On Mon, 22 Feb 2010 20:19:44 GMT, Benji said: > Does that just cover fraud? Surely a database injection counts as > unauthorised access? > > Does this mean that now anyone can start injecting websites and extracting > data, and aslong as they dont use the data to 'commit fraud or dislose > national secrets', or albeit, it cant be proved, that person is safe? That's a gray area. Intent does matter: "naked" - not wearing any clothes. "nekkid" - naked and up to something. Do you want to bet 3-5 in the pen that the DA won't be able to convince a jury you didn't have intent? That's why it's always recommended you have a written "Get out of jail free" card when doing a pen test - that significantly raises the bar to proving you were up to no good.
Attachment:
pgpFkQ8B33T6l.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/