Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Advice RE Site Exploit

From: H D Moore <fdlist () digitaloffense net>
Date: Mon, 18 Jul 2005 20:56:26 -0500
It doesn't work that way ;-) You either get to abuse the bug or tell the 
them about it; trying to do both is what gets people put into jail. In 
your communication with the company, you could always ask for a discount 
on your service or some other perk (in a polite and non-demanding way), 
but IMO thats as far as you can go without it looking like extortion.

If you left your wallet in your car with the windows down and someone 
walks up to you and tells you about it, you will have one of two 
reactions. You will be happy that someone seemed concerned for your 
well-being or pissed off that some jerk was looking into your car in the 
first place. The reaction is going to depend on how you are approached 
and what they say. If they immediately ask for $10 on the grounds that 
they could have just taken your entire wallet, you might be motivated to 
break their face. Just because someone has the potential to rob you 
doesn't mean that you should be grateful to them if they don't :-) 

-HD

On Monday 18 July 2005 19:22, David Wilde wrote:

Hello All,

Long time lurker.  I have recently come across a rather significant
(IMHO) exploit to gain access to a significant number of accounts held
by one of the two satellite tv companies in the US.  I of course want
to do the right thing (TM), but I also would like a free lifetime
subscription to all of the channels with hardware upgrades at my
discression :)  What is the best way of informing the company of my
discovery and my wishes with the ultimate goal of 1) not going to jail
being labeled a terrorist and threat to national security, and 2)
getting what I want?

TIA
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: