I believe you're thinking of Brian West vs a newspaper. Slashdot has a followup here and here. The end result was that while he did find a hole, he did a lot more than he claimed based on server and ISP logs than just confirm it; he grabbed info from their servers, modified several pages, etc. Most agree that when West told his story to various online outlets, he was trying to drum up sympathy akin to other cases (DeCSS, Adobe). However, it failed miserably once the details were released.

What should be pointed out is that Section 1030 as pertaining to computer crime is still valid; if there *are* problems with using a tool like nmap on a system to begin with, then theorhetically, that's already illegal, but I've yet to hear anyone prosecuted for just doing an nmap or the like. It's just that the more 'cracker'-like crimes are going to get stiffer penalities, including up to the same terms as terrorists acts.

-----------------------------------------------------
Dr. Michael K. Neylon - mneylon-pm@masemware.com || "You've left the lens cap of your mind on again, Pinky" - The Brain
It's not what you know, but knowing how to find it if you don't know that's important