WebApp Sec mailing list archives
Re: Felony For Refreshing A Web Page
From: Charles Miller <cmiller () pastiche org>
Date: Sun, 8 Jan 2006 16:40:45 +1100
On 07/01/2006, at 10:37 AM, zeno () cgisecurity net wrote:
http://yro.slashdot.org/yro/06/01/06/2140227.shtml?tid=123&tid=95 This is a sad, sad world.
I can't help think that this is being blown all out of proportion by websites like Slashdot which thrive on those "authorities just don't get technology" headlines.
Most crimes have two components: the actus reus (literally "guilty act"), which is the thing you do, and secondly the mental state behind the act, or mens rea ("guilty mind"). It is the mens rea that is the difference between sticking a knife in someone's throat with the intent to kill them, and sticking a knife in someone's throat with the intent to perform a tracheotomy.
The felony in this case is a combination of a particular act -- refreshing a webpage continuously and encouraging others to do so ("hold down F5...") -- and a very particular intention -- "..to help crash my school server". So rest assured, refreshing a webpage, linking to a page from Slashdot or just saying "sometimes the site doesn't load the first time so you might have to hit refresh" remain perfectly legal in the absence of a mens rea.
You also have to keep in mind that there's only been an arrest so far, the case hasn't yet gone to trial.
In our adversarial legal system, the _only_ way to find out if something is a crime or not in the absence of clear judicial precedent is to take it to court. Prosecutors can't go to a judge and say "tell us whether this is illegal or not", the only way you can get a definitive ruling on the correct interpretation of the criminal law is to arrest someone FIRST, and then put them through a trial (and if it's a really important point of law, a decade or so in the various courts of appeal). That's the prosecution's job, just as it is the defense's job to try to get the case thrown out as early as possible.
C -------------------------------------------------------------------------------Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh -------------------------------------------------------------------------------
Current thread:
- Felony For Refreshing A Web Page zeno (Jan 06)
- Re: Felony For Refreshing A Web Page exon (Jan 07)
- Re: Felony For Refreshing A Web Page Todd Ellner (Jan 07)
- Re: Felony For Refreshing A Web Page exon (Jan 07)
- RE: Felony For Refreshing A Web Page Ebeling, Jr., Herman Frederick (Jan 07)
- Re: Felony For Refreshing A Web Page Todd Ellner (Jan 07)
- RE: Felony For Refreshing A Web Page Ebeling, Jr., Herman Frederick (Jan 07)
- Re: Felony For Refreshing A Web Page Charles Miller (Jan 08)
- Re: Felony For Refreshing A Web Page lakewood1 () copper net (Jan 09)
- <Possible follow-ups>
- Re: Felony For Refreshing A Web Page Jason Coombs (Jan 07)
- RE: Felony For Refreshing A Web Page Ebeling, Jr., Herman Frederick (Jan 08)
- Re: Felony For Refreshing A Web Page exon (Jan 07)