Full Disclosure mailing list archives

Re: Fw: scanning

From: "Lawrence Tang" <tang.luong () gmail com>
Date: Fri, 2 Jun 2006 10:28:54 -0400

According to theregister.co.uk:

"Cuthbert is accused of attempting a directory traversal attack on the
donate.bt.com site which handles credit card payments on behalf of the
Disasters Emergency Committee." (
http://www.theregister.co.uk/2005/10/05/dec_case/) and
"After making a donation, and not seeing a final confirmation or thank-you
page, Cuthbert put ../../../ into the address line. If the site had been
unprotected this would have allowed him to move up three directories" (
http://www.theregister.co.uk/2005/10/11/tsunami_hacker_followup/).

This is legal hair-splitting. Yes, you are right. Who knows whether the
judges would consider "port scanning" just as bad as "illegally attempt of
securing access to a computer" (as defined in the UK "Computer Misuse Act
1990 (c.18)").

----- Original Message ----- From: "Drew Masters" <drewmasters () gmail com>
To: <full-disclosure () lists grok org uk>
Sent: Friday, June 02, 2006 9:33 AM
Subject: Re: Fw: [Full-disclosure] scanning

It's worth looking into the Daniel Cuthbert case in the UK.

Drew

On 02/06/06, Lawrence Tang <tang.luong () gmail com> wrote:
>
> "Vulnerability test" is not "port scan". It could involve attempt to
> "penetrate" or even penetration of the website through a vulnerable

server

> script for instance. In this particular case, we don't know what RA 8792

in

> the Philippines says and/or what Tridel Technologies, Inc did. But in
> general, "port scan" is supposed to be only checking which TCP/IP ports

are

> open for connection without going through the entire process of

connection.

> There is no question of penetration. How could any authority prosecute

this

> legitimately? If I, by mistake, attempt a connection to a site, could I

be

> in legal trouble? How many ports constitute "port scanning"?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: scanning, (continued)
- - Re: scanning Simon Smith (Jun 01)
    - Re: scanning Nightfall Nightfall (Jun 01)
    - Re: scanning Valdis . Kletnieks (Jun 01)
  - Re: scanning c0redump (Jun 02)
    - Re: scanning GroundZero Security (Jun 02)
    - Re: scanning ad () heapoverflow com (Jun 02)
    - Re: scanning Marcos Agüero (Jun 02)
    - Re: scanning Valdis . Kletnieks (Jun 02)
- Re: Fw: scanning Lawrence Tang (Jun 02)
  - Re: Fw: scanning Drew Masters (Jun 02)
  - Re: Fw: scanning Lawrence Tang (Jun 02)
- Re: scanning 0x80 (Jun 02)
- Re: scanning schanulleke . 29172787 (Jun 12)
  - Re: scanning GroundZero Security (Jun 12)
- Re: scanning schanulleke . 29172787 (Jun 12)