[cap-talk] bundling designation and authority

David Hopwood david.nospam.hopwood at blueyonder.co.uk
Wed Oct 12 11:18:54 EDT 2005


Ian G wrote:
> Toby Murray wrote:
> 
>> [more of a somewhat interesting aside]
>>
>> this article from The Register (
>> http://www.theregister.co.uk/2005/10/11/tsunami_hacker_followup/ ) on
>> a recent conviction under the UK's Computer Misuse act for
>> (apparently) making a credit card purchase and then altering the URL
>> in his browser, appending "../../..".
> 
> ...
> 
>> It got me thinking, specifically, if instead he actually DID have
>> permission to access the directory 3 levels up (if it was available to
>> the public, for example), then he (presumably) wouldn't have been
>> convicted.
> 
> AFAICS, the guy was doing due diligence on a site.
> 
> He sent it a message to see how it would respond.

<geeky>
A message with semantics defined by RFC 2396 section 5.2, as it happens.
</geeky>

-- 
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>



More information about the cap-talk mailing list