nanog mailing list archives

Re: UK ISP threatens security researcher

From: Dragos Ruiu <dr () kyx net>
Date: Mon, 23 Apr 2007 22:50:19 -0700


On Thursday 19 April 2007 18:25, Simon Lyall wrote:

If you are a random person who comes across a security hole in a website
or commercial product then the best thing to do is tell nobody, refrain
from any further investigation and if possible remove all evidence you
ever did anything.

There is almost zero potential upside of reporting these holes vs the very
real potential downside that the company might decide to go after you with
their legal team or the police.


Bullshit.

And when we start propagating messages like this, it will be bad news.

Just report the bug. Unless they are ignorant idiots they should thank
you in some way.

cheers,
--dr

-- 
World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada   April 18-20 - 2007    http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp

Current thread:

Re: UK ISP threatens security researcher, (continued)
- - - Re: UK ISP threatens security researcher Simon Lyall (Apr 19)
    - RE: UK ISP threatens security researcher Stasiniewicz, Adam (Apr 19)
    - Re: UK ISP threatens security researcher Gadi Evron (Apr 20)
    - Re: UK ISP threatens security researcher alex (Apr 20)
    - Re: UK ISP threatens security researcher J. Oquendo (Apr 20)
    - Re: UK ISP threatens security researcher alex (Apr 20)
    - Re: UK ISP threatens security researcher Valdis . Kletnieks (Apr 20)
    - Re: UK ISP threatens security researcher Sam Hayes Merritt, III (Apr 20)
    - Re: UK ISP threatens security researcher Gadi Evron (Apr 20)
    - Re: UK ISP threatens security researcher Owen DeLong (Apr 21)
    - Re: UK ISP threatens security researcher Dragos Ruiu (Apr 23)
    - Re: UK ISP threatens security researcher Leigh Porter (Apr 24)