I had never really thought about it before, but there is such a fuzzy line between so-called white-hat hackers, grey-hat hackers and black hat hackers. In fact the only difference between them is what you do with the information AFTER hacking into a system.
Even if you deduce that there might be a flaw in some web site design, you actually need to illegally hack the site in order to prove such flaw exists. In the article, the author noticed he could associate himself with any company that works with the US government and change their info. To prove that, he broke the law. And is lucky he is not in jail for doing so.
I can see from the company's point of view, from the FBI, from the government, from senators and congressmen writing the laws - trying to find flaws in a system is by definition hacking, illegal entry, unauthorized use. You don't have to be stealing credit card numbers for it to be a crime. Logging in to a computer system you are not authorized to is a crime. Period.
So the moral of the story is, if you want to stay out of jail, don't try to find flaws in web sites. Just don't. Or if you do, have a theory and report it to the company, but don't test your theory.
But I do agree companies should have a way to be contacted about security flaws, and be held criminally liable if a flaw was reported and not fixed in a timely manner. But even white-hat hackers are breaking the law and only by their actions after (reporting it to the company) are they not getting arrested or sued for it.
Even if you deduce that there might be a flaw in some web site design, you actually need to illegally hack the site in order to prove such flaw exists. In the article, the author noticed he could associate himself with any company that works with the US government and change their info. To prove that, he broke the law. And is lucky he is not in jail for doing so.
I can see from the company's point of view, from the FBI, from the government, from senators and congressmen writing the laws - trying to find flaws in a system is by definition hacking, illegal entry, unauthorized use. You don't have to be stealing credit card numbers for it to be a crime. Logging in to a computer system you are not authorized to is a crime. Period.
So the moral of the story is, if you want to stay out of jail, don't try to find flaws in web sites. Just don't. Or if you do, have a theory and report it to the company, but don't test your theory.
But I do agree companies should have a way to be contacted about security flaws, and be held criminally liable if a flaw was reported and not fixed in a timely manner. But even white-hat hackers are breaking the law and only by their actions after (reporting it to the company) are they not getting arrested or sued for it.