William Hancock wrote:
a man has been convicted of hacking when he casually and
helpfully reported a security vulnerability to the owners of a
web site, in this case The University of Southern California.
It reads like it was some sort of simple SQL injection and upon
gleaning the information he reported it.
1. Sorry, but that's not what I heard. He also went into the NASA and
other government agencies. Not only did he do "some pentesting"
outside. He actually went in, and from inside did further "things". We
don't know what he did inside, but he did enough to convince a judge
to send him to the the States.
If someone leaves their wallet in the park with no guard or
protection, I pick it up and bring it back to the owner,
the owner didn't want me to have it but I brought it back to
him. Why in the hell should I have to go to jail for returning
it to him, why should I/we be punished for doing the right
2. It's more like you find their wallet, see the credit card inside
and use the credit card for buying stuff to test if the credit card
3. He is not convicted yet, he will be extradited to the US for trial.