carleisenstein - 12:32 am on Jun 13, 2010 (gmt 0)
He said he didn't know what was in the directory he was just exploring the site. He was charged with hacking because there was no link to that directory.
Wow, that's a little scary. Does that mean I have to check each page for inbound links every time I visit in case I'm hacking?
I have some sympathy for Goatse - they haven't publicly released the email addresses and they let AT&T fix the hole before they announced it. If they were security testing an operating system for weaknesses they would be heroes - why so different for those that test for privacy weaknesses in badly built corporate sites?
In fact, I think having ethical people test big company sites for stupid security flaws should be encouraged IMHO - it's better than a bunch of underground card phreaks getting your data.