Hacker News new | comments | show | ask | jobs | submit login

CFAA probably does bar research like this; your right to test something for security flaws technically ends where someone else's server hardware begins. In reality, the optics of this vulnerability are so bad that you are vanishingly unlikely to take any legal shit for it. But be careful extrapolating from it. If you have questions about the legality of this kind of testing (and you should): consult a lawyer. Small price to pay.

It's a good find. Congrats.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact