[doublerabbit]

Why and what gives you the right to tell them off?

Hacking is hacking. If they wish to risk it, what's your problem?

They know the risks. Everyone knows hacking is illegal. Same with selling drugs; illegal yet folk do. Same premise. Get caught; no sympathy given.

"People may get hurt"? $country throw folk in to war; it's a harsh world we live in.

Bug bounty's are only the new norm because the younger audience want validation and compensation for their skills or that companies are being cheap to ensure security.

During my era of internet bug bounties were non-existent. You either got hired or you went to jail.

In my case I got fired from a bank accidentally boasting that I could replace printer status messages with "Out of Ink - please insert more blood". Granted I was 17.

Being banned from using any computer at school for discovering a DCOM exploit using Windows 98 Help resulting in being denied from doing my IT GCSE and from two colleges.

Or being doxxed by another hacker group for submitting their botnet to an AntiVirus firm. Good times, a living nightmare for my parents.

[rafram]

It’s a free country, etc. Obviously I have the “right” to comment a warning on the internet.

The point of bug bounties isn’t “validation” (as if old-school hackers didn’t want validation!), it’s that companies with responsible disclosure programs explicitly allow you to pentest them as long as you follow their guidelines. That removes the CFAA indictment risk. The guidelines generally aren’t much stricter than common sense (don’t publish user data, don’t hurt people, give them time to patch before publishing).

Unfortunately, the existence of bug bounties has made some people forget that hacking a company without an agreement in place is still a crime, and publishing evidence of crimes to a wide audience on the internet is a bad idea.

Most of what you’re saying just seems like nostalgia talking. Isn’t it better that hackers today have a way to find real vulnerabilities without going to jail?

[doublerabbit]

> It’s a free country, etc.

But it didn't come across a warning. "You need to stop" is a demand not a warning. And I would like to believe they would know this when post online. if not /shrug.

Maybe they're working on behalf of an organization, a country that doesn't follow CFAA; Russia, China? Maybe they're state sponsored or under protection. They're obviously not stupid if they can infiltrate Fast-Food chains and social engineer others but I've been wrong before.

> is a bad idea

I would be surprised if they didn't. If not, okay well if shit hits the fan; no sympathy for me. Unlucky. They're doing it at their own risk.

> Isn’t it better that hackers today have a way to find real vulnerabilities without going to jail?

A doubled edged sword, I personally wouldn't count them as hackers. They're not hacking, they're penetrating based on T&C of an agreement. Yes, it could be called "ethical hacking" but I still wouldn't call it hacking.

A hacker is one who gains unauthorized access to computer. Hacking isn't such when your granted restricted access on a basis of T&C.

> Isn’t it better that hackers today have a way to find real vulnerabilities without going to jail?

I don't disagree, if that's your skill then go for it. It's the safest route allowing you to harness your skills, and which may provide future prospects. A dispensary selling drugs is better than the dealer on the corner of the street.

"To hack a bank" is different then to "hack a bank based on some agreement". One carries more weight then the other. Your penetrating a bank on an agreement. Your not hacking.

Bug bounty hunters to have faced jail, lawsuits, or threats — even when acting in good faith, it doesn't make you invulnerable.

I admire the persona of who this is, their acts highlights concern to us who use such conveniences. It exposes truth and tackles the issue at hand where others may exploit you because of. It shows negative light to corporations that many folk who daily.

Their title as on their blog "Ethical Hacker" I would say suitable to describe them as that. It's not like they're siphoning money off folk from ransomware.

> Most of what you’re saying just seems like nostalgia talking.

What I was demonstrating as someone who's been in trouble due to misunderstanding computer mishaps as a teen back when, also to establish my point that I know what I am talking about.

Yeah, it turned in to a nostalgia trip. I'd call myself more of a script kiddie and one who I'd see myself as white-hat.

Black-hat can be interesting however my moral compass has caught up with me and that my life has more worth that it would be jeopardous to do such besides I don't have the time and among other things.

[mixdup]

>what gives you the right to tell them off?

The US Constitution? (lot of assumptions of locations here, insert your charter of freedoms/other guarantor of rights here if parent comment OP is not in the US)