[cap-talk] bundling designation and authority
Ian G
iang at systemics.com
Tue Oct 11 22:51:10 EDT 2005
Toby Murray wrote:
> [more of a somewhat interesting aside]
>
> this article from The Register (
> http://www.theregister.co.uk/2005/10/11/tsunami_hacker_followup/ ) on a
> recent conviction under the UK's Computer Misuse act for (apparently)
> making a credit card purchase and then altering the URL in his browser,
> appending "../../..".
...
> It got me thinking, specifically, if instead he actually DID have
> permission to access the directory 3 levels up (if it was available to
> the public, for example), then he (presumably) wouldn't have been
> convicted.
AFAICS, the guy was doing due diligence on a site.
He sent it a message to see how it would respond.
There ain't no logic beyond that, it's either trust
us because we're an internet site, or don't talk to
us because we're an internet site.
iang
More information about the cap-talk
mailing list