Comment re Rules (Score 1) 2
The rules issues pretty much surrounds the idea that they didn't use a source inside the company, information from a NDA, or similar. A straight hack of the system is perfectly fine. Potentially exploiting a subsystem (a flaw in a database system for example or in SSL itself or what not) might also void the rules.