Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I wouldn't bash the guy. Someone already let him know about his technical faux pas in a professional manner on his twitter.

My guess is he found this vulnerability on accident, freaked out, and tweeted about it. Probably has limited infosec experience.



Or he cares more about doing the right thing than about following best practices designed to protect the guilty under the guise of helping users.


Idk why u say “designed to protect the guilty under the guise of protecting the innocent”.. it clearly does both. It does protect the innocent. That is a fact! It also does protect the guilty! Both are true. It makes it harder to have a strong view when you must acknowledge both facts I suppose


I don't know, he's tweeted more about the topic: https://twitter.com/lemiorhan/status/935619881143324673

So he's either not reading his replies or he's being deliberately irresponsible. My guess, based on his profile and online behavior, is that he's trying to ride the coattails of getting some exposure online.


Definitely. How many people outside the infosec industry know that responsible disclosure channels exist?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: