←back to thread

I hacked a dating app (and how not to treat a security researcher)

(alexschapiro.com)
560 points bearsyankees | 1 comments | 12 May 25 16:39 UTC | HN request time: 0.252s | source
Show context
edm0nd ◴[12 May 25 17:16 UTC] No.43965336[source]
> I have been met with radio silence.

Thats when its time to inform them you are dumping the vuln to the public in 90 days due to their silence.

replies(3): >>43965359 #>>43965374 #>>43965518 #
9283409232 ◴[12 May 25 17:18 UTC] No.43965359[source]
Good way to get yourself sued and have possible criminal charges brought up to you.
replies(3): >>43965376 #>>43965385 #>>43965884 #
Buttons840 ◴[12 May 25 18:05 UTC] No.43965884[source]
Yeah. Security researchers face the threat of lawsuits constantly, while those who build insecure apps face no consequences.

We are literally sacrificing national security for the convenience of wealthy companies.

replies(1): >>43966905 #
SoftTalker ◴[12 May 25 20:01 UTC] No.43966905[source]
Well it's kind of like "I walked around the neighborhood trying everyone's front door, I found one unlocked and I could even enter the house and rummage through their personal effects. Just trying to improve the security of the neighborhood!"
replies(2): >>43966936 #>>43967682 #
1. Buttons840 ◴[12 May 25 20:04 UTC] No.43966936[source]
Yes, but the house also has like 250 million people's precious possessions inside, including your own. And foreigners who are not subject to our laws are testing the door constantly. Yes, in this situation it would be like 1 honest researcher also approaching to test the door--seems fine to me.

On second thought, maybe physical buildings are not a good analogy.