PaulDotCom mailing list archives
Re: He is not evil, checked a site without authorization, found an issue...then what?
From: Sherif El-Deeb <archeldeeb () gmail com>
Date: Fri, 13 Jan 2012 00:41:13 +0300
Middle East, and here they will most probably not get the situation right the first time ..... "they" means "The bank" and "Law Enforcement" On Thu, Jan 12, 2012 at 11:59 PM, Josh More <jmore () starmind org> wrote:
If the bank is based in the US, the Infragard project exists just for this sort of situation. -Josh On Thu, Jan 12, 2012 at 2:33 PM, Sherif El-Deeb <archeldeeb () gmail com> wrote:Hi all, I have a friend "Bob" who found a vulnerability, (SQL injection, errorbased-> v.fast data dumping) in a banking website that gave him access to all the customers' details among many other things, he is not evil, and hecameto me for advice: 1- He know he shouldn't have done the test in the first place without authorization and he is afraid that he might get prosecuted if hereportedit "happened before, right?". 2- He knows that this has to be reported because it leaves customer data exposed, and he has to act fast. 3- He would very much like to get rewarded :) not necessarily by money, a thank you letter will be just fine. I told him if we couldn't figure out a way to make sure he won't get prosecuted, He will just make the great sacrifice, be a good citizen and anonymously report it, and the only benefit he will gain will besleeping atnight feeling little better about his self knowing that because of thetimeand efforts he spent finding and reporting the issue, thousands and thousands of innocent people financial data are a bit more secure. any advices? Thanks in advance. Sherif Eldeeb _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- He is not evil, checked a site without authorization, found an issue...then what? Sherif El-Deeb (Jan 12)
- Message not available
- Re: He is not evil, checked a site without authorization, found an issue...then what? Sherif El-Deeb (Jan 12)
- Re: He is not evil, checked a site without authorization, found an issue...then what? Robert Wesley McGrew (Jan 12)
- Re: He is not evil, checked a site without authorization, found an issue...then what? Sherif El-Deeb (Jan 12)
- Re: He is not evil, checked a site without authorization, found an issue...then what? Bill Swearingen (Jan 12)
- Re: He is not evil, checked a site without authorization, found an issue...then what? Sherif El-Deeb (Jan 12)
- Message not available
- Re: He is not evil, checked a site without authorization, found an issue...then what? Josh More (Jan 12)
- Re: He is not evil, checked a site without authorization, found an issue...then what? Sherif El-Deeb (Jan 12)
- Re: He is not evil, checked a site without authorization, found an issue...then what? Jim Halfpenny (Jan 13)