Identifying and responsibly disclosing security flaws is legal; publicly exploiting them is not.
“Security Flaws” implies that there was some attempt to restrict access that could have been considered “security”. They made no such attempt. Everything was openly provided to the general public.
Putting a big bowl of candy on your front porch during Halloween is an “invitation”, not a “security flaw”.
“Security Flaws” implies that there was some attempt to restrict access that could have been considered “security”. They made no such attempt. Everything was openly provided to the general public.
Putting a big bowl of candy on your front porch during Halloween is an “invitation”, not a “security flaw”.