Here we go again - ISP DPI, but is it interception?
maryhawking at tigers.demon.co.uk
Sat Jul 31 09:23:50 BST 2010
In message <mailman.0.1280559135.19741.ukcrypto at chiark.greenend.org.uk>,
ukcrypto-request at chiark.greenend.org.uk writes
>On Fri, 30 Jul 2010, Peter Fairbrother wrote:
>| I don't get it.
>| If I want to find out whether a site allows directory traversal -
>some sites | do, some don't - how else am I going to find out other
>than adding a "/.." ?
>And it seems the tsunami hacker didn't even add "/.."
>- he simply truncated the URL, to find a parent or root page.
I'm not sure I can get my head around the laws making this illegal - but
I am sure that if truncating a URL to find a home page *is* illegal, the
majority of ordinary internet users are criminals!
I do it all the time - and it is often the *only* way to find the home
page if you have been sent the URL for a document on a website, rather
than the website itself.
In addition, if a page URL gives an Error message, is it illegal to
knock off bits of the URL until you reach a loadable page?
Who brought the prosecution? I.e. was it a public or police prosecution
or a private one, and did the site owner (who does own a website for
these legal purposes?) claim damages and if so on what grounds?
Is the identity of the organisation launching the particular appeal in
the public domain? I would have thought that the potential reputational
damage to their future activities would have far outweighed any desire
to make a test case example of one individual for doing what everyone
else does all the time ...
(I realise that this list is in the public domain...;-<)
More information about the ukcrypto