Quote:
|
Originally Posted by CDSmith
Just a quick question fris. Don't shoot me, I'm just asking....
Did BradShaw hire you to check his setup for exploitable holes?
If not, my question is... are you in the habit of searching out exploitable holes for companies who didn't ask you to do so?
Isn't that kind of like an auto mechanic going into people's garages and working on their car without an invitation?
"HEY! What are you doing to my car??!"
"I'm a mechanic, it's my job. I'm just checking your car for any potential problems"
I wish my mechanic would do that for me.  |
I would like to actually answer this one. If fris would not have done what he had done, Brad wouldn't have known(?) about the issue, thus, if a blackhat found the hole, they could be stealing all of everyones information. Granted, fris might not have respected privacy by posting the info, but he got Brads attention and I am hoping by this point the issue is being resolved with the software. I myself am into pen-testing (just now getting into web-pen-testing) but the same concept applies. Someone has to do it to stay on top of the game, otherwise people will get owned.