Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Legalities - XSS, CSRF, etc
Posted by: SW
Date: January 20, 2010 09:39AM

Hey all!

I don't live in the U.S. or know much about laws anywhere. I've always been curious what exactly that myspace worm got in legal trouble for. The way I look at it is you can type whatever you want into a text box and it's the server's problem how it decides to display it.

What is actually illegal about it? Comments on any other forms security breaking are welcome as well.

Would it be any more legal if the worm were introduced unwittingly by other people through CSRF?

I'm particularly curious because I'd like to spread my own worm which is slightly more malicious (on a different site). It's just such a cool idea to me. If I was heavier into programming I'd probably want to spread all sorts of viruses to screw with peoples' computers just for the sake of it.



Edited 2 time(s). Last edit at 01/20/2010 09:43AM by SW.

Options: ReplyQuote
Re: Legalities - XSS, CSRF, etc
Posted by: PaPPy
Date: January 21, 2010 08:35AM

laws i found about US computer crime
http://www.cybercrime.gov/cclaws.html#recent

xss and csrf is still considered "hacking", it can still damage a computer system, cause damage (downtime, loss of productivity) to systems

if you use it to steal stuff, (money, resources) you can be held accountable for the damages

i think you are missing what this site is for, we dont want your kind here to cause damage to peoples computers just for the sake of it

go post on 4chan or something

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: Legalities - XSS, CSRF, etc
Posted by: sirdarckcat
Date: January 21, 2010 10:25AM

> go post on 4chan or something
hahahaha we should say

titsethics of gtfo

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat



Edited 1 time(s). Last edit at 01/21/2010 10:26AM by sirdarckcat.

Options: ReplyQuote
Re: Legalities - XSS, CSRF, etc
Posted by: PaPPy
Date: January 21, 2010 10:57AM

sirdarckcat Wrote:
-------------------------------------------------------
> > go post on 4chan or something
> hahahaha we should say
>
> titsethics of gtfo


do you mean or?

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: Legalities - XSS, CSRF, etc
Posted by: SW
Date: January 21, 2010 12:13PM

I could see if people wanted to make stealing money and stuff via XSS crimes. The vast majority of cases are much smaller.

Ethics are for the weak and it seems society is getting more and more ridiculous laws to protect every pathetic person from everything.

Options: ReplyQuote
Re: Legalities - XSS, CSRF, etc
Posted by: PaPPy
Date: January 21, 2010 01:09PM

well until you are an expert on those laws(that u seem worried about) id say dont do anything

or learn how to use a proxy, library computer, free wifi, neighbors wifi

but id stay away from the destructive stuff or anti-sec may hunt you down

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: Legalities - XSS, CSRF, etc
Posted by: sirdarckcat
Date: January 21, 2010 07:54PM

hjahaha epic:
>> Ethics are for the weak

More please!! :)

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: Legalities - XSS, CSRF, etc
Posted by: sirdarckcat
Date: January 21, 2010 07:55PM

>> do you mean or?

Oh yes, @SW ethics or tits or gtfo :)

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: Legalities - XSS, CSRF, etc
Posted by: rvdh
Date: January 22, 2010 08:18AM

CSRF is like setting booby-traps, i.e. usually implies pranking rather than serious malicious damage. But you talk about legal issues, then you first must determine the difference between legal and lawful. I think you meant lawful, because breaking legality isn't necessarily an unlawful act. Legal means a rule by society, conduct. Calling people names can be illegal according to consensus, but doesn't imply an unlawful act if there isn't a law against it. Etc. Lawyer fun.



Edited 1 time(s). Last edit at 01/22/2010 08:21AM by rvdh.

Options: ReplyQuote
Re: Legalities - XSS, CSRF, etc
Posted by: SW
Date: January 22, 2010 09:07AM

Yea, I should go to law school to learn to be more political and less idealistic.

Options: ReplyQuote
Re: Legalities - XSS, CSRF, etc
Posted by: PaPPy
Date: January 22, 2010 01:41PM

csrf(either sending a message, or hosting an iframe) and if you use a remote file to pull off xss, can potentially lead back to you or your server...
so IF you do, play it smart

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote


Sorry, only registered users may post in this forum.