Hacker News new | ask | show | jobs
by eropple 3591 days ago
That's not why his account was closed. His account was closed not for discovering a vulnerability, but for exploiting it.

While his intentions might have been good (and I expect that they were!), that kind of behavior isn't.
1 comments
dx034 3591 days ago
He did not exploit it, he just provided proof. He did not make any money from the traffic and visitors just saw a white page.
link
eropple 3591 days ago
That is exploiting the bug. That is literally exploiting the bug. In the same paragraph where you say he did not exploit the bug, you describe the peripherals of his exploit of the bug.

If he was operating responsibly, he would have applied it to a domain he controlled and provided that as a proof of concept. Instead, he ganked twenty thousand domains. That is at best irresponsible and at worst malicious and DigitalOcean (who I am no fan of, for what it's worth) has no obligation to figure out, or even care, which is which before showing him the door.

link
hatsix 3591 days ago
Doing it once, proof. Doing it 20,000 times... Exploit.
link