Select Page

Daniel Cuthbert, a security expert, was suspicious of a a charity site for Tsunami victims and performed a simple test. He ended up getting convicted of gaining unauthorized access. 

Man, that was BS.

From CNET today (link here):

Martin O’Neal, director at Corsaire, confirmed Friday that Cuthbert had actually joined the company before his trial. O’Neal, though, isn’t worried that one of his employees is a high-profile breaker of the Computer Misuse Act (CMA).

“The reason being, we’ve known Daniel for a long time. He was well known in the security industry, even before the case. His integrity has never been called into question,” O’Neal told ZDNet UK on Friday.

Cuthbert was found guilty under the Computer Misuse Act of gaining unauthorized access to an appeal site for victims of the Asian tsunami in December 2004. Cuthbert said in court that he had made a donation and then became concerned that he’d fallen victim to a phishing scam. To check, he added “../../../” to the URL in an attempt to access the site’s higher directories–an action that triggered an alarm.

Security experts and ZDNet readers have expressed concern about the conviction. O’Neal shares this view.

“As for the conviction, it’s frankly ridiculous. It highlighted how untried and untested the CMA is. The main problem is how you define unauthorized access and intent in the context of an open Web server,” O’Neal said.

Yup.

Alex Eckelberry