Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm not a lawyer, but I'm confident that I could not be successfully prosecuted under Canadian law. The law in Canada states that access to computer systems must be "fraudulent and without colour of right" in order to be criminal.

I'm not familiar enough with US law to know if a prosecution could be possible there, but regardless of the law might say I think juries can be influenced by the clear intentions of the accused.



A few months ago, working on a system, I noticed that the URLs seemed to be based directly on a fixed, sequential user ID. It was a system that, in this case, was being used by An Important Company You Have Probably Heard Of.

I was about to see what happened if I changed the number, when I realised that I am a foreign citizen in a country with notoriously unpleasantly drafted laws about computer security.

And then I stopped. It's almost certain that nothing would go awry, but the mere act of gently poking might be interpreted in an unfavourable light. Losing a work visa is very easy and I very much don't want to.


Ever heard of tor?


Tor doesn't necessarily help you.

If you're accessing a system a certain way (i.e. accessing certain parts of an application), then your traffic abruptly stops and a Tor exit node IP picks back up, you're hosed.


So you wait an hour. This is a huge company, apparently, so there's got to be other people using the same part of it.


Sure, that works. The point we were trying to make was merely, "Tor is not a magic bullet. It must be used wisely."


Fair point. But the post I responded to was saying to just give up.

Tor may not be enough. To really be safe, use the precautions in http://pastebin.com/cRYvK4jb (this guy hacked finfisher and got away with it, so they know what they're doing.) Mostly whonix, truecrypt, and tor.

(Come to think of it, why hasn't that post been taken down? Is there nothing against pastebin's tos in there? They took down all the sony leaks.)

I would never go back and forth on the same page between tor and clearnet. I assumed that level of caution was obvious, especially to a fellow hacker (we're talking about vulnerability-noticers here, after all.)


It's just easier not to do something that might, vaguely, break a broadly-drafted law.


> but regardless of the law might say I think juries can be influenced by the clear intentions of the accused.

Indeed, in a sane country where a judge would most likely would throw it out in pretrial you could spend tens of thousands of dollars getting a jury to in a less sane country.


> I'm not familiar enough with US law to know if a prosecution could be possible there, but regardless of the law might say I think juries can be influenced by the clear intentions of the accused.

Possibly true, but US juries are explicitly instructed (ad nauseum) not to do this and potential jurors are often removed from the pool if they seem unlikely to follow through. So, you know, be careful. (addressed less to cperciva than to other readers)


You are blessed to not fall under American jurisdiction.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: