Re: Sql Injection big5 consultancy

["joseph blater" <t5con () hotmail com>]

Nope, like someone said "they will have a hard time understanding what sql 
injection means".

Thanks for all the valuable input, I decided I will just STFU and keep it to 
myself. Let them discover it when some bad guy drops their databases and own 
their box. Better than facing a prossecution because of security 
professionals and developers trying to blame their incompetency on me (I can 
even imagine the "extorsion cracker"). Altough my country doesnt have any 
police forensics or especific laws, things could get nasty.

The downside is: a had to delete my personal info from their hr system, no 
way of getting hired now. Maybe Ill just try to move to the US.

Thanks again for all your replies.

kind regards,
fake name

> From: Blue Boar <BlueBoar () thievco com>
> To: joseph blater <t5con () hotmail com>
> CC: full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] Sql Injection big5 consultancy
> Date: Mon, 23 Jun 2003 09:21:14 -0700
>
> joseph blater wrote:
> > What should I do? Tell them their whole HR system is vulnerable and face 
> > the risks of being charged for something?
> > Although owning certs from most vendors, I never got to work for a top5. 
> > Shall I take the risk and use this vuln to help me getting a job?
>
> Well, considering that they're called that because there are only 5 or so 
> of them... and that they all have pen test people who read this list... I 
> would guess that this problem will take care of itself.
>
>                                                 BB

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html