Justice versus legality - the case of Daniel Cuthbert | Samizdata.net
some coverage here of the case of Daniel Cuthbert who's been convicted of breach of the Computer Misuse Act for (if the articles I've read are accurate) putting ../../../ into a URL to see if a site he'd just given his credit card to was insecure..
I'm in two minds about this case, on the one hand he shouldn't have done that really it could be construed as an attack and he should've realised that it would trip IDS (although how quiet must they've been in the BT offices that they were investigating ever IDS alarm of that type!)
On the other hand, the Internet is a public place and websites are public resources by definition (unless they have access control configured). what concerns me is that people accessing websites in unusual ways run the risk of being prosecuted.. for example if they see a parameter in a URL and think "I'll just skip ahead by changing that by 5 instead of clicking forward 5 times" ... is that a breach of the computer misuse act..?
also it's waaay to easy to abuse this kind of thing.. how long before someone sends an email with a link which has something like "../../../" in it , causing a recipient who clicks it to appear to be a "hacker"...
Not sure either of those are great reasons, but this case does make me feel uncomfortable for some reason.


Security Geek, Kubernetes, Docker, Ruby, Hillwalking