On Tuesday, January 22, 2013, Matt Palmer wrote:
That article doesn't justify security review, it justifies not being a complete knob when someone reports a security hole in your site. There are so many site vulnerabilities these days that they're not news. What *is* news is when the vulnerable organisation goes off the deep end and massively overreacts to the situation.
Report - yes. What this kid seems to have done is - reported it, got thanked for it. Then went ahead and pentested the site to see for himself whether the bug was fixed or not. Which justifies the company asking him to stop I guess - and it definitely justifies the kid's prof chewing him out. Expulsion, maybe not, though the article I read said 14 out of 15 profs in his college voted to boot the kid out. --srs -- --srs (iPad)