Friday, February 1, 2013

Student get expelled after testing vulnerability that can expose thousands

A classic story: someone finds a vulnerability that could be used to expose confidential information, reports it, checks later and gets pinned for that.

In this case, the student was explicitly told not to test anything further, which he breached.

The story on the Full Disclosure blog.

Quick reminder: if you don't have the explicit permissions of the system administrator, a contract with the management or any kind of document that shows you are authorized in a way or another: don't try to break into a computer. If the guy on the other end is not a good sport, you may end up in trouble. Even if you did it for the good cause.