nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now?

From: Kieran Murphy <daffy () daffy za net>
Date: Thu, 3 Mar 2022 09:35:20 +1100
Better known as Beg Bounties.
https://www.troyhunt.com/beg-bounties/

It's a thing.

On Thu, 3 Mar 2022 at 09:32, Brie <bruns () 2mbit com> wrote:


I just got this in my e-mail...

------
From: xxxxxxx <xxxxxxxxxx6 () iqra edu pk>
Date: Thu, 3 Mar 2022 03:14:03 +0500
Message-ID: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx () mail gmail com>
Subject: Found Security Vulnerability
To: undisclosed-recipients:;
Bcc: sxxxxxxxxx () ahbl org

Hi  Team

I am a web app security hunter. I spent some time on your website and found
some vulnerabilities. I see on your website you take security very
passionately.

  Tell me will you give me rewards for my finding and responsible
disclosure? if Yes, So tell me where I send those vulnerability reports?
share email address.

Thank you

Good day, I truly hope it treats you awesomely on your side of the screen :)

xxxxx Security
------


Is soliciting for money/rewards when the site makes no indication they
offer them a common thing now?

If you want to see a copy of the original message, let me know off list
and I'll send it to you.


--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org    /     http://www.ahbl.org
Previous By Date Next
Previous By Thread Next

Current thread: