Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In Germany, the case of a company called "Modern Solution" has gained quite a bit of traction. An IT guy found a password, tried it on the company's phpmyadmin and reported that he could access their data. They sued him and the case went up to the highest German court, which acknowledged the lower court's decision to rule with the company. The IT guy got fined.

https://www.heise.de/news/Bundesverfassungsgericht-lehnt-Bes... (German article)



Some additional relevant information:

When the changes that toughened the § 202 StGB were made in 2007, there were a lot of public rallies against it in which many programmers participated. These were ignored by the politicians in power. This (together with other worrying political events) even lead to a temporary upcoming of a new party (Piratenpartei) in Germany.

The fact that these rallies were ignored by the politicians in power lead to the situation that from then on by many programmers the German politicians got considered to be about as trustworthy as child molesters who have relapsed several times.


Lesson: instead of being the good guy and reporting shit, just sell it on black market.


(playing the devil's advocate here) But that's not the case- if you find someone's physical keys in the street, will try to open the neighbor's door with it? so why is it ok to use a password that you "found" to log into a site?


Curiosity. I once dropped my keys on the way to my leasing office. I searched the entire complex and office for my keys. Then I saw a guy at the mailboxes trying to open each one, one by one.* I asked if he needed help and he just said he found some keys on the ground and wanted to find out who they belonged to. They were mine. And my mailbox was in the other side of the complex so all bets were off for him anyway.

It costs next to nothing to try out a key in multiple places in the same proximity. Once you start going door to door using a random key you found, that's suspicious.

*it occurs to me now that I write this that this behavior is suspicious as well and probably illegal. He should have turned it into the leasing office.


that actually maybe super illegal if they are usps mailboxes.


They... Probably are? They were my complexs mailboxes but only usps has access to them.


Instructions unclear - any key I find now onwards I’ll mail it to this guys leasing office.


No, it's different. I would compare it to my neighbor using a padlock with code combination. It takes 15 minutes to brute-force that. If I tell my neighbor that his padlock is shit and in response he sues me to oblivion, next time I'll just tell local thugs "hey here's the padlock, here's the code, do what you must", zero regrets, if the asshole insists on being an asshole just for the shits and giggles then so will I.


If I don't try the keys in my neighbor's door, how will I know which neighbor they belong?


It's even worse, you find a key that you know belonged to your neighbor so you try it out just in case in his door.


I don't think the common analogy of "key to a house" makes any sense. For starters, a significant portion of people in existence aren't trying to break into your house 24/7.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: