Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)
jon+ukcrypto at unequivocal.co.uk
Wed Aug 4 14:29:14 BST 2010
On Wed, Aug 04, 2010 at 01:32:14PM +0100, Francis Davey wrote:
> > If the server operator did not intend to provide access above server root,
> > then they should have configured their server to provide an appropriate
> > (4xx) denial.
> Do we know they did not? You commit an offence of attempt if you try
> to do this even if the server operator has indeed secured themselves
> against unauthorised access. What the web server does or does not do
> is not nearly as important as one might think because of the Criminal
> Attempts Act.
Personally, I think that (attempting to) access http://example.com/
or http://example.com/../ shows little-to-no evidence of knowingly
attempting to access unauthorised data. If however, as is seen
commonly, someone attempts to access something like
or similar, then the user is quite blatantly attempting unauthorised
access and can most certainly be regarded as a criminal.
More information about the ukcrypto