"Nick FitzGerald" <n...@virus-l.demon.co.uk> writes: > According to at least one legal ruling in Germany, it is "hacking" (as > in the negative, illegal kind) to deliberately try to access upper- > level directories of _published_ URLs _if_ the specific URLs to those > resources have not also been made publicly available, _despite_ that > they are necessarily discernible from the published URL.
In the case of the Disasters Emergency Committee "hacker", he was found guilty of "put[ting] ../../../ into the address line" "He was fined £400 for the offence and must pay a further £600 in costs", and "is considering a career outside the IT industry". http://www.theregister.co.uk/2005/10/05/dec_case/ http://www.theregister.co.uk/2005/10/06/tsunami_hacker_convicted/ http://www.theregister.co.uk/2005/10/11/tsunami_hacker_followup/ -- Alan J. Wylie http://www.wylie.me.uk/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
