On Tue, 17 Jan 2012 14:13:00 EST, Benjamin Kreuter said: > Looking at that law, I am not even sure that you need to use a flaw to > extract secret info. It looks like something as simple as transmitting > a message to each user that dictates what they are authorized to do is > enough to trigger the law. If I tell you that you are only allowed to > access pages on my site by clicking on links from the index.html page, > and you try entering some other URL, it looks like that would be a > felony -- IANAL though, so perhaps a lawyer can weigh in on this? Yes, people *have* been prosecuted for playing "twiddle the URL" games before. I'd have to go dig up a cite, but it's happened (hacker was basically abusing a site's predictable URL scheme).
Attachment:
pgpLdOzf60HKp.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/