Man. I found an XSS bug in the University of Washington's web portal several years ago. It would allow a hacker to impersonate any user if they clicked on a crafted hyperlink.
After testing this on my own account, I reported it right away to the university. They thanked me and fixed the problem within days.
But after reading these horror stories, I feel extremely lucky that they didn't do something much stupider. My entire academic career could have been destroyed, as well as my professional one if they'd decided to press frivolous charges.
After testing this on my own account, I reported it right away to the university. They thanked me and fixed the problem within days.
But after reading these horror stories, I feel extremely lucky that they didn't do something much stupider. My entire academic career could have been destroyed, as well as my professional one if they'd decided to press frivolous charges.