review of sorts. Unfortunately, I'm not well-versed on French law so I know little more than this at this point.)

The following is a link to a Google-translate K-OTik page highlighting the latest news:
K-OTik news

Here is the loose translation:
Guilty experts in safety from now on of complicity of piracy!

The Drafting (K-OTik.COM ) - The Senate adopted in second reading in the night of Thursday to Friday April 9, 2004 the bill on the numerical economy (LEN), article 34 of the law for confidence in the numerical economy concerning the modification of article 323-3 of the penal code was thus definitively adopted, the introduction of article 323-3-1 is from now on official:

"Art. 323-3-1. - the fact, without legitimate reason, to import, hold, offer, yield or place at the disposal equipment, instrument, a data-processing or very given program conceived or especially adapted to commit one or more offences envisaged by articles 323-1 to 323-3 is punished sorrows planned respectively for the infringement itself or the infringement most severely repressed."

This article takes as an hostage the experts in computer security, consultants, journalistes/rédacteurs of specialized, and enquiring magazines of faults. It is not thus possible any more to publish the technical details of a vulnerability, to publish or handle tools allowing the intrusive tests or the audits of safety... without being guilty of piracy or complicity of piracy!

Let us note also the introduction of the subjective and ambiguous term "without legitimate reason" which results in: Any person handling of the tools of safety, or publishing technical documents or details of vulnerabilities is GUILTY of piracy, as long as its innocence was not shown (with supposed guilty to prove the legitimacy of its actions). The presumption of innocence is clearly replaced by the "presumption of culpability".

Source: © K-OTik.COM

damn that sucks i sure hope this doesnt happen in the states...

Yeh idd we dont need that kind of stuff here heh. we got enough issues

If this should happen in the US then it will pose an interesting situation as then those who are privay to the information will be able to exploit them with total ease as the security people will be behind 4 steps intsead of 2.

To be totally reliant on the vendors to inform you of vulnerabities in there code is like letting a pyromaniac start a bonfire in the middle of a forest that has been in a drought. Bad Juju

This is for sure a BlackDay for the security community
both for the blackhats or the whitehats ...
This is the most ridiculous news ive ever
come across in concern with security.
even posession of hacking tools is illegal ..
does it mean that having
nc,nmap and a tftp youre gonna find yourself in trouble?

This is the most stupid law possible about computer security -> black hats whose are already in illegality will absolutely don't care about his, but white hats may be in trouble.
So some new security exploits will stay in the black hat community, and administrators and developpers won't be informed.

but the LEN still have to be approved by the "commission paritaire mixte", stay tuned.

don't agree with them,such law is a new limitation in our freedom,i knewed many thing from the security discussion which help us to protect and secure our server well,
i'm sad becasue they ban full disclosure

Extremely stupid law...

you know some of those stupid laws (ex. it is illegal to make contact with aliens) this ranks in the first one for me.
Why not make guns illegal or soldiers they could be used for bad things as well.

my question is what is the future of k-otik and many other security researchers in France will they now drop what they are doing and go sell tomatoes??

This is usually the case when the media and law makers get involved. On the surface, yeah it probably doesn't look like a very reputable website. But hey, guns kill people. Why not ban those too? Pollen and the like "infect" 40 million people a year with alergies. Let's ban all living plans with pollen.

There is a point, which I think was just reached for security, when you need to take a few steps back and consider what you ban. Information is key to a great defense and a great attack. As such, this is a VERY GOOD REASON why corporate security officials should be paid their high saleries. Businesses are no longer able to pull off pizza and beer IT security strategies.

Ciau...

digitalk2003

If you coded something like a backdoor yourself, and they had no proof that you had used it, would it be possible for you to say that you just coded it to test your skills and had no intention of using it?

Prefix

i can picture the headlines. "french companies left in the dark while the rest of the world attacks exploits on their systems"

(well maybe not exactly like that cause of foreign media exposure as well but u catch my drift)

C'est mal! C'est mal! Well, looks like the French will be stepping back into the dark ages again. Back to a time when the bad guys could get together in a physical location, find exploits, and use them for ages without the security communities knowing they exist. That doesn't hurt anyone but the "good guys". The bad guys will just proxy out of country to get the info (because they can), and the good guys will either play by the rules and be defenseless, or will use skills to get exploit info and risk be arrested. But hey, as the French say.....

C'est la Vie!

hmm, plz avoid some strange comparaison likes guns ^^ (guns must be reserved to militaries or policeman, since it's dangerous)

but, what we're talking here, is just about informations.
Security informations will be prohibited, because they can be used to attacks, and tottaly forgetting that they're necessary too to defend.

Anyway, releasing the source code, and not the software, will stay possible i think.

You lost me after

maybe its caused by my crappy english

like the source code of a patented standard, the patents apply on the binary only, not the source code, because you can't direcly use the source code, you have to make a binary first. I hope releasing the code source of a security scanner for example will stay legal, because you can't directly attack with a source code, you have to make the software first, and then you're are responsible.

But that was just a supposition.

you should rename this topic to: France about to ban ..
since this one still needs to hit the parliament before and there is no date in the article.

also this article talks about unlegitimate (we all know this word) use. so research and development will still be possible but you cannot make it public as before. so lets say only network admin can register on certain sites and review the information and download tools. anyone else knowing about the vulnerabilities is a criminal to this fact.
and also note: if this gets real everyone hit by a virus (and you will be hit since how would you know of a new vulnerability in france) is directly responsible for the harm his computer did to others.
meaning a privat person in france is not allowed to use vuln scanners, but once hit by a virus he gets into serious problems because his PC "autohacked" someone else.

this is the most stupid stuff I have ever read. but again, the last word isn't spoken!

that is not law yet. I don't think it will pass

well i have missed that source code part, any ways who in the world releases exploits as binaries, all the ones that i find are for GCC to compile lets not get offtopic, Please.

Hypothetical situation.
All forms of full disclosure are banned across the world, if there is a security vulnerabilty the vendor fixes it when and if they find it, there are no public databases of vulnerabilities to warm admins before vulnerabilities are patched. However that does not change the ease of finding vulnerabilities. Any person who finds a unique vulnerability can exploit servers without being stopped, after all no one could disclose the vulnerability.

yesterday the the "commission paritaire mixte" approved this law.

so it will be an official law before the end of this summer

full disclosure is dead in france ...

Yeah, but fortunatly they cant police the whole internet so all the frenchies have to do is scamper over to babbelfish translations or a page like it and translate exploit pages to french Not like most people on the internet gives a flying one about what the government says they can or can't do

I would ask you the following question. How are they really going to stop full disclosure from happening? There not. The internet does not stop at their borders. I will never be stopped.

France is no more state of human rigts and freedom

As french i must reply to this ....

I am disapointed by this new law , why ?

Most software companies can deliver us some real shit programms and everybody must buy it and say it s amazing look this is really good programms .....
This law is just a flash back 500 years ago when Inquisition said , read this book it's for ur culture it s good , don t read this one it s evil and writers will go in hell by our hands !
What s more !?

Tommorrow i ll buy a car with no brakes , crashing my ass and said Yeah this is a really good car , BUY IT !

now hackers must react to it because hackers are here for denounce the manipulations too !

PS : God please don t save The french Senators (Senils) !

As usual, what else can we expect from those people, french always tried to be the united states of europe but in europe, everyone can´t stand them due to their stupid behaviuor, once more, they have demonstrated that they are a pain in the @ss
By the way, they aren´t any senators in france

What sort of reply i must do for this :

I´m french, is that enough for you?

good news exerpt
good thing I dont live in france

French hackers silence a leading Islamic website

he Islamic website Oumma.com was wiped off the Internet for over ten days following an attack by hackers, announced its chief editor Said Branine.

The website posted on its forum an anti-Semitic fatwa, a religious writ, allegedly from the Al Azar University of Muslim theology in Cairo, sent in by a "Muslim web surfer". The fatwa listed the "twenty fundamental faults" of the Jews as enumerated in the Koran. The forum is moderated after the texts are posted, explained Branine, and the incriminated message was erased only four hours after it was put on line.

In remained however on the Islamic website long enough to be spotted by a French reporter with the weekly newsmagazine Marianne. She wrote an article wondering whether the posting of such material was consistent with the site's declared goal of "promoting dialogue between religions".

Hours before Marianne was even printed, Oumma.com went under the fire of an unprecedented attack of hackers, said Branine. Millions of requests were sent out to the Oumma server, triggering the well-known "Denial of service" answer. "We tried to switch service providers, but the hackers were really too strong," said Branine. "Our site is bothering lots of people because of our freedom of speech," went on the site's editor who was very careful not to incriminate anyone for the wrongdoing.

Friday, following a report on the hackers' attack in the leftist daily Liberation, the site was reachable again.

Oumma.com was created in 1999. It boasts a membership of 120,000 web surfers and over 10 million hits per month. A constant propaganda tool against Israel in general and its "bete noire" Ariel Sharon in particular, Oumma.com is the mouthpiece of Tariq Ramadan, an Islamic new wave extremist theologian and a proven anti-Semite. Ramadan, grandson of Hassan al Banna, the founder of the Islamic Brotherhood, is the darling of the French-speaking left and the guru of the young Muslim generation. Soft spoken, good-looking and neatly dressed, Ramadan is being used by the Leftists as a gateway to the otherwise non-politicized Muslim youths.

He outraged some French intellectuals when he wrote on Oumma.com that when it comes to the Middle-East conflict, French philosophers are driven by their community affiliation rather than by their brains. All the listed writers were supposed to be Jews. One was not. Pierre-Andr Taguieff, the non-Jew, wrote back that in Ramadan's mind, one had to be Jewish to support Israel.

French law forbids to list people according to their religion or race or creed. Ramadan was accordingly sued by anti-racist organizations.

The self-promoted modern Ramadan was also caught off base when it was revealed that he refused to condemn the stoning of adulterous women. In his latest book, he pronounced himself for a "moratorium" on the issue.


Original article: http://www.jpost.com/servlet/Satellite?pag...p=1006688055060