Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)
Matthew Pemble
matthew at pemble.net
Wed Aug 4 08:57:35 BST 2010
On 4 August 2010 08:15, Francis Davey <fjmd1a at gmail.com> wrote:
>
> However, that's all beside the point. This thread seems to be
> wandering all over the place and this is partly because there's
> confusion between:
>
> * what people think might or might not be morally right in general
> concerning URL truncation
> * whether URL truncation constitutes unauthorized access within the
> meaning of section 1 of the Computer Misuse Act 1990
>
>
Or is the point that people are becoming confused between URL truncation and
a "Directory Traversal Attack", using the well-known '/../' syntax (just the
same as, at the time, appending '.' to a .php URL often gave you the script
source rather than the product)? Although Peter's pdf doesn't make it clear
although other contemporaneous sources (
http://www.samizdata.net/blog/archives/008118.html) do mention the method.
I would agree with the general comment here that URL truncation is a
perfectly legitimate web browsing method (especially when you are following
a link that gives you an error page.) I wouldn't agree that discussion of
URL truncation in respect of the Cuthbert case (regardless of whether his
conviction was sound either in law or in morality) is particularly relevant.
Matthew
--
Matthew Pemble
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20100804/f994965d/attachment-0001.htm>
More information about the ukcrypto
mailing list