Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Off topic: what is sensitive information on a website?

from [Griffiths, Ian] Network Security [Permanent Link]
Subject: Re: Off topic: what is sensitive information on a website?
Date: Fri, 28 Jan 2005 15:46:48 -0000 
Responses based on my current understanding of the law are inline.

----- Original Message ----- 
From: "Dave Ryan" <dave@mongers.org>
To: <webappsec@securityfocus.com>
Sent: Friday, January 28, 2005 12:24 PM
Subject: Off topic: what is sensitive information on a website?



        if I attempt to inject SQL into a database to return data, but
        this data has not been marked sensitive (i.e. the site security
        policy is not communicated to the user) am I committing a crime?


Yes, assuming that you wouldn't have access to that same data through
authorised means.


       is the site in
       olation by not affording the information adequate protection?


Yes, assuming that there isn't a disproportionate amount of effort required
to secure things, ie. if the system is secure bar an unknown and previously
undisclosed vulnerability you are OK.  If the policies are lazy and
vulnerabilities are not acted upon, yes.


        have I committed a crime by putting the system into a
        state where it generates an error code (assume the system has
        not been damaged/modified/etc due to this activity).


No, unless someone can prove your intent of a larger attack.


    must I be informed of what constitutes misuse on
    each website I visit?


No.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Off topic: what is sensitive information on a website?, Dave Ryan
Next by Date:  Re: Off topic: what is sensitive information on a website?, Martin Mačok
Previous by Thread:  Off topic: what is sensitive information on a website?, Dave Ryan
Next by Thread:  Re: Off topic: what is sensitive information on a website?, Martin Mačok
Indexes:  [Date] [Thread] [Top] [All Lists]