|
So as far as I know, if someone puts an instance publicly on the web it is free to use. This is not hacking at all as there is no unauthorized intrusion is no authorization is needed. If using default credentials, this is at least arguably not an authorization mechanism though it touches a gray area. This is not causing damage or harm to the server either but using it as intended. I do think responsibility for guarding resources lies on the hoster of such services.
Also I dont think he called anyone dumb, he described the action of making a costly service unsecured as dumb. Ive never liked labels or names applied to people. But actions I feel are totally fair to criticize. We all tend to make stupid mistakes in life, but that doesnt say anything about us after we learn from them. Dumb when describing a person means inability to speak, which is very different than when describing an action.
So im unclear on the legality and ethically here. Likely if passwordless then it is legal. If its default password, less likely legal but possibly. If the password had to be obtained through unauthorized efforts whether brute force, or online leaks, etc it is not legal. Ethically if you know you are running large bills then its not ethical. Unless the poster gave explicit consent like a public notice it is free to use or they privately agreed, etc. Then again, everyone probably knows all of this already.
|