It’s one thing towebsite vulnerabilities before they’re used maliciously. It’s another to blog about a vulnerability online.
Singapore authorities fined Zheng Dutao, an engineer at Chinese internet giant Tencent, S$5,000 (about $3,660) this week after discovering he hacked into a hotel’s Wi-Fi system and shared sensitive information on his blog, ZDNet reported Tuesday.
Zheng was staying at the hotel in Singapore while attending the Hack in the Box security conference at the end of August. After hacking the hotel’s Wi-Fi, he did not report the security vulnerability. Instead he shared details of how he hacked its Wi-Fi network in a post on his blog. The sensitive information, including hotel passwords and other details, could still be exploited by other hackers.
Zheng (known as Ricter on his blog) appears to have shut down his site, leaving a note saying, “… no more blog, see you.” But the post in question can still be found on other sites, like Hong Kong’s Saowen, with a quick Google search.
On the blog post, ANTLabs, the maker of the device Zheng hacked, left a comment thanking the author for pointing out the vulnerability. The company added that it affected only old models no longer in production, including the IG 3100 device the hotel used as its internet gateway system.
CNET has written to the hotel and Tencent for comment, while Zheng declined to comment.