https://boingboing.net/2005/10/06/guy-who-was-busted-f.html/... was the best link I could find for that story
My own government luckily even offers to reach out in your stead if a company doesn't respond to your disclosure, so pen testing random websites seems implicitly allowed, but such a vertict is still scary to read for such an innocuous probe.
My own government luckily even offers to reach out in your stead if a company doesn't respond to your disclosure, so pen testing random websites seems implicitly allowed, but such a vertict is still scary to read for such an innocuous probe.