(alexschapiro.com)

561 points bearsyankees | 1 comments | 12 May 25 16:39 UTC | HN request time: 0.202s | source

Show context

tuwtuwtuwtuw ◴[12 May 25 17:05 UTC] No.43965199[source]▶

I m not sure I understand properly. Did he try to hack a random service he encountered? Is that even legal? Where I live (Sweden) it's definitely not legal.

replies(4): >>43965259 #>>43965316 #>>43965357 #>>43965809 #

charcircuit ◴[12 May 25 17:18 UTC] No.43965357[source]▶

>>43965199 #

It's not legal in America either. And he is posting with what may be his real name which adds extra risk.

replies(1): >>43965444 #

bee_rider ◴[12 May 25 17:29 UTC] No.43965444[source]▶

>>43965357 #

I’m not in security (thank goodness, it sounds like a legal minefield). It sounds like this system was so wildly insecure that… I actually kinda wonder what laws specifically he broke.

If you just text out passwords to anybody who asks, are they really doing unauthorized access? Lol.

I’m sure it was illegal somehow, though.

replies(1): >>43966176 #

1. carefulfungi ◴[12 May 25 18:36 UTC] No.43966176[source]▶

>>43965444 #

It is very likely illegal but also discouraged to be prosecuted. From the federal government's guidelines on prosecuting unauthorized computer access (https://www.justice.gov/jm/jm-9-48000-computer-fraud):

> "The attorney for the government should decline prosecution if available evidence shows the defendant’s conduct consisted of, and the defendant intended, good-faith security research."

↑

I hacked a dating app (and how not to treat a security researcher)