nanog mailing list archives
Re: Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now?
From: Joe Greco <jgreco () ns sol net>
Date: Fri, 4 Mar 2022 18:15:09 -0600
On Fri, Mar 04, 2022 at 11:33:47PM +0200, Denys Fedoryshchenko wrote:
This is typical "Beg bounty". https://www.troyhunt.com/beg-bounties/
This probably isn't even that. I've seen a bunch of similar spam to various role accounts, some at domains that don't even have a website, in the last month or so. Several contained "real names" of alleged security researchers that did not seem to exist in the real world. It is worth remembering that bad guys may be interested in collecting the e-mail addresses of people who are responsible for security within your organization. These could be used to target those people with malware, or to forge legitimate-looking e-mails "from" your security department to your other employees. It is likely that no good can come of engaging with these. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'"-Asimov
Current thread:
- Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now? Brie (Mar 02)
- Re: Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now? Kieran Murphy (Mar 02)
- Re: Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now? Valdis Klētnieks (Mar 02)
- Re: Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now? Denys Fedoryshchenko (Mar 04)
- Re: Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now? Joe Greco (Mar 04)
- Re: Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now? Aaron de Bruyn via NANOG (Mar 04)