Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Full-Disclosure Digest, Vol 83, Issue 21

From: Valdis.Kletnieks () vt edu
Date: Tue, 17 Jan 2012 14:23:45 -0500
On Tue, 17 Jan 2012 14:13:00 EST, Benjamin Kreuter said:


Looking at that law, I am not even sure that you need to use a flaw to
extract secret info.  It looks like something as simple as transmitting
a message to each user that dictates what they are authorized to do is
enough to trigger the law.  If I tell you that you are only allowed to
access pages on my site by clicking on links from the index.html page,
and you try entering some other URL, it looks like that would be a
felony -- IANAL though, so perhaps a lawyer can weigh in on this?


Yes, people *have* been prosecuted for playing "twiddle the URL" games
before.  I'd have to go dig up a cite, but it's happened (hacker was basically
abusing a site's predictable URL scheme).

Attachment: _bin
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: