This is pretty remarkable from my point of view: In 2005 our Forensic team together with our Investigators obtained the identification and arrest of M. Jean-Charles S. for the illegal distribution of a hacking tutorial against MSN Hotmail and MSN Messenger users. On June 12, 2008 the Tribunal Correctionnel (criminal court in France) sentenced this person with the following sanction (we announced that on September 17th):
Initially, in the first hearing the defendant was not present and he got the same sanctions with a fine on 8000 Euros. As he realized that this is becoming serious, he asked to be heard again and finally obtained a smaller fine which reflects his financial capabilities.
This is actually the first time I heard about something like that but it is a very good step towards a safer internet on the enforcement side as well
An article as initially published at PCinpact (in French – if you are in IE 8 Beta, right click and translate J):
this is a Good Thing?
I though MS had abandoned security through obscurity - i guess not.
I guess you'll be going after the whole publishing industry now - ll those nasty 'how to hack' books - how eveil
<sarcasm>Yes. We should definitely punish someone for disseminating this type of information. That way we can make sure that the only people who have access to it are the criminals. </sarcasm>
What's wrong with this mentality?
(a) Freedom of speech and information alone would dictate that gagging someone for telling how to do something is in itself a crime. It is, or should be, a basic human right to have knowledge.
(2) If only the select few criminals who know how to exploit that code are aware of it, there's less impetus to fix it. Ergo, exposing security holes in such a manner does have the benefit, intentional or otherwise, of raising alarms, informing the masses, and encouraging the corporation responsible to repair the security hole.
(D) Less people trained to test for the specific types of vulnerabilities in question, combined with a fear of being prosecuted for HAVING knowledge, can only lead to a society of carefully crafted ignorance, wherein only those who wear the Black Hat have the know-how to perform security exploits, and those *trying* to wear the White Hat are not only playing catch-up (which is generally the case anyway), but are now being forcibly restrained in what they can and cannot know. It's like being the last one out of the gate, AND being hobbled.
I suppose that's the way MicroSoft likes it - ignorant masses foolishly believing they're secure because the MS advertising machine says it's so - there's nobody to tell them the difference.
Incidentally, enumerating this post (a), (2), and (D) was an existential statement about the reality we're all (not?) living in.
It will be interesting how you see it. When I blogged on Suspended Jail for Hacking Tutorial in France