Give us your tired, your poor, your exploit writers yearning to breath free!

[dave <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Team France pointed out that the legal situation for our industry has
gotten even more murky in France. Apparently today a judgement against
Chaouki Bekrar (the owner of the French company VUPEN, I am told) has
gone public convicting them of selling the WMF exploit. The fine was
1000 EU but of course, any conviction here is extremely damaging to the
French security industry.

There's a pretty big can of worms here the French legal system is going
to have to eat now. How do you know a bug is patched? What is "valid
intent for having 0day?" VUPEN is a security company, after all.

All governments typically see is "Wouldn't it be great if people could
only legally sell 0days to us?" But it's not nearly that simple. If you
thought the "war on strong cryptography" was fun, then you're going to
absolutely love the "war on 0days"!


"""
Cedric Blancher blog entry:
http://sid.rstack.org/blog/index.php/375-lcen-m-a-tuer-ou-pa

Law article:
http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=LEGITEXT000005789847&dateTexte=20091129

Short Law article:
http://droit-finances.commentcamarche.net/legifrance/37-code-penal/89982/article-323-3-1

Judgement:
http://www.evematringe.fr/blog/documentation/ca-montpellier-3-ch-corr-12-mars-2009-n%C2%B00801431/
"""

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAksT9vsACgkQtehAhL0gheqs5wCfWeJF2w7/aYZOY8Ls3ngon8uq
rYsAnA/hv0m6B+Ae2mo0xlKt86gUFuw6
=4srP
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave