Pretty sure that poking around for holes/exploits is part of the definition of what is a hacker. They notified the relevant organization as well. Not sure why you take that stance.

And then posted it online? If his intentions were good he wouldn’t post their name.

> If his intentions were good he wouldn’t post their name.

Why? They shouldn't be allowed to sweep it under the rug

After the fix as been deployed, i don't see why it should not be. It might be useful to someone else.

If security is mostly an afterthought, maybe naming and shaming might help them take it seriously.

I do not understand your stance at all. Why are you defending corps that were negligent?

> What are you twelve?

Read this please https://news.ycombinator.com/newsguidelines.html

I'll bite -- he discovered a vulnerability in a large company and responsibly disclosed it to them. How is that a felony? Why would you post a felony online?

If I understand correctly, the article was published only after the vulnerability was patched. That sounds OK to me.

How did the author "fuck with" the company beyond discovering a vulnerability and helping them fix it?