Hacker News new | past | comments | ask | show | jobs | submit login
5 months ago | hide | past | web | favorite

This is one of those things, in light of the continual expansion of the Computer Fraud and Abuse Act, that I'm not sure I'd make a blog post about. Kinda neat though.

Yeah this is almost certainly illegal, yet a very fun and accessible post. Myself, would have posted anonymously though.

How was it illegal? He was inside the club, was given the valid password, and therefore was explicitly granted access.

Ah missed that part. That’s SLIGHTLY safer, but I’d personally still be paranoid. “He used his knowledge of the code to publish HACKING instructions on a website called HACKER NEWS. The prosecution rests.”

You’d be lucky if they don’t drop a “darknet” in there as well.

Explain that to the jury or your cellmate.

He was given permission to access, not permission to brute-force (blogged about it too.) Even if technically legal, why poke the bear? Lawyers cost $1000 an hour.

Remember that burden of proof is on them...

'I'd like my lawyer'

Why? They were already permitted access by having the password in front of them.

Yeah you might be right. How do I flag this for deletion? Any mods seeing this, could you remove it?

To reach them mods directly, you can email them via the Contact link in the footer.

Rather than the strange threading logic (perhaps using a threadpool executor [0] would be a better idea), I’d encourage you to check out aiohttp [1] instead of requests.

[0] https://docs.python.org/3/library/concurrent.futures.html

[1] https://docs.aiohttp.org/en/stable/client.html

deco is easy to use way to do all the hard parts of multiprocessing pool in python


Link now returns a 404.

Even more entertaining: "Hi! I’m JonLuca DeCaro. I’m currently a Software Engineering Intern at Google. Before this I was a Security Engineer at Apple."

"Oh shit, I might lose my job over this post."

And posted about it on his own subreddit.


@jonluca, did you try sending the password an array of all passwords? [0001, 0002, ... 9999].

If that works, you can probably use a binary approach to split the set out.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact