Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)

Francis Davey fjmd1a at
Wed Aug 4 12:30:23 BST 2010

On 4 August 2010 12:18, Peter Sommer <peter at> wrote:


> Daniel Cuthbert's aim in executing the directory traversal was not simply to
> truncate the URL to explore the website (which would have been legitimate)
>  but to explore the computer holding the webserver (which was not).   The
> court decided that he must have known at the time he did it that this action
> was not authorised - thus s 1 CMA is satisfied.

Right. If he was doing directory traversal using ".." to see if the
site had a security vulnerability then he must _ex hypothesi_ have
known that such an access would not be authorised (otherwise it
wouldn't be a vulnerability). Moral: don't probe for exploits.

> Any appeal would have had to be on the basis either that the judge was wrong
> in law or that he reached a conclusion on the facts that no reasonable judge
> could have made.

Not in this case, no. An appeal under s.108 of the Magistrates' Courts
Act 1980 results in a re-hearing of the case, i.e. a fresh trial in
the Crown Court.

Trust me, I'm a lawyer 8-).

Francis Davey

More information about the ukcrypto mailing list