Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)

Nicholas Bohm nbohm at
Wed Aug 4 10:44:16 BST 2010

Matthew Pemble wrote:
> On 4 August 2010 08:15, Francis Davey <fjmd1a at
> <mailto:fjmd1a at>> wrote:
>     However, that's all beside the point. This thread seems to be
>     wandering all over the place and this is partly because there's
>     confusion between:
>     * what people think might or might not be morally right in general
>     concerning URL truncation
>     * whether URL truncation constitutes unauthorized access within the
>     meaning of section 1 of the Computer Misuse Act 1990
> Or is the point that people are becoming confused between URL
> truncation and a "Directory Traversal Attack", using the well-known
> '/../' syntax (just the same as, at the time, appending '.' to a .php
> URL often gave you the script source rather than the product)?
> Although Peter's pdf doesn't make it clear although other
> contemporaneous sources
> ( do mention the
> method.

Yes, I certainly confused the two.  What exactly does the "/../" syntax
do, and why does it matter to the host?  (The article you link isn't
explicit enough for me to follow.)

Contact and PGP key here <>

More information about the ukcrypto mailing list