[Nick W]

(EDIT: It has been noted that the translation of the "ban" word implies that this law is final. It is not until the law goes under a review of sorts. Unfortunately, I'm not well-versed on French law so I know little more than this at this point.)

The following is a link to a Google-translate K-OTik page highlighting the latest news:
K-OTik news

Here is the loose translation:
Guilty experts in safety from now on of complicity of piracy!

The Drafting (K-OTik.COM ) - The Senate adopted in second reading in the night of Thursday to Friday April 9, 2004 the bill on the numerical economy (LEN), article 34 of the law for confidence in the numerical economy concerning the modification of article 323-3 of the penal code was thus definitively adopted, the introduction of article 323-3-1 is from now on official:

"Art. 323-3-1. - the fact, without legitimate reason, to import, hold, offer, yield or place at the disposal equipment, instrument, a data-processing or very given program conceived or especially adapted to commit one or more offences envisaged by articles 323-1 to 323-3 is punished sorrows planned respectively for the infringement itself or the infringement most severely repressed."

This article takes as an hostage the experts in computer security, consultants, journalistes/r�dacteurs of specialized, and enquiring magazines of faults. It is not thus possible any more to publish the technical details of a vulnerability, to publish or handle tools allowing the intrusive tests or the audits of safety... without being guilty of piracy or complicity of piracy!

Let us note also the introduction of the subjective and ambiguous term "without legitimate reason" which results in: Any person handling of the tools of safety, or publishing technical documents or details of vulnerabilities is GUILTY of piracy, as long as its innocence was not shown (with supposed guilty to prove the legitimacy of its actions). The presumption of innocence is clearly replaced by the "presumption of culpability".

Source: � K-OTik.COM

[predx]

damn that sucks i sure hope this doesnt happen in the states...

[Joc00]

Yeh idd we dont need that kind of stuff here heh. we got enough issues

[Spookie]

If this should happen in the US then it will pose an interesting situation as then those who are privay to the information will be able to exploit them with total ease as the security people will be behind 4 steps intsead of 2.

To be totally reliant on the vendors to inform you of vulnerabities in there code is like letting a pyromaniac start a bonfire in the middle of a forest that has been in a drought. Bad Juju

[easternerd]

This is for sure a BlackDay for the security community
both for the blackhats or the whitehats ...
This is the most ridiculous news ive ever
come across in concern with security.
even posession of hacking tools is illegal ..
does it mean that having
nc,nmap and a tftp youre gonna find yourself in trouble?

[strohunter]

This is the most stupid law possible about computer security -> black hats whose are already in illegality will absolutely don't care about his, but white hats may be in trouble.
So some new security exploits will stay in the black hat community, and administrators and developpers won't be informed.

but the LEN still have to be approved by the "commission paritaire mixte", stay tuned.

[migo]

don't agree with them,such law is a new limitation in our freedom,i knewed many thing from the security discussion which help us to protect and secure our server well,
i'm sad becasue they ban full disclosure :(

[graveyard]

Extremely stupid law... :unsure:

[digitalk2003]

This is usually the case when the media and law makers get involved. :angry: On the surface, yeah it probably doesn't look like a very reputable website. But hey, guns kill people. Why not ban those too? Pollen and the like "infect" 40 million people a year with alergies. Let's ban all living plans with pollen. :rolleyes:

There is a point, which I think was just reached for security, when you need to take a few steps back and consider what you ban. Information is key to a great defense and a great attack. As such, this is a VERY GOOD REASON why corporate security officials should be paid their high saleries. Businesses are no longer able to pull off pizza and beer IT security strategies. :P

Ciau...

digitalk2003

[nuorder]

i can picture the headlines. "french companies left in the dark while the rest of the world attacks exploits on their systems"

(well maybe not exactly like that cause of foreign media exposure as well but u catch my drift)

[u533m3n0t]

C'est mal! C'est mal! Well, looks like the French will be stepping back into the dark ages again. Back to a time when the bad guys could get together in a physical location, find exploits, and use them for ages without the security communities knowing they exist. :ph34r: That doesn't hurt anyone but the "good guys". The bad guys will just proxy out of country to get the info (because they can), and the good guys will either play by the rules and be defenseless, or will use skills to get exploit info and risk be arrested. But hey, as the French say.....

C'est la Vie! :D

[strohunter]

hmm, plz avoid some strange comparaison likes guns ^^ (guns must be reserved to militaries or policeman, since it's dangerous)

but, what we're talking here, is just about informations.
Security informations will be prohibited, because they can be used to attacks, and tottaly forgetting that they're necessary too to defend.

Anyway, releasing the source code, and not the software, will stay possible i think.

[Spookie]

You lost me after

Quote

(guns must be reserved to militaries or policeman, since it's dangerous)

Maybe you can expound on your comment as I am a bit confused by your response.

Quote

Anyway, releasing the source code, and not the software, will stay possible i think.