What? Have things now become so gentrified that this question even needs to be asked?

Release it already.

The 90's were great because there were active threats from all sides, spurring people to meet the challenge with actual defenses against the mayhem. By comparison now things are much more secure, but they are also incredibly less exciting, and markedly less progressive. If developers/coders are driven by a need to scratch an "itch" then by all means let's make things itchy again.

The software is non-malicious you say? Great! If nothing else it'll serve as some things for people to think about as they continue to develop their environments, and at the very least it sounds like you may have identified some genuinely soft spots in the current generation of Linux distributions. You would be far from the first person to post non-malicious proof-of-concept code to say, Bugtraq. This is not new ground--no one is going to claim you did something wrong by publishing.

Release it already!

Either we're tough enough to handle it, or we'll get tough enough to handle it.

What I don't get is how this slipped past their attorney without him realizing it actually constitutes a violation of the Computer Fraud and Abuse Act.

Follow along with me carefully here...

The TOS of most of these sites only allows the individual to use their account for their own uses, and generally explicitly forbids sharing the account with anyone for any reason (barring the strange convolutions of minor-guardian relationships). Doesn't matter what Bozeman puts on the form--it doesn't and can't change the existing agreement between the user and the social networking site.

Violating the TOS basically invalidates the account, meaning it's very much not okay for someone other than the actual account owner to use it.

That's absolutely using a set of authentication credentials to exceed ones access knowingly, because it doesn't matter *what* the girl from HR was doing in that Facebook account--it's not their account, the owner can't legally give it to them, and Facebook expressly prohibits anyone other than the account owner from using it. This is rather explicitly illegal and has been for oh, about twenty years now.