This article is so interesting, but mostly because I feel that there's something missing with it.
Mangham seems like there is some reason for which he shouldn't be in trouble at all, but it's never revealed -- or maybe there isn't any real reason, and he's just delusional? I don't know.
It starts off bad enough -- "Strictly speaking what I did broke the law because at the time and subsequently it was not authorized," -- So wait. It wasn't EVERY authorized? Or is he implying that sometime before the time he actually stole the source it had been authorized? Was he hired to do this work at some time, then let go afterward, only to keep trying? It's confusing without context (to me at least).
Then he realizes that FB is on his tail and he "panicked because I knew how bad it looked without sufficient context." What is the context? He seems to imply that there is some reason for which he shouldn't be thrown in jail, but never seems to get at exactly what it is.
There's something weird here, and practically every statement he makes hints at some deeper cause, but always falls short of actually revealing what it is.
I think he thought that Zuckerberg/Facebook would emphasize with what it's like to be a white hat hacker, be very curious, challenge yourself and then let him off the hook. Other companies have been known to hire hackers after getting caught.
One thing that didn't really add up is he never turned himself in after committing the crime. He waited 3 weeks? That places doubt on his intentions. Maybe he just freaked out.
(Note: this post represents my own opinions, not anyone else's)
No, but they normally report the vulnerabilities they find.
I participate in a lot of responsible disclosure programs (Google, Facebook, Mozilla, Dropbox, Twitter, Etsy, etc). All of those programs dictate that you report the security vulnerabilities you find, and that you not abuse them.
What was described in the blog post sounds a lot like real security audits that I've seen done. However, the difference is that those audits are done by professional security researchers who have been hired by the company for that purpose. If you're an outside security researcher you have to abide by a very different set of standards. Common sense would argue those standards include abiding by the company's responsible disclosure policy.
Mangham seems like there is some reason for which he shouldn't be in trouble at all, but it's never revealed -- or maybe there isn't any real reason, and he's just delusional? I don't know.
It starts off bad enough -- "Strictly speaking what I did broke the law because at the time and subsequently it was not authorized," -- So wait. It wasn't EVERY authorized? Or is he implying that sometime before the time he actually stole the source it had been authorized? Was he hired to do this work at some time, then let go afterward, only to keep trying? It's confusing without context (to me at least).
Then he realizes that FB is on his tail and he "panicked because I knew how bad it looked without sufficient context." What is the context? He seems to imply that there is some reason for which he shouldn't be thrown in jail, but never seems to get at exactly what it is.
There's something weird here, and practically every statement he makes hints at some deeper cause, but always falls short of actually revealing what it is.