Pretty useless until Maître Éolas won't correct the few important mistakes he made in his blog post.
Olivier pointed them out in his tweets.
If you can read french you shouldn't be reading Maître Éolas (although he's usually great) but Bluetouff's own blog posts:
so, when you found something like that, lease a dedicated server overseas and use it to download everything. once done, go to a cybercafe and download it to a zip file or something similar via http directly to a usb memory.
they can follow your transaction with the company once they find out, but it's going to be a little more difficult.
> Bluetouff ended up admitting in testimony that when he found the documents, he had traveled back to the homepage that they stemmed from, where he found an authentication page, which indicated that the documents were likely supposed to be protected. That admission played a part in his later conviction in the appeals court.
Of course the fine seems absurd to me personally, but this excerpt hints at a couple things one should definitely not do.
everyone knows you only build large public projects there if money change hands. and it usually happens that the gov official get the quotes from all the companies, call the one paying him the most and tell the other quotes and that company submit a little lower than the lowest and get the job, later including several hidden fees, etc.
the, for the sao paulo subway expansion, a journalist did a search and found documents proving all that for that specific job (yellow metro line) and published them.
gov removed the documents, waited for all signs of it ever being indexed to disappear and then sued him. i think the trial is still going and they still deny those documents ever existed.
How can government agencies still can get away with accusing someone of "theft" and accessing a "private computer" and "private documents" when they just publish documents on the web, and the public is consuming them?
The fact that there was a HTTPAUTH protected login page in some up path on the site does not infer that the documents should have been protected.
They are or they are not. And they looked legit, i.e. public.
Esp. with government documents you are safe to assume that they are public, if they are public and look public.
Exactly. Also, the HTTPAUTH is directory based and does not necessarily include subdirectories, just like permissions on all Linux distros. So that doesn't imply in any way that subdirectories should have been private.
I'm really on the fence with this one. As has been pointed out, the fact that there's some auth somewhere on the server doesn't necessarily mean that those specific documents were supposed to be private. However, as a journalist he decided to publish the documents on his blog which I think we can take to mean that he assumed they were, in some way, "juicy." And he wouldn't think that if he didn't at least suspect that they were supposed to be private.
This is all assumption, of course, but I think it's pretty logical assumption.
Still, freedom of the press is a strong right. Though freedom, as they say, isn't free (there can be and often are consequences to exercising your freedoms). In this case I think he's lucky to just get what amounts to a hefty access fee. If he had stumbled onto U.S. documents he may well have found himself taking a ride in a black helicopter.
How many years would he get in prison for this in US? While the interpretation of the law or the law itself are pretty bad here to begin with, at least the punishments are saner for stuff like this. US seems to have both completely terrible and easily abused hacking laws, but also extremely disproportionate punishments.
I don't understand why he's getting fine for that. Those were publicly accessible documents, even though they were intended not to be, as indicated by the login form that Bluetouff admitted to know about.
[+] [-] steeve|12 years ago|reply
[1] http://www.maitre-eolas.fr/post/2014/02/07/NON%2C-on-ne-peut...
[+] [-] zz1|12 years ago|reply
http://bluetouff.com/2013/04/25/la-non-affaire-bluetouff-vs-... http://bluetouff.com/2014/01/10/cher-contribuable-je-te-dema...
[+] [-] sejje|12 years ago|reply
[+] [-] sebastianavina|12 years ago|reply
they can follow your transaction with the company once they find out, but it's going to be a little more difficult.
[+] [-] rch|12 years ago|reply
Of course the fine seems absurd to me personally, but this excerpt hints at a couple things one should definitely not do.
[+] [-] ben0x539|12 years ago|reply
If I go to, say, the twitter homepage, I will find an authentication page, and yet most content on twitter is obviously intended to be public.
[+] [-] chengiz|12 years ago|reply
[+] [-] gcb0|12 years ago|reply
everyone knows you only build large public projects there if money change hands. and it usually happens that the gov official get the quotes from all the companies, call the one paying him the most and tell the other quotes and that company submit a little lower than the lowest and get the job, later including several hidden fees, etc.
the, for the sao paulo subway expansion, a journalist did a search and found documents proving all that for that specific job (yellow metro line) and published them.
gov removed the documents, waited for all signs of it ever being indexed to disappear and then sued him. i think the trial is still going and they still deny those documents ever existed.
[+] [-] whitey-chan|12 years ago|reply
[+] [-] rurban|12 years ago|reply
Esp. with government documents you are safe to assume that they are public, if they are public and look public.
[+] [-] MildlySerious|12 years ago|reply
[+] [-] zacinbusiness|12 years ago|reply
This is all assumption, of course, but I think it's pretty logical assumption.
Still, freedom of the press is a strong right. Though freedom, as they say, isn't free (there can be and often are consequences to exercising your freedoms). In this case I think he's lucky to just get what amounts to a hefty access fee. If he had stumbled onto U.S. documents he may well have found himself taking a ride in a black helicopter.
[+] [-] higherpurpose|12 years ago|reply
[+] [-] nswanberg|12 years ago|reply
Their penalty was a denial of admissions, but their hack of using a specially-crafted URL was about the same.
[+] [-] thomasjoulin|12 years ago|reply
If that's the law, then it needs to change.
[+] [-] fuckpig|12 years ago|reply