undefined | Better HN

0 pointsanonymouz13y ago0 comments

Read point 2: "On September 21, the IT Policy was applied and your network and portal accesses were suspended."

Read point 3: "On September 22, you admitted to these attacks in writing."

Compare the dates. According to the letter, his disclosure came after the account was suspended. Implying that they did detect the attack before he admitted to it.

0 comments

3 comments · 1 top-level

noibl13y ago· 2 in thread

An admission in writing is not the same thing as a disclosure.

You're using uncorroborated dates in a document that's clearly worded to paint the student in the worst light possible to infer a 'detection' which it doesn't mention and for which there is no evidence. You're then sharing your inference as documented fact. That's a smear.

anonymouzOP13y ago

I was merely communicating the content of the letter. Whether its claim or the contradicting ones of the student are true, I don't know. What I do know is that mrtron's "translation" of the letter conveniently leaves out the actual exploitation of the SQL injection and the blocking of the account that are claimed to have happened in the letter, and is therefore completely unfit as a summary of the letter.

noibl13y ago

Sorry but that's bullshit. What you've said is that the guy simply got caught and therefore this was not a case of responsible disclosure.

The letter doesn't say that. No other sources say that. You're the only one saying that.

1 more reply

j / k navigate · click thread line to collapse