
How I Hacked DePauw University Using Hidden Inputs - foob
https://medium.com/@thomasring/how-i-hacked-depauw-university-using-hidden-inputs-79377c3dca7e
======
sbierwagen
Unless you have some kind of legal protection, (Work for Google Project Zero,
the NSA, or live in a country with no extradition treaty with the US) always
disclose anonymously. If they ignore you, full disclose.

Nontechnical institutions are embarrassed by security problems, and will
always seek to retaliate. When they did stuff like this in the 80s, you could
call it simple ignorance, but 30 years later you can only call it a durable
pattern of behavior.

------
fred_is_fred
Don't ever expect the emperor to be grateful when you point out that he's not
wearing clothes.

