EDIT: You said "It's a public facing service, use PIA and have at it. Ask for forgiveness not permission".
That, on it's face, is 100% illegal and would put the auditor at great risk; lawsuits, potential jail time, business ruined. I said "that's how you get arrested", and you said "lol no it's not".
Just because something is "public facing" doesn't mean you have free reign to hack it. Same concept as defacing public property... they'll arrest your stupid ass unless you've got a BLM bandana.
Isn't that the whole point of this comment thread; an audit to make the owners aware of vulnerabilities?
Otherwise we're talking straight black hat hacking which is also illegal.
The fuck are you talking about? They're referencing an audit for Gab and the .win sites.
How does that change the legality?
EDIT: You said "It's a public facing service, use PIA and have at it. Ask for forgiveness not permission".
That, on it's face, is 100% illegal and would put the auditor at great risk; lawsuits, potential jail time, business ruined. I said "that's how you get arrested", and you said "lol no it's not".
Just because something is "public facing" doesn't mean you have free reign to hack it. Same concept as defacing public property... they'll arrest your stupid ass unless you've got a BLM bandana.