"A warning removes malicious intent. Lack of warning leaves malicious intent in place."
The trespassing, using a system in nonstandard ways could still be considered "malicious", even if the user's intent was not. (I'm not making judgments on the guy so much as imagining that prior warning is not sufficient.)
I don't see how a reasonable person would conclude Al-Khabaz's actions were malicious. People with malicious intent do not draw attention to themselves prior to the event, nor do they advertise the exact attack that they will use.
You're still stumbling through systems you are not explicitly invited into. I understand why you might feel that good intentions validate the act, but assuming that all administrators are so gracious would be dangerous :P
No, not "validate", that would be equally black-and-white thinking. But a decision of the legality and morality of the action should take into account the whole circumstances, not just the bare fact of the unauthorized access.
This seems similar in many respects to the Aaron Swartz case. My initial response rejects the idea that all actions regardless of motive should be taken as equally unlawful and unethical.
The trespassing, using a system in nonstandard ways could still be considered "malicious", even if the user's intent was not. (I'm not making judgments on the guy so much as imagining that prior warning is not sufficient.)