[Owasp-dotnet] Re: [Owasp-london] time to tell the real story

Daniel Cuthbert daniel.cuthbert at owasp.org
Fri Apr 1 03:14:24 EST 2005 

Funnily enough i agree!

the CMA was designed to be so wide open, that when they did catch 
someone who broke into a system, the law was able to come down on them 
like a ton of bricks.
The problem at the moment is that lawyers, and the courts, have no 
understanding of computer security law and thus treat it like normal 
unauthorized entry.

The worst part about this whole saga is that the CCU have destroyed my 
earning capabilities and hence whilst i wait for this to finish, i sit 
at home making music and twiddling my thumbs (so much for this innocent 
until proven guilty lark)

The hearing is next week thursday and yes we do have a brilliant legal 
team and case prepared and i expect some red faces to be shown when we 
do go to court.

Thanks for the support all

Daniel
On 1 Apr 2005, at 01:35, Dinis Cruz wrote:

>  Just for the record:
>
> 	• 	I believe 100% in is innocence,
> 	• 	I think that what is happening with Daniel is one of the biggest 
> injustices that I have seem in a long time
>
>  What is very serious about this case is how the UK's CCU (Computer 
> Crime Unit) and the CPS (Crown Prosecution Service)  are able to 
> prosecute somebody in such manner (being arrested on the workplace) 
> and under such accusations.
>
>  Since this could happen to any of us, we should all take this case 
> very seriously and be involved as much as we can.
>
>  This case just shows how the current version of the UK's CMA 
> (Computer Misuse Act) is completed out of sync with the real-world and 
> is an 'almost' useless piece of legislation which is very inefficient 
> in catching the bad guys, but is very effectively used against the 
> good guys (for example if you tell anybody that they have a 
> vulnerability in their website, server or application you can be 
> reported to the CCU under the CMA).
>
>  In fact we should start a lobby group to put pressure to change this 
> law so that:
>   
>      a) the 'intent' of the 'accuser' is taken into account (the 
> current version of the CAM is used by companies to 'shut-up' anybody 
> that is 'telling them' that about vulnerabilities in their products)
>
>      b) the definition of 'authorized access' is very clear (If you 
> look careful to the current version of the CMA, almost all of us are 
> potential criminals, since It could be argued that we don't have 
> explicit authorization to access most systems we (legitimaly) access 
> during our normal work (note that this could include most software 
> (except probably the Operating System) that we install in our 
> computers
>
>  Just for the record...
>
>  Dinis Cruz
>  .Net Security Consultant
>  DDPlus
>
>  Daniel Cuthbert wrote:
>  Afternoon all,
>
>  As some of you may know, i was recently accused of "hacking" into a 
> charity website.
>  Obviously for legal reasons i cannot go into the full detail, but you 
> can take my word that this charge is so far from the truth, its 
> shocking.
>
>  I never did any hacking, of any form, on the website in question and 
> wouldn't even dream of it. I actually was giving a donation at the 
> time and my concern was with the way the site presented itself and 
> also the security of my personal details (address/credit card etc)
>
>  Unfortunately the downside of this is that the whole thing has 
> destroyed any form of career i had within IT security (but given me 
> time to work on OWASP stuff since I'm not able to work in this 
> industry, thanks to the fine gentlemen who make up the met computer 
> crime unit)
>
>  The next London meeting will be in late April, Ivan Ristic has 
> gratefully offered to sponsor the event, it will be in the same 
> location, but we still need a projector and speakers.
>  Anyone wanting to speak at the next event, please contact me off the 
> list.
>
>  Don't always believe what you read in the papers, they only report on 
> small aspects of the full truth and even then they seem to balls it 
> up.
>
>  Daniel
>
>
>
>  -------------------------------------------------------
>  SF email is sponsored by - The IT Product Guide
>  Read honest & candid reviews on hundreds of IT Products from real 
> users.
>  Discover which products truly live up to the hype. Start reading now.
>  http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
>  _______________________________________________
>  Owasp-london mailing list
>  Owasp-london at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-london
>
>
>
>  ------------------------------------------------------- This SF.net 
> email is sponsored by Demarc: A global provider of Threat Management 
> Solutions. Download our HomeAdmin security software for free today! 
> http://www.demarc.com/Info/Sentarus/hamr30 
> _______________________________________________ Owasp-dotnet mailing 
> list Owasp-dotnet at lists.sourceforge.net 
> https://lists.sourceforge.net/lists/listinfo/owasp-dotnet
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 4873 bytes
Desc: not available
Url : http://lists.owasp.org/pipermail/owasp-london/attachments/20050401/5fda5ba4/attachment.bin

More information about the Owasp-london mailing list