Security Incidents mailing list archives
Re: *MAJOR SECURITY BREACH AT CCBILL**
From: Robert van der Meulen <rvdm () wiretrip org>
Date: Thu, 20 Dec 2001 00:12:50 +0100
Quoting l0rtamus Prime (simon () snosoft com):
The problem with his web site is a simple perl issue that any average perl programmer can figure out. Any advice on what I should do? Should I post a full disclosure? I have tried to contact him, his ISP (verio) and other people but thus far have yet to speak to anyone reasonable.
I've got very good experience with sending them a polite email, explaining the issues, and making clear your intentions are good. If they don't reply, mail again, Cc-ing the ISP/upstream involved. Give them time, if they don't reply within a _reasonable_ amount of time, try calling; try making the 'full disclosure' decision the last thing you fall back on. I'm ofcourse completely in favour of full disclosure, but the target you're trying to help might have their own ideas about that. If you can, try to leave that decision up to them. I personally never had a bad response, or threats/legal stuff thrown at me. Greets, Robert -- Linux Generation encrypted mail preferred. finger rvdm () debian org for my GnuPG/PGP key. "Invalid element 'rvdm' in content of 'p'." (WAP emulator error) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- *MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 19)
- Re: *MAJOR SECURITY BREACH AT CCBILL** H C (Dec 19)
- Re: *MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 19)
- Re: *MAJOR SECURITY BREACH AT CCBILL** l0rtamus Prime (Dec 19)
- Re: *MAJOR SECURITY BREACH AT CCBILL** Robert van der Meulen (Dec 19)
- Re: *MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 19)
- Re: *MAJOR SECURITY BREACH AT CCBILL** H C (Dec 19)
- RE: *MAJOR SECURITY BREACH AT CCBILL** Rick Darsey (Dec 19)
- Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL} Christian Vogel (Dec 20)
- Re: Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL} Damir Rajnovic (Dec 21)
- Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL} Christian Vogel (Dec 20)
- Re: *MAJOR SECURITY BREACH AT CCBILL** Matthew S. Hallacy (Dec 24)
- <Possible follow-ups>
- RE: *MAJOR SECURITY BREACH AT CCBILL** NESTING, DAVID M (SBCSI) (Dec 19)
- Re: *MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 19)
- Re: *MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 19)
- RE: *MAJOR SECURITY BREACH AT CCBILL** robh (Dec 20)
- RE: *MAJOR SECURITY BREACH AT CCBILL** jlewis (Dec 20)