[ShrigmaMale]

imagine i find a sql injection vuln in a site. i have 2 options:

1. report it like a good person

2. exploit it and dump the whole damn list of hashes

1 is research. 2 is blackhat shit. i agree the anonymization was bad, i agree rolling your own crypto is dumb, i'm arguing by addressing it the way he did, ederer is (consciously) attempting to break the valid role of anonymity and introduce a chilling effect.

there is a big difference between reporting a bug and using a rack of a100s to crack and hold info, with the subtle undercurrent that it could be released.

there's an obvious conflict here. ederer et al. don't like ejmr, so instead of looking to actually help, they went after something totally outside their usual just to be dicks about it.