Re: Legal Aspect of Pentesting / CyberCrime Treaty

From: Jerome Athias (jerome.athias@free.fr)
Date: Wed Sep 27 2006 - 07:38:41 EDT


Christoph Puppe a écrit :
> Salve,
>
> in Germany we are about to implement the cybercrime treaty in local law
> with the number § 202 c. This change will make the possession, trafficking,
> making available and producing of tools with the *intention* for hacking
> and snooping traffic an offense punishable with up to a year in prison.
>
> My questions for the list:
>
> # does your country has implemented this treaty as well?
> # what was your experience?
>
> In my understanding, if we may not publish exploits to the web in general
> anymore, we need new ways to trade them. The bad guys will do this as they
> have always done. Now the professional pentesters need a B2B platform to
> get this tools of the trade. The AV guys have done this right from the
> start, with closed groups for exchange of new malware.
>
> In the hope for a fun discussion!
>
>
Hi,

this law exists in France and is called the "LEN" (Loi sur l'Economie
Numérique) (it has 1 or 2 years)
It's also forbidden to disassemble a soft...

you're right and i think the same thing!

If bad guys can't publish an exploit publicly, some options are iDefense
or ZDI... or the mafia...
i don't think it's good

/JA

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:01 EDT