Hosting Provided By

Re: Website "Scanner"

From: Chris Wysopal <cwysopal(at)atstake.com>
Date: Thu Jan 09 2003 - 10:09:53 EST

What does legality have to do with it? Is it technically possible or not? Are there tools freely available to do it or not? Plenty of things are illegal to do with security tools if you are not the owner of the system or authorized by the owner of the system. But these same tools can be used by penetration testers to demonstrate why a site owner shouldn't rely on obscurity of filenames or paths.

I am also not convinced that accessing a file that is not explicitly linked from other published files on a web server is illegal in the first place. They have been cases of people guessing URLs for upcoming corporate press releases, finding prepublished information and sending it to reporters. I have never heard of charges being filed in any of these cases.

Cheers,

Chris

Nelson Sampaio Araujo Junior wrote:

>Well,
Received on Thu Jan 9 14:02:45 2003

This message: [ Message body ]
Next message: Dave Aitel: "Re: Website "Scanner""
In reply to Nelson Sampaio Araujo Junior: "Re: Website "Scanner""
Next in thread: Mary Landesman: "Re: Website "Scanner""
Reply: Mary Landesman: "Re: Website "Scanner""
Reply: Pig Monkey: "Re: Website "Scanner""

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:47 EDT

Do you need help?