Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Full-Disclosure Digest, Vol 83, Issue 21
From: Valdis.Kletnieks () vt edu
Date: Tue, 17 Jan 2012 14:23:45 -0500

On Tue, 17 Jan 2012 14:13:00 EST, Benjamin Kreuter said:

Looking at that law, I am not even sure that you need to use a flaw to
extract secret info.  It looks like something as simple as transmitting
a message to each user that dictates what they are authorized to do is
enough to trigger the law.  If I tell you that you are only allowed to
access pages on my site by clicking on links from the index.html page,
and you try entering some other URL, it looks like that would be a
felony -- IANAL though, so perhaps a lawyer can weigh in on this?

Yes, people *have* been prosecuted for playing "twiddle the URL" games
before.  I'd have to go dig up a cite, but it's happened (hacker was basically
abusing a site's predictable URL scheme).

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]