Past EED rants


Live leaderboard

Poker leaderboard

Voice of EED

Saturday 10 April 2004

The French fuck with security laws [slim]

France sneaked in an ammendment to their interwebnet laws yesterday:
'The fact, without legitimate reason, of holding, of offering, of yielding or of placing at the disposal equipment, instrument, a data-processing or program conceived or especially adapted to make the facts envisaged by articles 323-1 to 323-3 is punished sorrows planned respectively for the infringement itself or the infringement most severely repressed.'
Makes sense? Na, not to me either, but I pulled some translation off a security mailing list, and it goes like this:
- having or distributing exploit code and/or detailed vulnerability information and/or information about hacking techniques, is ILLEGAL. - having or distributing hacking/security tools, scanners, pen testers, or technical white papers is ILLEGAL. - magazines and websites distributing security information about vulnerabilities or exploits are ILLEGAL.
So what you have here, is a law that makes it illigal to carry information informing you about vulnerabilities and it's Illegal for you to have equipment that tests your own systems for vulnerabilities.
Stupid fucking fuckers?


  1. Sounds similar to the regulations the USA has had for a while - remember the Dimitri Skyralov (sp?) case? He got done for publishing a white paper on security vulnerabilities in some of Adobe's products...
    It's daft, for sure, but most governments don't GET security, and their legislation is reflecting that, sadly.

  2. You mean the DMCA I presume? It's is somewhat similar, although I think that may even be more draconian. In this case, I have a feeling it may merely be the French implementing a proposed EU wide copyright infringment law change. The Register has been banging on about UKGovs proposed version of it for a while I think.
    As to governments not getting security, they aren't the only ones. Large parts of the computer industry seems to think that Security by Obscurity is somehow a valid way of maintaining 'good order' but to quote William Gibson, 'information wants to be free'. No secret is kept forever, and betting your livelihood on one being so for long enough for you to quietly fix the issue without telling anyone seems very foolish to me. Surely it is better to get the problems fixed ASAP than try and stop people finding out they are there.
    It's an almost Canute-esque view, that you can somehow stop flaws being exploited by keeping them out of the view of the law abiding citizenry. The point is that the law abiding citizenry aren't the ones who are going to be nabbing your customer credit card details database. The people who will be rooting your servers won't care less that the software they are using to do it is illegal.

  3. send to my emaail sample