Following up the Hacking the Information Economy-story, an interesting article from Wired turning things upside down:
"Both Intentia and Reuters agree the Reuters reporter obtained Intentia's financial statement directly from Intentia's website." [...]Interesting... Maybe not a very legal definition; but if the publishing company didn't even bother putting simple password protection on the document before release-time; isn't URL hacking fair play?"I don't see how people are supposed to know what are 'public URLs' vs. 'private URLs' at a website," said security and privacy consultant Richard Smith. "People can't be mind readers."
The Wired article claimed the URL was hard to guess... Here it is:
http://www.intentia.com/w2000.nsf/(files)/Intentia_02_Q3_us.pdf/$FILE/Intentia_02_Q3_us.pdf
It's say fair play to the journalist from Reuters if he/she has seen similar URLs before (I don't know for a fact, but imagine last quaters' results were available at for example
http://www.intentia.com/w2000.nsf/(files)/Intentia_02_Q2_us.pdf/$FILE/Intentia_02_Q2_us.pdf
http://www.intentia.com/w2000.nsf/(files)/Intentia_02_Q1_us.pdf/$FILE/Intentia_02_Q1_us.pdf
You don't need to be a Mensa member to see a pattern...?
You saw it here first... Now Noregian IT news website digi.no announces the same tactic as above...
http://www.digi.no/dtno.nsf/pub/md20021031125425_okv_40969558
©
Anders Jacobsen [extrospection.com photography] |