Penetration Testing mailing list archives
RE: Informing Companies about security vulnerabilities...
From: mr.nasty () ix netcom com
Date: 5 Oct 2006 20:55:41 -0000
Here's my worthless two cents. Chances are you are not the first one to discover the problem. Hence unless you do business with them it really doesn't affect you financially. On the other hand the right thing (not the legal thing) to do is inform someone at the company (find many company email addresses - support () company com etc.) and provide then what you found. NO RECOMMENDATIONS should be offered. Number one they do not pay you to provide them with Recommendations or solutions. Number two unless this business affects you financially it's not your burden to bear. And if you do have some financial interest in a company that ignores its customers...LEAVE. Number three you can't get blood from a turnip or teach pigs to sing. ThatÂ’s just my worthless two cents. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- RE: Informing Companies about security vulnerabilities..., (continued)
- RE: Informing Companies about security vulnerabilities... Arian J. Evans (Oct 05)
- WAS Informing Companies NOW Announcing ' or 1=1-- Thor (Hammer of God) (Oct 06)
- Re: WAS Informing Companies NOW Announcing ' or 1=1-- Ian Scott (Oct 06)
- RE: WAS Informing Companies NOW Announcing ' or 1=1-- Arian J. Evans (Oct 06)
- RE: Informing Companies about security vulnerabilities... Arian J. Evans (Oct 05)
- RE: Informing Companies about security vulnerabilities... Levenglick, Jeff (Oct 05)
- RE: (illegal?) Informing Companies about security vulnerabilities... Arian J. Evans (Oct 05)
- Re: (illegal?) Informing Companies about security vulnerabilities... Nathan Keltner (Oct 06)
- RE: (illegal?) Informing Companies about security vulnerabilities... Arian J. Evans (Oct 06)
- RE: (illegal?) Informing Companies about security vulnerabilities... Arian J. Evans (Oct 05)
- RE: Informing Companies about security vulnerabilities... Arian J. Evans (Oct 06)
- Re[4]: Informing Companies about security vulnerabilities... Matthew Leeds (Oct 06)
- Re: Informing Companies about security vulnerabilities... Art Cooper (Oct 06)
- RE: Informing Companies about security vulnerabilities... Arian J. Evans (Oct 06)
- RE: Informing Companies about security vulnerabilities... jason (Oct 06)