Here we go again - ISP DPI, but is it interception?
Peter Fairbrother
zenadsl6186 at zen.co.uk
Fri Jul 30 16:57:11 BST 2010
Brian Morrison wrote:
> On Fri, 30 Jul 2010 11:39:02 +0100
> Nicholas Bohm <nbohm at ernest.net> wrote:
>
>> Clive D.W. Feather wrote:
>>> Charles Lindsey said:
>>>
>>>> Once they have a list of addresses of sites, they they are
>>>> perfectly entitled to visit those sites (as is anybody else) and
>>>> to probe them for malware.
>>>>
>>> No they aren't. You may recall that, a couple of years ago, someone
>>> was convicted of computer misuse because he probed a site for
>>> malware - to be precise, he put "/.." on an URL.
>> Useful point: do you have a reference?
>
> Dan Cuthbert. He was trying to make a donation to a Tsunami relief
> charity web site and noted that the site was very slow and thought
> perhaps he might be being phished, so he truncated the URL back to just
> the host name. He was prosecuted for purely that action, possibly
> because as an IT professional the police thought he should realise that
> such an action would be unauthorised.
I don't get it.
If I want to find out whether a site allows directory traversal - some
sites do, some don't - how else am I going to find out other than adding
a "/.." ?
And the idea that it could cause damage is ludicrous.
-- Peter Fairbrother
More information about the ukcrypto
mailing list