How does anyone know he hasn't placed a thousand backdoors elsewhere on GH? This could have been just the harmless shot across the bow. The real vulns being traded in the online underground market now (or in the near future)?
Seeing the comments he made days prior to this and also knowing what an appalling security vulnerability attr_accessible is I'm very pleased he did this. The issue needs to be addressed and for some reason everyone's been sweeping it under the carpet.
The guy was clear and resonable in the earlier bugs and suggestions he posted and then simply escalated them (with no harm done) to illustrate the issue.
Frankly this is a whole less worrying than firesheep and way more easily addressable.
It is possible but why would he disclose it then if he was trading it on the black market? Kind would shot himself in the foot then since the vulnerability would be fixed and the price of it would go down to 0.
Actually, that was my original point. If he is already treated as a criminal and a hacker, might as well profit from it. Instead of trying to disclose it publicly and get treated as a criminal, might as well sell it on the black market, don't tell anyone about it and at least profit from all this work.
