Observation: You're using the same kind of approach as the "I almost found a vulnerability" and "but I won't be disclosing them, since that will land me in a lot of trouble" as the submitted post does.
You're absolutely correct.
And I completely understand the author's point of view.
By disclosing the vulnerability, I'd be taking a risk of a criminal investigation. This is not a joke. This has already happened at least once in Lithuania.
I have a job, one that has nothing to do with infosec, but I'd be risking that job if I had an ongoing criminal investigation.
By disclosing the vulnerability, I'd be taking a risk of a criminal investigation. This is not a joke. This has already happened at least once in Lithuania.
I have a job, one that has nothing to do with infosec, but I'd be risking that job if I had an ongoing criminal investigation.