WebApp Sec mailing list archives
Re: Felony For Refreshing A Web Page
From: "lakewood1 () copper net" <lakewood1 () copper net>
Date: Sun, 08 Jan 2006 17:26:43 -0800
Hi All, It used to be good law that the 'actus reus' and 'mens rea' constituted a crime, at least that was what the casebooks published. The 'criminal act' and the 'guilty mind' combined to render clear the combination was unlawful. The reasonable question to a law class is: What would be a 'criminal act'? followed closely by What constitutes a 'guilty mind'? A topper would be: What would it take to investigate an individual, a group, a cause or persons you do not like? followed closely by: Would you arrest and imprison a person or persons with no evidence, or hint thereof , that a 'criminal act' or 'guilty mind' exists? Arresting/imprisoning a person or persons because one wants to find out if either or both exists is what we have previously legally prohibited anyone from doing (goes back to English Common Law). Others we have roundly previously blasted when they did this included the Soviets. Finding a 'criminal act' in absence of a 'guilty mind' under our previous law did not constitute a crime. This handled the case where a person unknowingly performed some act that was viewed by other as a 'criminal act', e.g., responding to certain SPAM. Refreshing a web page because 'everyone is doing' it hardly rises to the level of a 'guilty mind'. One may pre-ordain that it does, but then they would be placing themselves well above centuries of legal scholars with more than adequate credentials and experience. An approach 'There has only been an arrest' belongs in other countries not the US. An arrest carries with it a record that can literally destroy lives and careers. A power to arrest anyone at any time for any reason, whether you remember what it was or not, belonged to King George of England. Perhaps some history associated with the Founding Fathers would be appropriate. Our legal system is not the place to find out whether something is a crime or not. The terms 'Administration of Justice' and 'Judicial System' have other definitions and meanings. A 'loose cannon' pops to mind as well. My preferences are consistent with the Founding Fathers in legislation and ideology and extend to include the Bill of Rights. My hope is that history remembers this Country for these contributions and forgets other of more recent vintage. Regards! -Thomas Clark Charles Miller wrote:
On 07/01/2006, at 10:37 AM, zeno () cgisecurity net wrote:http://yro.slashdot.org/yro/06/01/06/2140227.shtml?tid=123&tid=95 This is a sad, sad world.I can't help think that this is being blown all out of proportion by websites like Slashdot which thrive on those "authorities just don't get technology" headlines. Most crimes have two components: the actus reus (literally "guilty act"), which is the thing you do, and secondly the mental state behind the act, or mens rea ("guilty mind"). It is the mens rea that is the difference between sticking a knife in someone's throat with the intent to kill them, and sticking a knife in someone's throat with the intent to perform a tracheotomy. The felony in this case is a combination of a particular act -- refreshing a webpage continuously and encouraging others to do so ("hold down F5...") -- and a very particular intention -- "..to help crash my school server". So rest assured, refreshing a webpage, linking to a page from Slashdot or just saying "sometimes the site doesn't load the first time so you might have to hit refresh" remain perfectly legal in the absence of a mens rea. You also have to keep in mind that there's only been an arrest so far, the case hasn't yet gone to trial. In our adversarial legal system, the _only_ way to find out if something is a crime or not in the absence of clear judicial precedent is to take it to court. Prosecutors can't go to a judge and say "tell us whether this is illegal or not", the only way you can get a definitive ruling on the correct interpretation of the criminal law is to arrest someone FIRST, and then put them through a trial (and if it's a really important point of law, a decade or so in the various courts of appeal). That's the prosecution's job, just as it is the defense's job to try to get the case thrown out as early as possible. C ------------------------------------------------------------------------------- Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh -------------------------------------------------------------------------------
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Felony For Refreshing A Web Page zeno (Jan 06)
- Re: Felony For Refreshing A Web Page exon (Jan 07)
- Re: Felony For Refreshing A Web Page Todd Ellner (Jan 07)
- Re: Felony For Refreshing A Web Page exon (Jan 07)
- RE: Felony For Refreshing A Web Page Ebeling, Jr., Herman Frederick (Jan 07)
- Re: Felony For Refreshing A Web Page Todd Ellner (Jan 07)
- RE: Felony For Refreshing A Web Page Ebeling, Jr., Herman Frederick (Jan 07)
- Re: Felony For Refreshing A Web Page Charles Miller (Jan 08)
- Re: Felony For Refreshing A Web Page lakewood1 () copper net (Jan 09)
- <Possible follow-ups>
- Re: Felony For Refreshing A Web Page Jason Coombs (Jan 07)
- RE: Felony For Refreshing A Web Page Ebeling, Jr., Herman Frederick (Jan 08)
- Re: Felony For Refreshing A Web Page exon (Jan 07)