[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000
- To: Full-Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000
- From: "Alan J. Wylie" <shyyqvfpybfher@xxxxxxxxxxx>
- Date: Tue, 22 Jan 2013 13:51:28 +0000
"Nick FitzGerald" <nick@xxxxxxxxxxxxxxxxxxx> writes:
> According to at least one legal ruling in Germany, it is "hacking" (as
> in the negative, illegal kind) to deliberately try to access upper-
> level directories of _published_ URLs _if_ the specific URLs to those
> resources have not also been made publicly available, _despite_ that
> they are necessarily discernible from the published URL.
In the case of the Disasters Emergency Committee "hacker", he was found
guilty of "put[ting] ../../../ into the address line"
"He was fined £400 for the offence and must pay a further £600 in
costs", and "is considering a career outside the IT industry".
http://www.theregister.co.uk/2005/10/05/dec_case/
http://www.theregister.co.uk/2005/10/06/tsunami_hacker_convicted/
http://www.theregister.co.uk/2005/10/11/tsunami_hacker_followup/
--
Alan J. Wylie http://www.wylie.me.uk/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/