Security threats Toolkit
Story: Tsunami appeal site 'hacker' found guilty
Posted by: John Airey (Friday 14 October 2005, 10:52 PM)
Evil Wizard, if you can't believe what I'm saying, have you tried reading RFC3986?
This isn't at all a case of someone attempting to break in. The query he sent is allowable under agreed international standards.
Also, like I said, you can't know if you are allowed to access a page before you send a query, since you can't know for sure that you will get a "200" response from the server. I've visited hundreds of sites that have an "access denied" error at the top level (I've been accessing web sites for thirteen years). By this reasoning I am a criminal. If I mistype a URL and get an "access denied" page, or (as I did recently) edit a URL to get a more up to date software program from a companies server (as they had forgotten to update the link to the newer software) does that make me a criminal?
Also, I need to correct what I said in an earlier post (see, even I can't get it right first time, and I'm not under arrest!). What I meant was a threat when you are arrested are the words "it may harm your defence when questioned if you do not mention evidence that you later rely on in court". Leaving aside the fact that the police shouldn't be giving legal advice, this statement flies completely in the face of article 6 of the European Convention on Human Rights. It is saying (and the judge in this case appears to agree) that you must present everything in your defence right there and then.
Has anyone actually noticed that it was three weeks between the "offence" and arrest? How many of you can remember exactly what you were doing around 15:00 three weeks ago, and can give a full legal defence of it within a few hours of being arrested? None of you? I thought so.
Of course, now that the link that he has followed is on public web sites, Google and MSN search (to name two) will now attempt to access those pages. Does that mean that Eric Schmidt and Bill Gates are going to be arrested?
There is plenty of law to cover web sites being attacked, but section 1 of the Computer Misuse Act isn't part of it. For several years now I have managed the sites I look after on the basis that everything on the public sites is in the public domain, and everything else is secured in some way. That I've done with section 1 of the Computer Misuse Act in mind.
Full Talkback thread
Story: Tsunami appeal site 'hacker' found guilty
-
Wow. Getting responses from ports on a network com... richard -
if there is a building and the front door is... spacelab10000 -
No, it's like walking around trying everyone'... Anonymous
-
"The only reason he did this is because he thought... Anonymous
-
The first person talks about connecting on co... Evil Wizard
-
As a programmer (not just another web surfer) I wo... Anonymous
-
I'm sorry if we offended the programmer -- wh... Matt Loney
-
He claims he was scared that the site was a phishi... Anonymous
-
If you'd like to tell the judge what you think of... Anonymous
-
Go to any security professional and they shou... Anonymous
-
Read the UK law, did he attempt to penet... Anonymous -
I understand that what he did broke... Anonymous
-
Going totally against the flow... John Airey
-
Ok first off the analogy that... Evil Wizard
-
Evil Wizard, what you say is t... John Airey
-
John I dont believe in this ca... Evil Wizard
-
Evil Wizard, if you can't beli... John Airey -
There is an obvious breach of the Computer Misuse... Alex Pinheiro
-
Well if this is now a crime, then come get me righ... Anonymous
