nanog mailing list archives

Re: Security reporting response handling [was: Suggestions for the future on your web site]

From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Tue, 22 Jan 2013 16:57:04 +0530

On Tuesday, January 22, 2013, Matt Palmer wrote:

That article doesn't justify security review, it justifies not being a
complete knob when someone reports a security hole in your site.  There are
so many site vulnerabilities these days that they're not news.  What *is*
news is when the vulnerable organisation goes off the deep end and
massively
overreacts to the situation.


Report - yes.  What this kid seems to have done is - reported it, got
thanked for it. Then went ahead and pentested the site to see for himself
whether the bug was fixed or not.   Which justifies the company asking him
to stop I guess - and it definitely justifies the kid's prof chewing him
out.

Expulsion, maybe not, though the article I read said 14 out of 15 profs in
his college voted to boot the kid out.

--srs


-- 
--srs (iPad)

Current thread:

Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...), (continued)
- - - Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Andrew Sullivan (Jan 24)
    - Re: Suggestions for the future on your web site: (was cookies, and Joe Greco (Jan 24)
    - Re: Suggestions for the future on your web site: (was cookies, and . (Jan 25)
    - Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Scott Howard (Jan 24)
    - Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Jimmy Hess (Jan 24)
    - Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) . (Jan 21)
    - Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) . (Jan 21)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Scott Weeks (Jan 21)
  - Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Jean-Francois Mezei (Jan 21)
    - Re: Security reporting response handling [was: Suggestions for the future on your web site] Matt Palmer (Jan 22)
    - Re: Security reporting response handling [was: Suggestions for the future on your web site] Suresh Ramasubramanian (Jan 22)
    - Re: Security reporting response handling [was: Suggestions for the future on your web site] Alain Hebert (Jan 22)
    - Re: Security reporting response handling [was: Suggestions for the future on your web site] Jimmy Hess (Jan 23)
    - Re: Security reporting response handling [was: Suggestions for the future on your web site] . (Jan 23)
    - Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Valdis . Kletnieks (Jan 22)