What constitutes hacking?
-
Our Government [^] never cease to find new ways to embarrass themselves. It was revealed by a member of the public here [^] that the billing system for "The City of Johannesburg", a.k.a COJ had a serious security flaw. A seriously embarrassing[^] security flaw ... This flaw allowed users to not only view personal account information and statements of other people, but also do so without even having a valid logon, by simply altering the "documentID=" parameter in the URL. This guy, who attempted to alert COJ of this flaw (being ignored) then went public to create awareness. The COJ has now opened a criminal case[^] against him for maliciously hacking there website and exposing confidential information. According to you, does this really constitute hacking? And if it does by some "definition of the law", is it fair for the COJ to prosecute him?
-
Our Government [^] never cease to find new ways to embarrass themselves. It was revealed by a member of the public here [^] that the billing system for "The City of Johannesburg", a.k.a COJ had a serious security flaw. A seriously embarrassing[^] security flaw ... This flaw allowed users to not only view personal account information and statements of other people, but also do so without even having a valid logon, by simply altering the "documentID=" parameter in the URL. This guy, who attempted to alert COJ of this flaw (being ignored) then went public to create awareness. The COJ has now opened a criminal case[^] against him for maliciously hacking there website and exposing confidential information. According to you, does this really constitute hacking? And if it does by some "definition of the law", is it fair for the COJ to prosecute him?
"Well, someone has to take a fall, and I'm not going to blame ME!"
I wanna be a eunuchs developer! Pass me a bread knife!
-
Our Government [^] never cease to find new ways to embarrass themselves. It was revealed by a member of the public here [^] that the billing system for "The City of Johannesburg", a.k.a COJ had a serious security flaw. A seriously embarrassing[^] security flaw ... This flaw allowed users to not only view personal account information and statements of other people, but also do so without even having a valid logon, by simply altering the "documentID=" parameter in the URL. This guy, who attempted to alert COJ of this flaw (being ignored) then went public to create awareness. The COJ has now opened a criminal case[^] against him for maliciously hacking there website and exposing confidential information. According to you, does this really constitute hacking? And if it does by some "definition of the law", is it fair for the COJ to prosecute him?
Technically, it probably is hacking: "To use one's skill in computer programming to gain illegal or unauthorized access to a file or network" The dictionary definition doesn't put a limit on just how much skill in computer programming you need (in this case, pretty much none). The legal definition may do, however - depends on how the law was written. Normally, very badly by people who don't understand what they are legislating against, so don;t get your hopes up. I think he has done the right thing: he tried to alert them, when they ignored him he publicise it. If I was him, I'd start a countersuit that they have been negligent in their protection of his personal data (but that again depends on the law in SA).
This message is manufactured from fully recyclable noughts and ones. To recycle this message, please separate into two tidy piles, and take them to your nearest local recycling centre. Please note that in some areas noughts are always replaced with zeros by law, and many facilities cannot recycle zeroes - in this case, please bury them in your back garden and water frequently.
-
Our Government [^] never cease to find new ways to embarrass themselves. It was revealed by a member of the public here [^] that the billing system for "The City of Johannesburg", a.k.a COJ had a serious security flaw. A seriously embarrassing[^] security flaw ... This flaw allowed users to not only view personal account information and statements of other people, but also do so without even having a valid logon, by simply altering the "documentID=" parameter in the URL. This guy, who attempted to alert COJ of this flaw (being ignored) then went public to create awareness. The COJ has now opened a criminal case[^] against him for maliciously hacking there website and exposing confidential information. According to you, does this really constitute hacking? And if it does by some "definition of the law", is it fair for the COJ to prosecute him?
Local municipal authorities are a bit of a scourge maybe the world over. They have huge power but if they make errors it's always someone else's fault usually one of their constituents. They are made up of individuals whose principal training seems to be covering their backsides. It is probably unlikely they will succeed in prosecuting this individual but I'll wager that they will try very hard and it will end up costing him money.
Peter Wasser Art is making something out of nothing and selling it. Frank Zappa
-
Our Government [^] never cease to find new ways to embarrass themselves. It was revealed by a member of the public here [^] that the billing system for "The City of Johannesburg", a.k.a COJ had a serious security flaw. A seriously embarrassing[^] security flaw ... This flaw allowed users to not only view personal account information and statements of other people, but also do so without even having a valid logon, by simply altering the "documentID=" parameter in the URL. This guy, who attempted to alert COJ of this flaw (being ignored) then went public to create awareness. The COJ has now opened a criminal case[^] against him for maliciously hacking there website and exposing confidential information. According to you, does this really constitute hacking? And if it does by some "definition of the law", is it fair for the COJ to prosecute him?
I kind of feel a mistyped URI does not a hacker make.
Reality is an illusion caused by a lack of alcohol "Nagy, you have won the internets." - Keith Barrow
-
Our Government [^] never cease to find new ways to embarrass themselves. It was revealed by a member of the public here [^] that the billing system for "The City of Johannesburg", a.k.a COJ had a serious security flaw. A seriously embarrassing[^] security flaw ... This flaw allowed users to not only view personal account information and statements of other people, but also do so without even having a valid logon, by simply altering the "documentID=" parameter in the URL. This guy, who attempted to alert COJ of this flaw (being ignored) then went public to create awareness. The COJ has now opened a criminal case[^] against him for maliciously hacking there website and exposing confidential information. According to you, does this really constitute hacking? And if it does by some "definition of the law", is it fair for the COJ to prosecute him?
Maybe. The lawyer in me (don't ask) tells me that they could probably defend that definition. Compare: is stealing something that's trivial to steal still stealing? On the other hand, this is all sorts of stupid. The message here, is "exploiting a security flaw is better than exposing it", or at least that's how people will take this. That can't be a good thing. And besides, this is like not logging out of facebook and then "being hacked" by the next person who uses the computer - they essentially gave access, whether they intended to or not.
-
Our Government [^] never cease to find new ways to embarrass themselves. It was revealed by a member of the public here [^] that the billing system for "The City of Johannesburg", a.k.a COJ had a serious security flaw. A seriously embarrassing[^] security flaw ... This flaw allowed users to not only view personal account information and statements of other people, but also do so without even having a valid logon, by simply altering the "documentID=" parameter in the URL. This guy, who attempted to alert COJ of this flaw (being ignored) then went public to create awareness. The COJ has now opened a criminal case[^] against him for maliciously hacking there website and exposing confidential information. According to you, does this really constitute hacking? And if it does by some "definition of the law", is it fair for the COJ to prosecute him?
I noticed the url is http:// and not https:// - how safe can you expect it to be? :doh:
The report of my death was an exaggeration - Mark Twain
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopes -
Our Government [^] never cease to find new ways to embarrass themselves. It was revealed by a member of the public here [^] that the billing system for "The City of Johannesburg", a.k.a COJ had a serious security flaw. A seriously embarrassing[^] security flaw ... This flaw allowed users to not only view personal account information and statements of other people, but also do so without even having a valid logon, by simply altering the "documentID=" parameter in the URL. This guy, who attempted to alert COJ of this flaw (being ignored) then went public to create awareness. The COJ has now opened a criminal case[^] against him for maliciously hacking there website and exposing confidential information. According to you, does this really constitute hacking? And if it does by some "definition of the law", is it fair for the COJ to prosecute him?
I noticed the site prefix is http:// and not https:// - how secure can one expect it to be.. :doh:
The report of my death was an exaggeration - Mark Twain
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopes -
Our Government [^] never cease to find new ways to embarrass themselves. It was revealed by a member of the public here [^] that the billing system for "The City of Johannesburg", a.k.a COJ had a serious security flaw. A seriously embarrassing[^] security flaw ... This flaw allowed users to not only view personal account information and statements of other people, but also do so without even having a valid logon, by simply altering the "documentID=" parameter in the URL. This guy, who attempted to alert COJ of this flaw (being ignored) then went public to create awareness. The COJ has now opened a criminal case[^] against him for maliciously hacking there website and exposing confidential information. According to you, does this really constitute hacking? And if it does by some "definition of the law", is it fair for the COJ to prosecute him?
It's sad that the city opend a criminal case, but I'm not surprised. This kind of reaction is all too common. I don't think, what the user did was hacking. The data just lay there unprotected. After all even Google indexed the records, if I read the article correctly. So if the city really wanted to make their actions against the user plausible, they would need to sue Google as well. And good luck with that, they'll need it. :D
The good thing about pessimism is, that you are always either right or pleasently surprised.
-
Our Government [^] never cease to find new ways to embarrass themselves. It was revealed by a member of the public here [^] that the billing system for "The City of Johannesburg", a.k.a COJ had a serious security flaw. A seriously embarrassing[^] security flaw ... This flaw allowed users to not only view personal account information and statements of other people, but also do so without even having a valid logon, by simply altering the "documentID=" parameter in the URL. This guy, who attempted to alert COJ of this flaw (being ignored) then went public to create awareness. The COJ has now opened a criminal case[^] against him for maliciously hacking there website and exposing confidential information. According to you, does this really constitute hacking? And if it does by some "definition of the law", is it fair for the COJ to prosecute him?
No, hacking in merely writing code very quickly; I think they mean to charge him with cracking.
-
Our Government [^] never cease to find new ways to embarrass themselves. It was revealed by a member of the public here [^] that the billing system for "The City of Johannesburg", a.k.a COJ had a serious security flaw. A seriously embarrassing[^] security flaw ... This flaw allowed users to not only view personal account information and statements of other people, but also do so without even having a valid logon, by simply altering the "documentID=" parameter in the URL. This guy, who attempted to alert COJ of this flaw (being ignored) then went public to create awareness. The COJ has now opened a criminal case[^] against him for maliciously hacking there website and exposing confidential information. According to you, does this really constitute hacking? And if it does by some "definition of the law", is it fair for the COJ to prosecute him?
MatthysDT wrote:
is it fair for the COJ to prosecute him?
Not really sure that the goal of even the better legal systems is to be "fair". It is instead to administer the law. Although one might claim that prosecutors should be fair since they have discretion. However this is just another case that demonstrates that should one want to expose a problem like this then one should only do it a way that insures that the reporter remains anonymous.
