Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)

James Firth james2 at
Tue Aug 3 20:11:07 BST 2010

> >
> > My common sense says that if I am unauthorised to view a web page,
> > then it will return some kind of error which demonstrates that I have
> > not presented valid credentials.
> That occurred to me too, after I wrote previously.  It happens from
> time
> to time that I'm told I'm not authorised to see a page.  Although I
> don't know the procedure for protecting a page or folder in this way, I
> imagine it's trivial to find out and apply it when wanted.

This thinking formed the basis of my original assertion that 

a.) most if not all attempts to use protocols, standards and RFCs should be
exempt from "unauthorised use" prosecution since systems should protect
themselves, with two key exemptions and one clarification:

i.) the entry of username, password, credentials or any field used to
uniquely identify a user or account, when it can be shown that a systematic
attempt has been mate to enter multiple differing combinations of username
and password that could not otherwise be explained eg. by absent mindedness
or use of wrong credentials

ii.) bombardment of packets, correctly formed or otherwise, in an attempt to
cause denial of service

iii.) (clarification) the sending of malformed protocol packets with an
attempt to circumvent security measures.

- Upon further thinking I still cannot see ant truck in running with the
locked/unlocked door analogies.  There are too many differences between the
real and virtual world.

Any attempt to regulate use via established protocols, eg spidering a site
which does not want to be spidered, should be dealt with in the civil courts
as a breach of terms, not a criminal offence under the CMA.

James Firth

More information about the ukcrypto mailing list