[nibbleshifter]

> you're going to play in the grey space between ethical and not, do so responsibility and don't share the exploits with others

Aka "don't get caught".

One of the times I got in bother at the first university I attended was because I kept logging into their production servers as the root user every morning.

Their admins had left a few glaring holes open that I'd patched (and evicted some fellow travellers), but I kept their SSH keys to explore a bit.

One morning one of them happened to peruse the SSH logs, and spotted a pattern where someone on the student network was logging in every morning.

Didn't take them long to work out something was deeply fucked, and they cut my network access before pulling up the contact info they had on file for me and summoning me to their office for a bollocking.

Luckily for me they figured it would be better for their job security if they kept it purely informal as opposed to notifying the university proper and having me face a disciplinary committee.

They never rotated those ssh keys, and I learned the "don't get caught" lesson as opposed to the "don't do this" lesson.