Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Entering someone's house uninvited is extremely clearly not an appropriate thing to do.

But accessing an unauthorized system? That term is so ill-defined, that it quite literally means you can be prosecuted for modifying a URL and being given back a web page you weren't supposed to see.



It I wasn't authorized, why did the webserver comply?

The fact the webserver willingly gave the information I requested to me (did not 403 or 531), so I must be authorized.


Does that mean that if a door isn't locked, it is an invitation to enter my house? Take a look at the case of Andrew Auernheimer (mentioned in the OP) who could be sentenced up to 10 years in prison for accessing data on a web server that was unsecured (http://www.technewsdaily.com/15581-hacker-found-guilty-despi...)


Sorry, that's not how the law is defined.

You may as well ask, if I wasn't authorized, why did the door open and let me into that stranger's house?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: