
Casino Screwup Royale: A tale of “ethical hacking” gone awry - furcyd
https://arstechnica.com/information-technology/2019/03/50-shades-of-greyhat-a-study-in-how-not-to-handle-security-disclosures/
======
_red
Let's get this straight:

Someone goes house to house trying to open windows, finds your is open. Then
incredibly, they call the FBI and gets an agent to accompany them for a
personal visit. You, the stunned homeowner, are now presented with the FBI
telling you that they've discovered your house is extremely
insecure...meanwhile this same shady person with a criminal past is now
hitting you up for a $60K "consulting bill" to teach you how to lock your
windows.

While all this is going on you are actively trying to sell your house and you
worry this whole FBI-shake down artist saga will torpedo the sale. You happen
to be holding an open house this to invite prospective buyers. Coincidentally,
the "security expert" suddenly appears at that exact moment to discuss "your
houses security issues and his unpaid bill"

Does that about cover it?

The entire "lets search shodan and become a security disclosure company" is
shady...

