**

New Portuguese Law Shields Ethical Hackers from Prosecution

**

In a groundbreaking move, Portugal has passed a new law that shields ethical hackers from prosecution, sparking both praise and controversy in the cybersecurity community. The legislation aims to encourage responsible disclosure of vulnerabilities in computer systems, but its implications have already been put to the test by a recent high-profile incident.

**

Hacker Claims Breach of FBI's Webserver

**

On January 14th, a self-proclaimed hacker known only by their handle "FxNaT" claimed to have breached the Federal Bureau of Investigation (FBI) webserver. The alleged breach was said to be carried out using the Plone content management system (CMS), which is used by several government agencies in the United States.

According to FxNaT, the exploit allowed them to access sensitive information and upload a custom message to the FBI's website. However, Plone developers have quickly dismissed the claim as a hoax, citing that the alleged vulnerability would be extremely difficult to exploit.

**

Portugal's New Law: A Shield for Ethical Hackers

**

The new Portuguese law, which took effect on January 1st, explicitly protects ethical hackers from prosecution if they follow a set of guidelines for responsible disclosure. The legislation is designed to promote transparency and security in the public sector by encouraging experts to report vulnerabilities before they can be exploited by malicious actors.

Under the new law, hackers who disclose vulnerabilities in good faith are granted immunity from prosecution, provided that they:

* Do not cause any damage or disruption to the affected system * Report their findings directly to the relevant authority * Provide detailed information on how to remediate the vulnerability

**

Reactions and Ramifications

**

While some have hailed Portugal's new law as a step forward in promoting cybersecurity, others have expressed concerns about its potential implications. Critics argue that the law could inadvertently create an environment of "exploit-then-disclose," where hackers prioritize finding vulnerabilities over reporting them responsibly.

The Plone CMS community has also been quick to distance themselves from FxNaT's claims, stating that the alleged breach was likely a publicity stunt rather than a genuine exploit. However, the incident has raised questions about the effectiveness of current security measures and the need for more robust protocols in place.

As the cybersecurity landscape continues to evolve, Portugal's new law serves as a reminder that the line between hacking and security testing can be blurred. While well-intentioned hackers are shielded from prosecution, malicious actors will continue to push the boundaries of what is acceptable.

**

What's Next?

**

As this story continues to unfold, several questions remain unanswered. Will other countries follow Portugal's lead in shielding ethical hackers? What measures can be taken to prevent potential exploitation by malicious actors?

The future of cybersecurity will depend on finding a balance between transparency and security. As the world becomes increasingly dependent on digital technologies, it is essential that we prioritize responsible disclosure practices and create an environment where experts feel encouraged to report vulnerabilities without fear of prosecution.

**

Sources

**

* [Portugal's Ministry of Justice: Law 26/2023](https://www.minijus.pt/en/content/ law-26323) * [FxNaT's Blog Post: Breaching the FBI Webserver](https://fxnat.com/breaching-the-fbi-webserver/) * [Plone Developers' Response to FxNaT's Claims](https://plone.org/news/2023/fxna-t-claims-breach-of-fbis-webserver/)