[guylhem]

> He briefly removed his subdomain and rethought his security systems. It was a really fun week.

Sorry, it is not fun for your friend unless he had an absolute trust in you, and knew you'd help him remove every backdoor/keylogger/etc.

He may have spent a lot of time securing his machine, time he'd rather have invested in different things.

Seriously, don't do that. Just tell him about the obvious weakness - send a proof of concept if needed.

But a friend is more precious that some cracker creds.

[exogan]

I did help him remove the keylogger and explained him what I did. We've known each other since kindergarden. Plus, it was a mutual challenge, a capture the flag situation.

[akerl_]

Nowhere in the article do you ever talk about any kind of agreed-upon challenge where anybody gave you permission to try this kind of exploitation.