|
|
|
|
|
|
by madaxe_again
563 days ago
|
|
|
Yeah, that’s all nice and all but it’s irrelevant in the eyes of the law. Not posting personal information is irrelevant - that he has accessed it and admits doing so, is. Prior disclosure is irrelevant. There’s case law that makes this clear. Not including repro steps is irrelevant as merely disclosing the presence of a vulnerability is enough to fall foul of the CFAA, as the reasonableness test is whether a competent person could with the knowledge given reproduce the vulnerability, to which the answer is almost always yes. They also admit using the vulnerability, which is definitely a violation of the CFAA. I agree wholeheartedly with your sentiment that this is nuts, but this is the way the law has been written and applied, and he is taking a serious risk with this disclosure. |
|
|