Re: Interesting conviction

From: Stu Thomas (stuart.thomas_at_mac.com)
Date: 10/09/05

  • Next message: Stu Thomas: "Re: Interesting conviction"
    Date: Sun, 9 Oct 2005 19:23:39 +0100
    
    

    Yes, there is a little more detail to the issue:

    http://www.theregister.co.uk/2005/10/06/tsunami_hacker_convicted/

    <quote>District Judge Mr Quentin Purdy said: "For whatever reason Mr
    Cuthbert intended to secure access, in an unauthorised way, to that
    computer...it is with some considerable regret...I find the case
    proved against Mr Cuthbert." He was fined 400 for the offence and
    must pay a further 600 in costs.</quote>

    Under UK Law it was proven that he (Cuthbert) had broken the Computer
    Misuse Act (UK) [http://www.opsi.gov.uk/acts/acts1990/
    Ukpga_19900018_en_1.htm]. By attempting and gaining unauthorised
    access he broke the law.
    The ethics and intent were taken into account by the Judge.

    <quote>Mr Purdy, speaking to Cuthbert in the dock, said: "I
    appreciate the consequences of this conviction for you are
    considerably graver than any I can impose. But you crossed an
    inappropriate line, time and expense was expended and anxiety caused.
    That aside, the price may be a heavy one for you to pay." Cuthbert
    lost his job as security consultant at ABN Amro as a result of his
    arrest and has only recently been able to find work.</quote>

    Personally (and not having the full detail other than news articles),
    I don't think he should have done it, no matter what his personal
    feelings and emotions were at the time, perhaps I conjecture he had a
    tipple or two over new years eve? and felt he had a moral right?. He
    should have reported his concerns and his evidence to the police, or
    some other regulatory body, not take the law into his own hands. The
    other side of this is the punishment, the judicial decision, was made
    by the judges interpretations of the act. We are in the business so
    we know how trivial certain kinds of "back-ground-noise" can be, and
    how malicious others can be. The judge cannot (Even the though a
    professional witness was present) hope to understand how common this
    type of act (port scan) is across the Internet (The world). Now it's
    common-law. It would be interesting to see the detail of what he
    actually did, it must have been more than a port scan - we can only
    conjecture...

    Cheers.

    On 9 Oct 2005, at 16:40, Rogan Dawes wrote:

    > Mike Messick wrote:
    >
    >> You're quite right! ;-)
    >> Here's mine:
    >> I think the article's editorial comments about causing problems for
    >> security professional and penetration testing are pure crap.
    >>
    > [snip]
    >
    >
    >> Most laws are written with intent in mind. That Mr. Cutbert
    >> didn't intend
    >> to do anything bad once he got in is really immaterial - that he
    >> *intended
    >> to gain entry in an unauthorized fashion* is what constituted the
    >> violation and his subsequent conviction.
    >>
    >
    > [snip]
    >
    >> Just because you don't steal the TV after you crowbar the front
    >> door open
    >> doesn't mean you won't go to prison for unlawful entry. Or not
    >> get shot
    >> by the owner (in some states). The fact that you don't have
    >> permission to
    >> be there in the first place is what matters (at least under
    >> current law).
    >>
    >
    > Mr Cuthbert was simply attempting to verify the security of an
    > institution that he had decided to entrust his credit card details to.
    >
    > Granted, one should not try to break into the vault of a bank to
    > check their security, but I think that his intent was somewhat
    > closer to rattling the lock on the safety deposit box after
    > dropping your money in, to make sure that someone else can't just
    > come along and help themself.
    >
    > Rogan
    >
    > ----------------------------------------------------------------------
    > --------
    > Audit your website security with Acunetix Web Vulnerability Scanner:
    > Hackers are concentrating their efforts on attacking applications
    > on your website. Up to 75% of cyber attacks are launched on
    > shopping carts, forms, login pages, dynamic content etc. Firewalls,
    > SSL and locked-down servers are futile against web application
    > hacking. Check your website for vulnerabilities to SQL injection,
    > Cross site scripting and other web attacks before hackers do!
    > Download Trial at:
    >
    > http://www.securityfocus.com/sponsor/pen-test_050831
    > ----------------------------------------------------------------------
    > ---------
    >
    >

    --
    Stu Thomas
    Web:  http://www.stuartspictures.com
    ------------------------------------------------------------------------------
    Audit your website security with Acunetix Web Vulnerability Scanner: 
    Hackers are concentrating their efforts on attacking applications on your 
    website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
    login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
    futile against web application hacking. Check your website for vulnerabilities 
    to SQL injection, Cross site scripting and other web attacks before hackers do! 
    Download Trial at:
    http://www.securityfocus.com/sponsor/pen-test_050831
    -------------------------------------------------------------------------------
    

  • Next message: Stu Thomas: "Re: Interesting conviction"

    Relevant Pages

    • RE: Pen-Test and Social Engineering
      ... "see...your network security is penetrable". ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
      (Pen-Test)
    • RE: Pen-Test and Social Engineering
      ... "see...your network security is penetrable". ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
      (Pen-Test)
    • RE: Nortel Contivity 2600
      ... simplicity and security is a combination of things that have been suggested. ... Put the inside interface in a DMZ of its own with an IPS device between ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping ...
      (Pen-Test)
    • Re: Cracking WEP and WPA keys
      ... SecurityFocus wi-fi security mailing list. ... >>802.11G PCMCIA card, and the Linux server was running Samba to talk to ... >>Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • RE: Windows XP SP2 and Security Tools
      ... issues that were in SP2. ... Windows XP SP2 and Security Tools ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are ...
      (Pen-Test)