"This choice should be considered a career limiting decision by any hiring manager."
Hopefully not forever. When I was young and stupid and the net was a much simpler place I casually fully disclosed the problem with posting your Cisco configs with "encrypted" passwords to Usenet:
I would not do something like this today, especially not in such a full-of-myself douchey manner.
Sadly a lot of postings to the internet are basically "forever" at this point and combined with the insistence of so many companies that real names be used, we're going to have generations of younger folks who say or do something stupid (because they are young and stupid) that they can never get rid of. And that's unfortunate.
I completely agree. I also think that this kind of post on full-disclosure should be used as an example of what-not-to-do.
I've always treated vuln reward programs as resume enhancers. If you submit a bug and get it fixed, you get to show two incredibly valuable and rare skills in the infosec community:
1) technical chops
2) interpersonal skill
Disclosers who have the patience to endure some of the bullshit that comes up in these programs are going to be successful in the security industry. The hardest problems in infosec are not technical. They are cultural. Publicly flaming a vuln reward program because they didn't pay you for what you see as an arbitrary reason is exactly the kind of reason execs do not want to do vuln reward programs. Someone had to fight to get that program set up at paypal. It had to be within the laws of the country that governs the company. This kid just through a temper tantrum in public and signed his name on the email. Any advocates he had at paypal are probably re-evaluating their support of him. So short sighted.
just an FYI, you can (even if you don't have the email anymore) get old posts removed from google groups, you have to jump through a bunch of hoops, but it isn't too hard to do. Just read around. I had to cover for 18 year old me posting god knows what on usenets several years ago. I did this when google first bought deja news however, you can likely get them to remove it.
who knew people were saving stuff back in 94-95. hell anyway 18 year old me didn't care, but luckily I can cover for him.
Hopefully not forever. When I was young and stupid and the net was a much simpler place I casually fully disclosed the problem with posting your Cisco configs with "encrypted" passwords to Usenet:
https://groups.google.com/d/msg/comp.dcom.sys.cisco/WjuKAOQL...
I would not do something like this today, especially not in such a full-of-myself douchey manner.
Sadly a lot of postings to the internet are basically "forever" at this point and combined with the insistence of so many companies that real names be used, we're going to have generations of younger folks who say or do something stupid (because they are young and stupid) that they can never get rid of. And that's unfortunate.