nanog mailing list archives
Re: Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now?
From: Denys Fedoryshchenko <nuclearcat () nuclearcat com>
Date: Fri, 04 Mar 2022 23:33:47 +0200
This is typical "Beg bounty". https://www.troyhunt.com/beg-bounties/ On 2022-03-03 00:30, Brie wrote:
I just got this in my e-mail... ------ From: xxxxxxx <xxxxxxxxxx6 () iqra edu pk> Date: Thu, 3 Mar 2022 03:14:03 +0500 Message-ID: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx () mail gmail com> Subject: Found Security Vulnerability To: undisclosed-recipients:; Bcc: sxxxxxxxxx () ahbl org Hi TeamI am a web app security hunter. I spent some time on your website and foundsome vulnerabilities. I see on your website you take security very passionately. Tell me will you give me rewards for my finding and responsibledisclosure? if Yes, So tell me where I send those vulnerability reports?share email address. Thank youGood day, I truly hope it treats you awesomely on your side of the screen :)xxxxx Security ------ Is soliciting for money/rewards when the site makes no indication they offer them a common thing now? If you want to see a copy of the original message, let me know off list and I'll send it to you.
Current thread:
- Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now? Brie (Mar 02)
- Re: Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now? Kieran Murphy (Mar 02)
- Re: Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now? Valdis Klētnieks (Mar 02)
- Re: Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now? Denys Fedoryshchenko (Mar 04)
- Re: Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now? Aaron de Bruyn via NANOG (Mar 04)