Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Interpretation of the Computer Misuse Act


  • Please log in to reply
2 replies to this topic

#1 Stephosticks

Stephosticks

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 11 September 2014 - 12:08 PM

Hello,

I am doing my final year University Project and have chose to do 'vulnerabilities and simulation of web server applications'. The part I am wondering about most right now is the simulation part, which is why I'm asking this question.

Under this act, if I was to make a webpage connected to a server and tested the vulnerabilities from it, would I be liable for prosecution? Also, if I was to host this on a second machine held by me (my own property) and tested it, would I be liable for prosecution?

The only reason I'm asking is, as my tutor said, simulating this practically could very well become illegal, so he suggested to do it in a software based way. So finally if the first two questions would be illegal, how would you go about simulating this in a software based way?

Thanks.

Tl;dr:

Does the computer misuse act apply under a website application you own but on a server if you are testing the vulnerabilities?

Would it apply if you hosted it off a separate machine you own and tested the vulnerabilities?

How would you go about simulating a web server application in a software based way?

BC AdBot (Login to Remove)

 


#2 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,887 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:07:24 AM

Posted 12 September 2014 - 04:12 AM

First of all - welcome to BC !

 

This is a UK Act so I presume you live / work in the UK and are subject to UK law. In situations like these it always helps if you say at least the country in which you operate, the law varies so much from one jurisdiction to another. There is also the question of what jurisdiction is the hosting server operating under, you would probably be subject to their law as well.

 

I am not a lawyer but a very quick perusal of Wikipedia suggests that you might have a problem with a web-site hosted on a server outwith your control unless you had the hoster's permission to do this. There is also the very real risk that your testing efforts might spread beyond the bounds of your own web-site. Forgive me, but students have been known to get things wrong before !

 

As far as I can see there can be no problem with using a computer under your control as the site host since you would be 'authorised' to do what you want with that computer as it is your property.

 

I have seen the question of site testing discussed in the literature and the consensus is that, until some case law appears, it is a gray area. Yes, testing needs to be done but you are interfering with somebody else's computer(s). It is agreed that case law is needed. but it would be (1) inconvenient, (2) probably expensive, and (3) possibly damaging to your prospects of obtaining a well earned degree if you were to be the one around whom the case law developed !

 

Chris Cosgrove


Edited by Chris Cosgrove, 12 September 2014 - 04:15 AM.
Info added


#3 ElfBane

ElfBane

  • Members
  • 775 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:24 AM

Posted 12 September 2014 - 04:59 AM

The only reason I'm asking is, as my tutor said, simulating this practically could very well become illegal, so he suggested to do it in a software based way. So finally if the first two questions would be illegal, how would you go about simulating this in a software based way?



 

I don't know why your tutor was being coy about it. To me when someone says "in software based way", it means virtualization. He wants you to set up your demonstration using virtual machines or virtual servers.  If you only have to do an essay on how to accomplish it, then your task is simplified. But if you have to actually set up the demo in a computer lab you'll need to use your security, networking, and perhaps server skills. I imagine he just wants an essay, because grading 10-20 students worth of an Intrusion/Hacking Demonstration in computer lab would be quite time consuming.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users