What is this?

As somebody who is in the Infosec/Cybersecurity industry, it is common knowledge that the laws relating to Hacking and Cybersecurity are laughably out-of-date, and as a result, it is technically prosecute somebody just for visiting a website and clicking a button.

In order to raise awareness about this issue, I decided to make this website to show everybody (including those not technically-savvy) just how riduclous the current laws are, and hopefully drive some change.

Legal Poll:

Is it illegal to access a completely open MongoDB database?

No username, no password, no auth at all. Is viewing the records illegal?

— pry0cc (@pry0cc) February 12, 2019

References

Wait, how is this illegal?

According to the Computer Misuse Act of 1990 in the UK, unauthorised access to computer material, punishable by 12 months' imprisonment (or 6 months in Scotland) and/or a fine. So viewing a page that is unauthorised (in the UK) is illegal. And especially clicking a button that it says not to click!

Why is this important?

It's important to understand where the lines are, is it illegal for a security researcher to stumble across a completely unsecured database? And then view the records in it? If so, why? Why is that any different to loading a web page? On a network level, it's a very similar process. That is why I am calling for the laws to be either updated, or clearly defined and classified

Press

Do you have a following or are part of the press and want to further this cause? If so - share this page.