[cap-talk] bundling designation and authority

David Hopwood david.nospam.hopwood at blueyonder.co.uk
Wed Oct 12 11:18:54 EDT 2005

Ian G wrote:
> Toby Murray wrote:
>> [more of a somewhat interesting aside]
>> this article from The Register (
>> http://www.theregister.co.uk/2005/10/11/tsunami_hacker_followup/ ) on
>> a recent conviction under the UK's Computer Misuse act for
>> (apparently) making a credit card purchase and then altering the URL
>> in his browser, appending "../../..".
> ...
>> It got me thinking, specifically, if instead he actually DID have
>> permission to access the directory 3 levels up (if it was available to
>> the public, for example), then he (presumably) wouldn't have been
>> convicted.
> AFAICS, the guy was doing due diligence on a site.
> He sent it a message to see how it would respond.

A message with semantics defined by RFC 2396 section 5.2, as it happens.

David Hopwood <david.nospam.hopwood at blueyonder.co.uk>

More information about the cap-talk mailing list