[Owasp-dotnet] Re: [Owasp-london] time to tell the real story

Considine, Scott Scott.Considine at npower.com
Fri Apr 1 03:11:08 EST 2005 

I feel like Im missing out on something? Who is this Daniel chap? What has
he done??

 

Scott Considine

Developer

Phone 0113 289 5839 (internal 7780 5839)

-----Original Message-----
From: Dinis Cruz [mailto:dinis at ddplus.net] 
Sent: 01 April 2005 01:36
To: owasp-london at lists.sourceforge.net
Cc: owasp-dotnet at lists.sourceforge.net
Subject: [Owasp-dotnet] Re: [Owasp-london] time to tell the real story

 

Just for the record:

*         I believe 100% in is innocence,

*         I think that what is happening with Daniel is one of the biggest
injustices that I have seem in a long time


What is very serious about this case is how the UK's CCU (Computer Crime
Unit) and the CPS (Crown Prosecution Service)  are able to prosecute
somebody in such manner (being arrested on the workplace) and under such
accusations.

Since this could happen to any of us, we should all take this case very
seriously and be involved as much as we can.

This case just shows how the current version of the UK's CMA (Computer
Misuse Act) is completed out of sync with the real-world and is an 'almost'
useless piece of legislation which is very inefficient in catching the bad
guys, but is very effectively used against the good guys (for example if you
tell anybody that they have a vulnerability in their website, server or
application you can be reported to the CCU under the CMA). 

In fact we should start a lobby group to put pressure to change this law so
that:
 
    a) the 'intent' of the 'accuser' is taken into account (the current
version of the CAM is used by companies to 'shut-up' anybody that is
'telling them' that about vulnerabilities in their products)

    b) the definition of 'authorized access' is very clear (If you look
careful to the current version of the CMA, almost all of us are potential
criminals, since It could be argued that we don't have explicit
authorization to access most systems we (legitimaly) access during our
normal work (note that this could include most software (except probably the
Operating System) that we install in our computers

Just for the record...

Dinis Cruz
.Net Security Consultant
DDPlus

Daniel Cuthbert wrote: 

Afternoon all, 

As some of you may know, i was recently accused of "hacking" into a charity
website. 
Obviously for legal reasons i cannot go into the full detail, but you can
take my word that this charge is so far from the truth, its shocking. 

I never did any hacking, of any form, on the website in question and
wouldn't even dream of it. I actually was giving a donation at the time and
my concern was with the way the site presented itself and also the security
of my personal details (address/credit card etc) 

Unfortunately the downside of this is that the whole thing has destroyed any
form of career i had within IT security (but given me time to work on OWASP
stuff since I'm not able to work in this industry, thanks to the fine
gentlemen who make up the met computer crime unit) 

The next London meeting will be in late April, Ivan Ristic has gratefully
offered to sponsor the event, it will be in the same location, but we still
need a projector and speakers. 
Anyone wanting to speak at the next event, please contact me off the list. 

Don't always believe what you read in the papers, they only report on small
aspects of the full truth and even then they seem to balls it up. 

Daniel 



------------------------------------------------------- 
SF email is sponsored by - The IT Product Guide 
Read honest & candid reviews on hundreds of IT Products from real users. 
Discover which products truly live up to the hype. Start reading now. 
http://ads.osdn.com/?ad_id=6595
<http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click>
&alloc_id=14396&op=click 
_______________________________________________ 
Owasp-london mailing list 
Owasp-london at lists.sourceforge.net
<mailto:Owasp-london at lists.sourceforge.net>  
https://lists.sourceforge.net/lists/listinfo/owasp-london
<https://lists.sourceforge.net/lists/listinfo/owasp-london>  





**********************************************************************

The information contained in this e-mail is confidential and intended only
for the use of the addressee. If the reader of this message is not the
addressee, you are hereby notified that you have received this e-mail in
error and you must not copy, disseminate, distribute, use or take any action
as a result of the information contained in it.

If you have any queries, please contact the IT Service Desk on 1870
(01384-275454).

postmaster at npower.com

**********************************************************************

------------------------------------------------------- This SF.net email is
sponsored by Demarc: A global provider of Threat Management Solutions.
Download our HomeAdmin security software for free today!
http://www.demarc.com/Info/Sentarus/hamr30
_______________________________________________ Owasp-dotnet mailing list
Owasp-dotnet at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owasp-dotnet




This e-mail is provided for general information purposes only and does not constitute investment or transactional advice. For  the avoidance of doubt the contents of this email are subject to contract and will not constitute a legally binding contract.

The information contained in this e-mail is confidential and intended only for the use of the addressee. If the reader of this message is not the addressee, you are hereby notified that you have received this e-mail in error and you must not copy, disseminate, distribute, use or take any action as a result of the information contained in it.
    
If you have received this e-mail in error, please notify postmaster at npower.com (UK 01384 275454) and delete it immediately from your system.
    
Neither Npower nor any of the other companies in the RWE Npower group from whom this e-mail originates accept any responsibility for losses or damage as a result of any viruses and it is your responsibility to check attachments (if any) for viruses.
Npower Limited Registered office: Windmill Hill Business Park, Whitehill Way, Swindon SN5 6PB. Registered in England and Wales: number 3653277.  This e-mail may be sent on behalf of a member of the RWE Npower group of companies.

**********************************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-london/attachments/20050401/28ca23ed/attachment.html

More information about the Owasp-london mailing list