Hacker News new | past | comments | ask | show | jobs | submit login

> Information whether email is valid or not was made publicly available by AT&T

By mistake. They left that hole open by mistake. I just re-read the details to be sure; the clear intention of the developer was that the email address would be retrieved (keyed on the SIM ID) to pre-populate a sign-in field for the user. That CCID is not meaningfully useful to the user. This API was clearly never intended as a "validation" mechanism, and for you to claim so is flatly ridiculous. It was a security hole, and a dumb one, and something AT&T should be held liable for if someone suffered damages.

But for you to claim that its very existence makes it legal to exploit to retrieve addresses of third party users is just insane, sorry. That's the kind of logic Weev relied on, and it's going to send him to jail. And rightly so: the rest of us in society don't particularly want jokers like you running around free looking to steal our email addresses.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: