
An Introduction to Arcade Security - utku1337
https://utkusen.com/blog/an-introduction-to-arcade-security.html
======
peteretep
I think in many jurisdictions, you’re describing a couple of crimes you
committed here in great detail

~~~
gryfft
I dislike write-ups like these where the "researcher" styles themselves some
kind of roguish hero, protecting the world from the lazy and incompetent by
exposing their vulnerabilities for all to see.

I'm not opposed to responsible disclosure. But I think there's a big
difference between finding a vulnerability responsibly (during normal
operations, during a sanctioned pentest/bug bounty) and discovering a
vulnerability illegally and irresponsibly (spending multiple days, specialized
tooling and building a target profile to attack by any vector necessary.) I
think this behavior gets a pass from too many people because hey, it's a cool
fun puzzle that shows how great and smart you are!

This absolutely would not fly in the real world. Imagine deciding to kick down
the doors of small business owners and gloat that they don't have steel doors.
"I'm not here to steal! I'm PROTECTING you! Imagine if I'd been here
maliciously. I'm just going to go tell the world your door is open -- your
customers deserve to know how insecure you are."

------
sgnnseven
I used to work for them as a dev so I'll forward this to the right people
since you didn't get a reply back.

