Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)
fjmd1a at gmail.com
Wed Aug 4 12:30:23 BST 2010
On 4 August 2010 12:18, Peter Sommer <peter at pmsommer.com> wrote:
> Daniel Cuthbert's aim in executing the directory traversal was not simply to
> truncate the URL to explore the website (which would have been legitimate)
> but to explore the computer holding the webserver (which was not). The
> court decided that he must have known at the time he did it that this action
> was not authorised - thus s 1 CMA is satisfied.
Right. If he was doing directory traversal using ".." to see if the
site had a security vulnerability then he must _ex hypothesi_ have
known that such an access would not be authorised (otherwise it
wouldn't be a vulnerability). Moral: don't probe for exploits.
> Any appeal would have had to be on the basis either that the judge was wrong
> in law or that he reached a conclusion on the facts that no reasonable judge
> could have made.
Not in this case, no. An appeal under s.108 of the Magistrates' Courts
Act 1980 results in a re-hearing of the case, i.e. a fresh trial in
the Crown Court.
Trust me, I'm a lawyer 8-).
More information about the ukcrypto