[dexterchief]

You are probably correct that what he did is probably unlawful (Canadian law is usually fairly close to US law), I disagree that it was unethical.

In a general sense It's not difficult to find instances of behaviour that, while lawful are far from ethical, so those to things don't necessarily travel together. Some examples: http://en.wikipedia.org/wiki/Sexual_Sterilization_Act_of_Alb... http://en.wikipedia.org/wiki/Canadian_Indian_residential_sch... Obviously this could be a long list...

In this specific instance it seems that his information was exposed by this flaw along with everyone else's. Wanting to verify the safety of your own information feels like a pretty reasonable and ethical thing.

I think I would rephrase your example a little: "Let's suppose you let someone store their stuff at your house you come back home and find them picking on your door lock with a lock picking tool. You ask him "what are you doing?" and he says "I'm just checking is your lock safe. I do it for your security." Would you believe him?"

[alecperkins]

A analogy even more accurate to this case would be: "Let's suppose you let someone store their stuff at your house, and they have previously pointed out a problem with the lock. You come back home and find them picking on your door lock with a lock picking tool. You ask him "what are you doing?" and he says "I'm just checking the lock I said you should fix is safe. I do it for our security."

[puerto]

There are many standards of ethics. I am talking about professional ethics in information security. Example of this: https://www.isc2.org/ethics/default.aspx

If you are in business of finding vulnerabilities in IT systems, you should be aware of it. If for noting else, to save yourself form situations like this.

This guy is not a security professional (yet), but running vulnerability scanners on other people systems definitely puts him in context.