said by nonymous: said by FFH5:
Too many so-called security researchers are just hackers until they get caught. Then they start claiming to be researchers. Real security researchers would contact the company ahead of time and notify the target about what they are doing. Failure to get an ok 1st makes you a hacker and not a researcher.
Depends on what you are doing. I have just stumbled upon flaws occasionally without even trying. So there is no way I would have prewarned anyone as I was not even trying to find the flaw it was just there.
Coming across a flaw accidentally is not hacking. But given the laws as they are about hacking, it would make me leery about reporting it or telling anyone about it. Legally you are completely in the clear, but if someone at a corporation wants to be a jerk, you might have to spend money on lawyers to prove your innocence.--
A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury.