undefined | Better HN

0 pointsjrogers6513y ago0 comments

> but his explanation doesn't jive with his actions.

I think it's perfectly congruent. An entity has your data as well as information on many other people. You come across and report a vunerability. You check that something was done about it. I see no holes in this (aside from the ones in Montreal college's security).

0 comments

3 comments · 1 top-level

borplk13y ago· 2 in thread

Just saying,

If he found the vulnerability without using Acunetix, why did he have to use Acunetix later to check if the same vulnerability has been fixed or not?

Couldn't he re-check using the same way that he initially found the vulnerability?

jrogers65OP13y ago

Perhaps he was using a wider net to see if there were any other problems which, given the level of (in)competence displayed by the techs working for the college, was a distinct possibility.

thefreeman13y ago

Exactly. Which is the definition of unauthorized penetration testing.

j / k navigate · click thread line to collapse