What's dubious? I don't think there are many (any?) people who understand what he's talking about and would be able to implement it, but wouldn't be able to figure it out on their own. Of that set, the set of people who are malicious is even smaller, if not non-existent.
"I visit a number of public and private hacking-related forums to get wordlists and hacked passwords. I often pay for VIP memberships (usually the lifetime ones) so that I can access premium content areas. "
and when the men with no sense of humor invite you for an interview with out tea and biscuits what would you say to that.
ok the are grey areas and I have on behalf of a FST100 organization broken in to a system with explicit permission and clearance from v senior manger and I also had far better contacts at BT's board level to lobby in case or security dept threw a hissy fit than most people
There is nothing dubious about collecting information if you do it legally.
Further, it is what you do with it not the potential that would get you into legal trouble, otherwise Google, Facebook and every other company would be under legal uncertainty.
Indeed, your hacking actions were far more risky without prior consent from all parties involved.
The difference is that all of these passwords are public knowledge and already published in some form. My compiling these passwords into a single list is different from gathering them directly from the source!
In Australia, close to a decade ago, the Microplex (Optusnet) servers had a backdoor that revealed all the passwords via a generated webpage.
Someone found this, posted the link to the newsgroups... then had their computer seized by the Australian Federal Police. Collecting passwords, at least in Australia, can get you in big trouble.
Incidentally, I don't think that's a good thing, but it is a thing. Beware Australian security researchers!
Anyone else think this is ill advised to say the least - its just asking for your phones to work realy well "nudge nudge wink" ;-)