> > > > There is no such thing as "Ethical Hacking" in the computer misuse > bill turned act! Hence documentation & making such information public > could easily excite the security organs & concerned stake holders to > the point of having lunch with you (bill is on them). > > Ethical hacking is not spelt out in the Computer Misuse Act and I would not expect them to consider it in the Act. However, Section 5 of this act does specify access granted for one who is not the person authorised to have access to one system, provided that the one authorised to access the system grants or permits the access. This such person is in most cases described as the ethical hacker.
5. Authorised access. Access by a person to any program or data held in a computer is authorised if— (a) the person is entitled to control access to the program or data in question; or (b) the person has consent to access that program or data from any person who is charged with giving that consent. ... ... 8. Unauthorised modification. Modification is unauthorised if— (a) the person whose act causes it, is not entitled to determine whether the modification should be made; and (b) he or she does not have consent to the modification from a person who is entitled. wikipedia: An Ethical Hacker <http://en.wikipedia.org/wiki/White_Hat> is one name given to a Penetration Tester<http://en.wikipedia.org/wiki/Penetration_Tester>. An ethical hacker is usually employed by an organization who trusts him or her to attempt to penetrate networks and/or computer systems, using the same methods as a hacker<http://en.wikipedia.org/wiki/Hacker_(computer_security)>, for the purpose of finding and fixing computer security vulnerabilities. Illegal hacking (i.e.; gaining unauthorized access to computer systems) is a crime in most countries, but penetration testing done by request of the owner of the targeted system(s) or network(s) is not. (I think one of the confusions comes from the use of the word 'hacker'. Programmers claim the rightful use of the term hacker and leaving the term 'cracker' for use to those who are white/black hat hackers) Bottom line, the Act clearly distinguishes between the two. > The Directorate of Public Prosecution > http://www.dpp.go.ug/pespectives_cyber.php > > The Computer Act 2011 > > http://ict.go.ug/index.php?option=com_docman&task=doc_download&gid=57&Itemid=61 > > > A good hack is one where I get in, document what I did to get it, expose > a > > vulnerability, suggest how to plug it... that is a good hack. This is at > the > > very least... > > Again, in Uganda, the math is simple; > Black/White/Grey/Ethical hacker === hacker. > And activities by such a person === hacking. > > I would disagree with that analogy because the Act does not provide a definition of a hack or hacker or hacking. Unless I am reading the wrong document. It does however provide access to definition/understaing of access, authorised or unauthorised. > Hence the only option left for any hacker (White/Ethical) is to remain > Anonymous & his/her exploits secret (The most important law in the > hacking community is: NEVER GET CAUGHT). > > On the flip side, the site is a joomla job and scanning for vulnerable > joomla sites & exploiting them is basic even for a script kiddie with > a little Perl knowledge. > > Aung Khant of yehg.net put together a script available here: > http://yehg.net/lab/pr0js/files.php/joomscan.pl?first_time=1# > > OWASP has a joomla vulnerability scanner (really nice): > > https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project > > and according to section 12 sub-section 3 and 4 of the computer misuse act, it can be argued that you have just committed a crime by providing access to code that can be used to commit a crime. -- Mike Of course, you might discount this possibility, but remember that one in a million chances happen 99% of the time. ------------------------------------------------------------
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
