Full Disclosure mailing list archives
Re: Full-Disclosure Digest, Vol 83, Issue 21
From: Valdis.Kletnieks () vt edu
Date: Tue, 17 Jan 2012 14:23:45 -0500
On Tue, 17 Jan 2012 14:13:00 EST, Benjamin Kreuter said:
Looking at that law, I am not even sure that you need to use a flaw to extract secret info. It looks like something as simple as transmitting a message to each user that dictates what they are authorized to do is enough to trigger the law. If I tell you that you are only allowed to access pages on my site by clicking on links from the index.html page, and you try entering some other URL, it looks like that would be a felony -- IANAL though, so perhaps a lawyer can weigh in on this?
Yes, people *have* been prosecuted for playing "twiddle the URL" games before. I'd have to go dig up a cite, but it's happened (hacker was basically abusing a site's predictable URL scheme).
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Full-Disclosure Digest, Vol 83, Issue 21 Mikhail A. Utin (Jan 17)
- Re: Full-Disclosure Digest, Vol 83, Issue 21 Valdis . Kletnieks (Jan 17)
- Re: Full-Disclosure Digest, Vol 83, Issue 21 Benjamin Kreuter (Jan 17)
- Re: Full-Disclosure Digest, Vol 83, Issue 21 Valdis . Kletnieks (Jan 17)
- Re: Full-Disclosure Digest, Vol 83, Issue 21 BMF (Jan 17)
- Re: Full-Disclosure Digest, Vol 83, Issue 21 Nick FitzGerald (Jan 18)
- Re: Full-Disclosure Digest, Vol 83, Issue 21 metasansana (Jan 18)
- Re: Full-Disclosure Digest, Vol 83, Issue 21 Valdis . Kletnieks (Jan 18)
- Re: Full-Disclosure Digest, Vol 83, Issue 21 Benjamin Kreuter (Jan 17)
- Re: Full-Disclosure Digest, Vol 83, Issue 21 Valdis . Kletnieks (Jan 17)