|
WebApp Sec
mailing list archives
Re: Felony For Refreshing A Web Page
From: Charles Miller <cmiller () pastiche org>
Date: Sun, 8 Jan 2006 16:40:45 +1100
On 07/01/2006, at 10:37 AM, zeno () cgisecurity net wrote:
http://yro.slashdot.org/yro/06/01/06/2140227.shtml?tid=123&tid=95
This is a sad, sad world.
I can't help think that this is being blown all out of proportion by
websites like Slashdot which thrive on those "authorities just don't
get technology" headlines.
Most crimes have two components: the actus reus (literally "guilty
act"), which is the thing you do, and secondly the mental state
behind the act, or mens rea ("guilty mind"). It is the mens rea that
is the difference between sticking a knife in someone's throat with
the intent to kill them, and sticking a knife in someone's throat
with the intent to perform a tracheotomy.
The felony in this case is a combination of a particular act --
refreshing a webpage continuously and encouraging others to do so
("hold down F5...") -- and a very particular intention -- "..to help
crash my school server". So rest assured, refreshing a webpage,
linking to a page from Slashdot or just saying "sometimes the site
doesn't load the first time so you might have to hit refresh" remain
perfectly legal in the absence of a mens rea.
You also have to keep in mind that there's only been an arrest so
far, the case hasn't yet gone to trial.
In our adversarial legal system, the _only_ way to find out if
something is a crime or not in the absence of clear judicial
precedent is to take it to court. Prosecutors can't go to a judge and
say "tell us whether this is illegal or not", the only way you can
get a definitive ruling on the correct interpretation of the criminal
law is to arrest someone FIRST, and then put them through a trial
(and if it's a really important point of law, a decade or so in the
various courts of appeal). That's the prosecution's job, just as it
is the defense's job to try to get the case thrown out as early as
possible.
C
-------------------------------------------------------------------------------
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
-------------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Re: Felony For Refreshing A Web Page, (continued)
|
Intro
