| ▲ | ambicapter 16 hours ago |
| What does "incrementing a GET request" mean? |
|
| ▲ | kayge 15 hours ago | parent | next [-] |
| As an example: Take a look at the URL of this page (https://news.ycombinator.com/item?id=45261163). Add 1 to that ID value (45261164) in your address bar. Hit Enter, your browser will GET whatever exists at the next ID. |
| |
| ▲ | rirze 15 hours ago | parent [-] | | Ok, that makes sense but why is this so serious? Is this a grave crime in some context? | | |
| ▲ | ecb_penguin 14 hours ago | parent | next [-] | | Because people think they are clever and are trying to separate the act from the intent. Unlocked doors, open windows, any lack of security doesn't give you permission to enter. Just as "incrementing a GET request" doesn't mean anything outside of the intent. The intent was to do damage. | | |
| ▲ | Dylan16807 4 hours ago | parent [-] | | He did have permission to "enter". He was authorized to use the server. His intent of releasing the data was bad (assuming he started with that intent!) but he wasn't committing any fraud when collecting it. He didn't bypass any authentication or damage the server. CFAA is the wrong law to use. If a restaurant puts a bunch of proprietary documents in a dusty corner of the public lobby, you shouldn't browse through them but you're not breaking and entering if you do so. No matter what your intent is. |
| |
| ▲ | tptacek 15 hours ago | parent | prev [-] | | It's not about the actual HTTP request. Per se unauthorized access is just one predicate in these kinds of cases. It's about what the prosecutors claim you were doing when you made the access. |
|
|
|
| ▲ | mothballed 16 hours ago | parent | prev [-] |
| He incremented a number in the query string of a get request https://www.w3schools.com/tags/ref_httpmethods.asp |
| |
| ▲ | JambalayaJimbo 14 hours ago | parent [-] | | Okay but what information did he obtain by doing that? If I break into a mistakenly locked police station, surely I cannot use the excuse "I was simply turning a door knob" |
|
