Full Disclosure mailing list archives
Re: Advice RE Site Exploit
From: H D Moore <fdlist () digitaloffense net>
Date: Mon, 18 Jul 2005 20:56:26 -0500
It doesn't work that way ;-) You either get to abuse the bug or tell the them about it; trying to do both is what gets people put into jail. In your communication with the company, you could always ask for a discount on your service or some other perk (in a polite and non-demanding way), but IMO thats as far as you can go without it looking like extortion. If you left your wallet in your car with the windows down and someone walks up to you and tells you about it, you will have one of two reactions. You will be happy that someone seemed concerned for your well-being or pissed off that some jerk was looking into your car in the first place. The reaction is going to depend on how you are approached and what they say. If they immediately ask for $10 on the grounds that they could have just taken your entire wallet, you might be motivated to break their face. Just because someone has the potential to rob you doesn't mean that you should be grateful to them if they don't :-) -HD On Monday 18 July 2005 19:22, David Wilde wrote:
Hello All, Long time lurker. I have recently come across a rather significant (IMHO) exploit to gain access to a significant number of accounts held by one of the two satellite tv companies in the US. I of course want to do the right thing (TM), but I also would like a free lifetime subscription to all of the channels with hardware upgrades at my discression :) What is the best way of informing the company of my discovery and my wishes with the ultimate goal of 1) not going to jail being labeled a terrorist and threat to national security, and 2) getting what I want? TIA _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Advice RE Site Exploit David Wilde (Jul 18)
- Re: Advice RE Site Exploit H D Moore (Jul 18)
- Re: Advice RE Site Exploit Mike Hoye (Jul 19)