Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] France puts a damper on flaw hunting

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] France puts a damper on flaw hunting
Date: Thu, 10 Mar 2005 03:07:01 -0600 (CST) 
http://news.com.com/France+puts+a+damper+on+flaw+hunting/2100-7350_3-5606306.html

By Munir Kotadia 
Special to CNET News.com
March 9, 2005

Researchers who reverse-engineer software to discover programming
flaws can no longer legally publish their findings in France, after a
court fined a security expert on Tuesday.

In 2001, French security researcher Guillaume Tena found a number of
vulnerabilities in the Viguard antivirus software published by Tegam
International. Tena, who at the time was known by his pseudonym
Guillermito, published his research online in March 2002.

However, Tena's actions were not viewed kindly by Tegam, which
initiated legal action against the researcher. That action resulted in
a case being brought to trial at a court in Paris. The prosecution
claimed that Tena violated article 335.2 of the code of intellectual
property and asked for a four-month jail term and a fine of 6,000
euros.

On Tuesday, the French court ruled that Tena should not be imprisoned
but gave him a suspended fine of 5,000 euros. This means that he only
has to pay the fine if he publishes more information on security
vulnerabilities in software.

Chaouki Bekrar, a security consultant and co-founder of French Web
site K-Otik Security, which is known for regularly publishing exploit
codes, said that although it is good news that Tena did not have to go
to jail, the ruling is very bad news for the security research
industry in France.

"This seems to be a good news, but that is not the case," Bekrar said.
"Publishing a security vulnerability or a proof of concept using
reverse engineering or disassembly is now illegal in France. How can a
researcher publish a vulnerability if he can't study the software's
structure?"

On his Web site, Tena argued that if independent researchers were not
allowed to freely publish their findings about security software, then
users would only have "marketing press releases" to assess the quality
of the software. "Unfortunately, it seems that we are heading this way
in France and maybe in Europe," Tena said.

Tegam is also proceeding with a civil case against Tena, in which it
is asking for 900,000 euros in damages.

Munir Kotadia of ZDNet Australia reported from Sydney.



_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ISN] DSW Shoe Warehouse Reports Customer Data Theft, InfoSec News
Next by Date:  [ISN] Hackers breach LexisNexis, grab info on 32,000 people, InfoSec News
Previous by Thread:  [ISN] Security UPDATE -- Administrator Accounts and Root Kits -- March 9, 2005, InfoSec News
Next by Thread:  Re: [ISN] France puts a damper on flaw hunting, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]