Hacker News new | past | comments | ask | show | jobs | submit login

I was just bypassing a some trivial key check on the door. To say I was "messing with the door" is FUD, and whether I was breaking and entering is a question for lawyers and a judge.

The owner gave me a key to the lobby so I could pay to get an all-access key. As it turns out, I can just walk past the lobby and that key actually opens all doors in the building. Whether or not it's illegal to use it to access whatever I want is a question for lawyers and a judge.

That's not what's happening here. This is more like trying the key on every door, finding a cleaning closet unlocked and crawling through the ventilation ducts to get in.

I think it's pretty close to the reality. The lobby is wide open (viasat's payment gateway), but if you just use the viasat lobby key (viasat.com SNI) on any other door (IP address) it allows you access. They could prevent you from getting to the doors in the first place (whitelisting MAC address to access anything other than a whitelist of IPs instead of just TLS SNI whitelisting) but they don't, as it's especially evident when they allow other protocols when the connection is not encrypted.

Try this:

The lobby is not locked. Neither are any of the doors leading out from it. There is a cashier in the lobby and a sign with ticket prices for the different doors.

In that situation, opening the doors without paying is illegal. It would be treated as trespassing or theft of services. You don't have the right to use other peoples' stuff without permission just because it's easy to do.

And that was my point.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact