mailing list archives
Re: Full-Disclosure Digest, Vol 83, Issue 21
From: Valdis.Kletnieks () vt edu
Date: Tue, 17 Jan 2012 14:23:45 -0500
On Tue, 17 Jan 2012 14:13:00 EST, Benjamin Kreuter said:
Looking at that law, I am not even sure that you need to use a flaw to
extract secret info. It looks like something as simple as transmitting
a message to each user that dictates what they are authorized to do is
enough to trigger the law. If I tell you that you are only allowed to
access pages on my site by clicking on links from the index.html page,
and you try entering some other URL, it looks like that would be a
felony -- IANAL though, so perhaps a lawyer can weigh in on this?
Yes, people *have* been prosecuted for playing "twiddle the URL" games
before. I'd have to go dig up a cite, but it's happened (hacker was basically
abusing a site's predictable URL scheme).
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/