As was clearly pointed out in the article, he didn't just "find" the hole, he EXPLOITED IT. He did his "research" on the school's system WITHOUT their permission. He was caught. Records of applicants were found on his personal machine and he was (rightfully) charged. There is no gray area here. He is attempting to hide behind the "I'm a security guy, not a hacker" banner and it doesn't work that way. Never has, never will. A job title doesn't give you permission to break into sites willy nilly and have your way with the data. That's ludicrous. The guy got what he deserved, and I hope he does some jail time.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11389/33752#33752