Well if that isn’t a great way to ensure nobody comes forward when they find major vulnerabilities, idk what is.
Hope he wins the appeal.
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Enjoy!
Well if that isn’t a great way to ensure nobody comes forward when they find major vulnerabilities, idk what is.
Hope he wins the appeal.
The only thing I see they did wrong was to disclose the vulnerability before waiting for a comment from the software company.
It looks like the charges are from using the credentials they found not just for finding them. It's definitely a crap charge because logging into the DB exposed the wider issue of being able to access other customers records.