Re: Bank Exploit

[Adam Pal <pal_adam () gmx net>]

Hello securityz,

That really depends on the country`s laws.
I would say, if you neither intercepted any data, nor intruded the
system you are partialy safe.
From what i know the USA has very strong laws at this point of view.
As here mentioned, you can carefuly try to get in touch with the team
and point on the gaps.
On the other hand, keep in mind what Craig
Wright mentioned on that list, that people have a right to be unsafe.
It is not logical, but staying out of the issue can protect you from
being accused.



-- 
Best regards,
 Adam Pal   

Wednesday, July 25, 2007, 3:34:29 PM, you wrote:

<==============Original message text===============
sdc> Friend of mine (not me, really) is working with a client of
sdc> his who claims to have inadvertently discovered a few web
sdc> exploits of several financial institutions.  Does anyone have any
sdc> insights as to how this guy could bring these to the attention of
sdc> the organizations involved without being seen as a hacker?  His
sdc> minimal goal is to help the institutions, optimally he would like
sdc> to consult to help them rectify the issues.


sdc> thx

sdc> Steve

<===========End of original message text===========

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature