Penetration Testing mailing list archives
RE: Interesting conviction
From: "Craig Wright" <cwright () bdosyd com au>
Date: Mon, 10 Oct 2005 14:28:52 +1000
Have a look at - http://www.worldlii.org - this is more authorities than some blog. It is always better to read the actual source - not an uninformed opinion. http://www.casetrack.com/ is easier - but you have to pay and they copyright the material (strange but true since they are not the author). I have not checked if it is published on Wordlii as yet - but it is available on casetrack now. Read the trial notes - there are two main issues 1 He lied to the police to cover his tracks. He stated that he was "using the text based Lynx browser and this often has strange results". The police demonstrated that this was not the case and than he changed his story. The new story was that he just wanted to see if the site was safe as he wanted to donate. This was changed again to he had donated but did not get a reply and wanted to ensure that the site was not a phising scam. Thus he attempted to crack the site to ensure that it was not a scam site. 2 He admitted (after being caught out - see 1) running multiple penetration tests against the site. He was not authorised to preform any of these nor did he have any reason to do so. His council stated that he could easily break into the site, but chose not to. Which is false in itself. I personally believe in forensic evidence over the word of Mr Daniel James Cuthbert. He did not accidentally click links and he lied when caught. He has given no reason to be trusted. I personally do not need to attempt to break into a site to see if it involved with phissing - there are whois etc checks and I doubt that Mr Cuthbert needed to either. He could have even tried www.antiphishing.org Craig -----Original Message----- From: Stu Thomas [mailto:stuart.thomas () mac com] Sent: 10 October 2005 4:40 To: lists () dawes za net Cc: Mike Messick; jay.tomas () infosecguru com; pen-test () securityfocus com Subject: Re: Interesting conviction A little more detail here: http://www.samizdata.net/blog/archives/008118.html and some intelligent debate. On 9 Oct 2005, at 16:40, Rogan Dawes wrote:
Mike Messick wrote:You're quite right! ;-) Here's mine: I think the article's editorial comments about causing problems for security professional and penetration testing are pure crap.[snip]Most laws are written with intent in mind. That Mr. Cutbert didn't intend to do anything bad once he got in is really immaterial - that he *intended to gain entry in an unauthorized fashion* is what constituted the violation and his subsequent conviction.[snip]Just because you don't steal the TV after you crowbar the front door open doesn't mean you won't go to prison for unlawful entry. Or not get shot by the owner (in some states). The fact that you don't have
permission to be there in the first place is what matters (at least under current law).Mr Cuthbert was simply attempting to verify the security of an institution that he had decided to entrust his credit card details to. Granted, one should not try to break into the vault of a bank to check
their security, but I think that his intent was somewhat closer to rattling the lock on the safety deposit box after dropping your money in, to make sure that someone else can't just come along and help themself. Rogan ---------------------------------------------------------------------- -------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------- ---------
-- Stu Thomas Web: http://www.stuartspictures.com ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Interesting conviction jay.tomas () infosecguru com (Oct 07)
- Re: Interesting conviction Mike Messick (Oct 08)
- Re: Interesting conviction Rogan Dawes (Oct 09)
- Re: Interesting conviction Stu Thomas (Oct 09)
- Re: Interesting conviction Stu Thomas (Oct 09)
- Re: Interesting conviction David Dischler (Oct 09)
- Re: Interesting conviction Rogan Dawes (Oct 09)
- <Possible follow-ups>
- Re: Interesting conviction b . hines (Oct 08)
- Re: Interesting conviction b . hines (Oct 08)
- RE: Interesting conviction Jason (Oct 09)
- RE: Interesting conviction Craig Wright (Oct 09)
- RE: Interesting conviction Craig Wright (Oct 10)
- Re: Interesting conviction Mike Messick (Oct 08)