The problem with the “justifiable hacking” defence
Two Oxford University students on one of its papers hacked * in to the system to demonstrate flaws there after a tipoff - and now they’re up before the university beaks who are threatening all sorts of ills on them.
The idea that demonstrating flaws per se means you’ve broken the Computer Misuse Act has always seemed strange. It doesn’t allow for the reasonable defence that you’re showing flaws in a system (which is what Raphael Gray claimed). And it certainly makes all the penetration testing that security companies do instantly illegal. Though of course to allow it would allow all the badly-shaven mafia in east Europe to claim they were just demonstrating that various betting sites weren’t set up to withstand a vast ping flood. And then to charge a “consultancy” fee. Which is sort of what they do already. Extortion? No, of course not!
* yes, OK, hacker should in some places read cracker but it’s a very fine distinction.
- These posts might be related (the database thinks..):
- PowerBook reviewed, Google hacking and spam summits lacking spammers (25 February 2005; score: 43.69%)
- Insert witty and wry headline here: Greenpeace leaves a little unedited in its press release (5 June 2006; score: 38.06%)
- Bad Pitch blog explains how not to make bad pitches to journalists (21 August 2006; score: 25.23%)
![[Valid RSS]](wp-includes/images/valid-rss.png "Validate my RSS feed"){kind=small}