I do not believe it was a hole/bug in software. It was misconfigured proxies, which is how Lamo does most of his stuff from what I understand. Hell, all he uses is a webbrowser. So that is why I said they were not doing their job, rather than a vendor issue, it was lack of competency on the individuals part

"The 22-year-old Lamo has become famous for publicly exposing gaping security holes at large corporations, then volunteering to help the companies fix the vulnerabilities he exploited -- sometimes visiting their offices or signing non-disclosure agreements in the process. Until now, his cooperation and transparency have kept him from being prosecuted."