Hacker News new | past | comments | ask | show | jobs | submit login

Banning his account was totally unjustified since he approached them first with the issue. A less ethical person could have tried to make money or sold this off on the back market. People like him should be rewarded not have their accounts banned. For all we know he just saved DO a lot of headache in sorting this issue had it gone wrong. I really wish the response from DO on this was different.



Adding 20k domains to your account is probably enough to flag as abuse even if you own the domains. Next time the author should probably try just the one or two. Bonus points if they're their own domains.


>Bonus points if they're their own domains.

If the service doesn't understand the issue at all, then when you explain that they're your domains, then they'll probably just tell you it's working as intended and that users should be able to add their own domains.


Arseuming makes an arse out of you and me. Give the techies on the other end of security@ the benefit of the doubt on the first go.

When they fail to understand that then feel free to go ahead and pick one that's not yours to prove the point. One though, not 20 thousand.


> The main reason I did not reach out with the theory instead of the proof-of-concept was because I believed that it would be ignored due to lack of evidence (as is my experience with past disclosures)

I think this was his mistake.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: