| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87wqv5tjfj.fsf@wylie.me.uk> Date: Tue, 22 Jan 2013 13:51:28 +0000 From: Alan J. Wylie <shyyqvfpybfher@...ie.me.uk> To: Full-Disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 "Nick FitzGerald" <nick@...us-l.demon.co.uk> writes: > According to at least one legal ruling in Germany, it is "hacking" (as > in the negative, illegal kind) to deliberately try to access upper- > level directories of _published_ URLs _if_ the specific URLs to those > resources have not also been made publicly available, _despite_ that > they are necessarily discernible from the published URL. In the case of the Disasters Emergency Committee "hacker", he was found guilty of "put[ting] ../../../ into the address line" "He was fined £400 for the offence and must pay a further £600 in costs", and "is considering a career outside the IT industry". http://www.theregister.co.uk/2005/10/05/dec_case/ http://www.theregister.co.uk/2005/10/06/tsunami_hacker_convicted/ http://www.theregister.co.uk/2005/10/11/tsunami_hacker_followup/ -- Alan J. Wylie http://www.wylie.me.uk/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists