-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: How impressed have you been with the 2026 Amazon Prime Day deals?
biometrics
Honorary Master
- Joined
- Aug 7, 2003
- Messages
- 71,856
- Reaction score
- 2,239
Aww we missed you ...
speak for yourself the Monza more than makes up for House on the amusing ridiculous front
now we have his FUD infesting newbies to be concerned about
What newbies? That one-time poster is a fellow forumite. Hope his 'internet skills' are good, if not - we will soon know who he is in any event if Sanral decides to press charges.
biometrics
Honorary Master
- Joined
- Aug 7, 2003
- Messages
- 71,856
- Reaction score
- 2,239
Here we go again. You're tedious.
Press charges for what, breaking in through an open door?
Eish,,, actually that deserves another Eish!
At least he/she decided to post anonymously....
Luckily SANRAL did not choose to be anonymous when they made everyone's logins freely available, despite countless public protestations to the fact that they were competent and people should register on their (cough) secure site. The old TRUST ME adage comes to mind, HAHA
Clearly they were ahead of themselves. Any 'reasonable' judge, and reasonable from what I understand is often argued, would have to take that into account.
Last edited:
Oh yes, that will definitely be taken into consideration.
If that was an open web page consisting of all the information, obviously no crime has been committed if you accessed it once and not returned again to view personal identifiable information. (If you accessed the website, found personal identifiable information and returned later again to access it, you are in contravention of the ECT act).
However, in this case, and that of the COJ, this was not the case. In one case you needed to change a number in a url to view information. In the other you needed to get hold of a username and then visit a specific page with the username in the url and then view the source code.
This is where 'reasonable' is tested.
Besides, the COJ case is not about hacking. It is simply about accessing data to which you did not have permission to. The same applies here, but due to the manipulation of the system, hacking is more likely to be proven here.
Edit: I just need to mention that Sanral did not make personal identifiable information available to everyone. Yes, they did have poor security, but this does not justify an offence. Someone who found a way to overcome the poor security announced to others who to do this and this lead to a number of people breaking the law.
Last edited:
But who hacked anything? No-one posted anything about hacking any account - posting URL's are not illegal. Even viewing the source code of a website is not illegal. Methinks some people here are very nervous - Scamral have a lot more to worry about than trying to follow up on people viewing the source of their website, like getting money in to satisfy their big bosses / secret investors.
Semantics....
Will have no influence on the offence committed, the investigation process, decision to prosecute or even the prosecution itself.
requesting a resource by way of URL and automating same URL request mechanism is by no means unlawful nor is inspecting the content delivered by way of HTTP on that request in plain text form (looking at the source). Where a problem can - and note can and establishing the illegality is a non-starter really - is presenting yourself as somebody other than you are or gaining unauthorized access to the system. The CoJ issue is a perfect example of the fact that while the law doesn't set a high threshold the access itself must be unauthorized, in the CoJ the system authorizes access based on the user list - hence not 403 message with a straight 200 OK response. In this case clicking on the links and so on certainly doesn't get close to an offence.
FTFY
With respect, arguing that one has to change a digit in a url to have full access to SECURE information (as categorically stated by SANRAL) amounts to approaching a door that is closed, knocking and turning the handle, and it swings wide open.
Lets not argue the fact that someone got in, lets argue the 'ease' at which someone got in!!! Lets also argue the ramifications of such a security breach on a public that has been nothing short of herded into this by SANRAL, with high voltage electric cattle prods, with a site that practicality insists that you register.
They said it was secure, it was anything but. Do not try and defend the indefensible.
Now the CoJ issue may be different to SANRAL, but they are the same in the blase way they have approached or regarded public security.
Its astonishing!
And they still try and occupy the moral high ground!
Can you just for one moment imagine if banks had to take this stance with regards to their online banking transactions, and where this would leave the banks and the public at large?
It is indefensible.
Last edited:
I said this before in the COJ thread and will say it again. The charges (ECT Act - section 85, 86(1)) does not speak about security, overcoming security, secure information or data, whatever. This specific act and sections merely deals with "Accessing data without authorization".
There are a large number of cases, especially in the ECT act and the Criminal Procedure Act, where the term 'Authorization' has been defined by court. There are even decided cases in the High and Supreme Courts that already dealt with authorization. (In short, for your information, all courts already agreed that authorization is permission given by an individual.)
So, everyone on this forum and many others outside the forum is missing this point and looking at "Server Authorization". Nowhere in this act is "Server Authorization" required. Nowhere in the act does it require any person or company to safeguard data.
I said it before, the case will not be closed. There is almost a 99% chance that the prosecutor will institute prosecution if certain evidence is obtained. There is a 90% chance that the lower courts will convict a person if the evidence are present.
Only in the higher courts - after the conviction - can advocates start to argue the term "authorization" and see if they will be successful. We saw many convictions on this specific act, but no one ever challenged this in a high court.
Last edited:
biometrics
Honorary Master
- Joined
- Aug 7, 2003
- Messages
- 71,856
- Reaction score
- 2,239
You crack me up. You should try stand up comedy.
Please check section 85 and 86(1), which will appear on the charge sheet and point out where this is a requirement.
Would you care to share a smorgasbord of the said institutions involved in this?
Excuse me for being really terse and summarizing the rest. If I understand what you are saying, no orginisation is obligated to secure your confidential data (edit) on their website that they claim is secure?
So if you are a pvt enterprise, like a bank and you adopt that approach, what response would you think you would get?
Again, the law is an ass.
edit again, if you are a GoV institution then well whatever, herd the cattle.
Last edited:
biometrics
Honorary Master
- Joined
- Aug 7, 2003
- Messages
- 71,856
- Reaction score
- 2,239
Here we go again. Broken record much?
No, they have to secure your data.
But, the act and sections under which the charges is laid does not require data to be protected - at all.