Hacker News new | comments | show | ask | jobs | submit login

It's not his duty to report such things.

No one is "honor-bound" to report vulnerabilities; in fact, it seems unethical to expect any random person to try to fix any random problem they stumble upon, don't you think?

My philosophy: it's backwards to look down on those who don't report vulnerabilities; it's better to be pleasantly surprised when someone does.

But he's certainly not "hurting" anyone at all. He didn't disclose any details of the attacks.

I guess I'm too nice myself. It'd be nice if we all did that extra 10% to make the world better.

Normally these things are incredibly easy to report—sending a quick summary of the problem to a specific email address is all it takes.

(Facebook has a web form for it[1].)

[1] http://www.facebook.com/whitehat/report/

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact