Hacker News new | ask | show | jobs
by rnovak 3973 days ago
I think you're confusing "exploit" and vulnerability. An info leak is a vulnerability. Period.

And yes. You completely went around their request, and made this info public without their consent.

Actions like this are THE reason the relationship between vendors and security researchers is strained.

There's a SPECIFIC reason it's considered common courtesy to wait until a vulnerability is patched before public disclosure.

IANAL, but you also violated their ToS by doing this, and if you did this to a site I owned, especially without my consent, I'd be very motivated to contact the proper authorities and pursue civil remedies.
2 comments
ChristianBundy 3973 days ago
> if you did this to a site I owned, especially without my consent, I'd be very motivated to contact the proper authorities and pursue civil remedies.

Actions like this are THE reason the relationship between vendors and security researchers is strained.

link
branchless 3973 days ago
Good grief, Americans and threatening to sue anything that moves.
link
rnovak 3972 days ago
First of all, how do you even know I'm an American? Nothing in my post, my bio, or anything mentions that, so that's quite a sweeping generalization, and baseless assumption.

Secondly, why are "non-americans" cool with breaking other peoples shit without permission?

link
rnovak 3972 days ago
Excuse me? You want to be able to launch an attack, unprovoked, against a server you don't own, without permission, and you want the owner to be cool with that?

You want the owner to be cool with you disrupting business, causing untold financial damage?

PEOPLE like you are the reason that relationship is strained, and the reason the CFAA was written in the first place.

So please do keep "pen-testing" sites you down own without anyones permission, I'm sure you'll end up with a great life that way.

link
gregmolnar 3973 days ago
100% agree!
link
daguava 3973 days ago
All of this info (sans the HTTP 300 issues) is accessible via means which have been specifically GIVEN to users on the statistics and profile page. All I've done is point out combining these lovingly provided sets of information may have a role in what has happened.
link