Here we go again - ISP DPI, but is it interception?

Peter Fairbrother zenadsl6186 at
Fri Jul 30 16:57:11 BST 2010

Brian Morrison wrote:
> On Fri, 30 Jul 2010 11:39:02 +0100
> Nicholas Bohm <nbohm at> wrote:
>> Clive D.W. Feather wrote:
>>> Charles Lindsey said:
>>>> Once they have a list of addresses of sites, they they are
>>>> perfectly entitled to visit those sites (as is anybody else) and
>>>> to probe them for malware.
>>> No they aren't. You may recall that, a couple of years ago, someone
>>> was convicted of computer misuse because he probed a site for
>>> malware - to be precise, he put "/.." on an URL.
>> Useful point: do you have a reference?
> Dan Cuthbert. He was trying to make a donation to a Tsunami relief
> charity web site and noted that the site was very slow and thought
> perhaps he might be being phished, so he truncated the URL back to just
> the host name. He was prosecuted for purely that action, possibly
> because as an IT professional the police thought he should realise that
> such an action would be unauthorised.

I don't get it.

If I want to find out whether a site allows directory traversal - some 
sites do, some don't - how else am I going to find out other than adding 
a "/.." ?

And the idea that it could cause damage is ludicrous.

-- Peter Fairbrother

More information about the ukcrypto mailing list