Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000
From: Alan J. Wylie <shyyqvfpybfher () wylie me uk>
Date: Tue, 22 Jan 2013 13:51:28 +0000

"Nick FitzGerald" <nick () virus-l demon co uk> writes:

According to at least one legal ruling in Germany, it is "hacking" (as 
in the negative, illegal kind) to deliberately try to access upper-
level directories of _published_ URLs _if_ the specific URLs to those 
resources have not also been made publicly available, _despite_ that 
they are necessarily discernible from the published URL.

In the case of the Disasters Emergency Committee "hacker", he was found
guilty of "put[ting] ../../../ into the address line"

"He was fined £400 for the offence and must pay a further £600 in
costs", and "is considering a career outside the IT industry".

http://www.theregister.co.uk/2005/10/05/dec_case/
http://www.theregister.co.uk/2005/10/06/tsunami_hacker_convicted/
http://www.theregister.co.uk/2005/10/11/tsunami_hacker_followup/

-- 
Alan J. Wylie                                          http://www.wylie.me.uk/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]