Penetration Testing mailing list archives
Re: Informing Companies about security vulnerabilities...
From: Andreas Putzo <putzoa () gmx de>
Date: Thu, 5 Oct 2006 10:06:04 +0200
On Oct 04, pand0ra wrote:
"You can try to set them an ultimatum pretending to disclose the holes to the public. Perhaps they are more willing to react if they are forced to do so." Ethically, that is bad. You should never force (or threaten) anyone into doing something they don't want to. I agree completely with Jay and Dan.
This depends greatly on the information that can be retrieved via a
vulnerable website IMHO.
What if you can get personal data of the customers of the company or
you can do financial harm to them? Then it would be unethical to do
nothing against it.
In general i agree with you that it is never nice to force someone to
do something.
However, i don't want to put this threat into a discussion ethical vs.
unethical behavior..
--
regards,
Andreas Putzo
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Current thread:
- Informing Companies about security vulnerabilities... Joseph McCray (Oct 04)
- RE: Informing Companies about security vulnerabilities... Clemens, Dan (Oct 04)
- Re: Informing Companies about security vulnerabilities... Steve Friedl (Oct 04)
- RE: Informing Companies about security vulnerabilities... Arian J. Evans (Oct 05)
- Re: Informing Companies about security vulnerabilities... Andreas Putzo (Oct 04)
- Re: Informing Companies about security vulnerabilities... Jex (Oct 04)
- Re: Informing Companies about security vulnerabilities... Wolf Halton (Oct 04)
- Re: Informing Companies about security vulnerabilities... Micro Kluge (Oct 06)
- Re: Informing Companies about security vulnerabilities... pand0ra (Oct 04)
- Re: Informing Companies about security vulnerabilities... Andreas Putzo (Oct 05)
- Re: Informing Companies about security vulnerabilities... Steve Friedl (Oct 05)
- Re: Informing Companies about security vulnerabilities... pand0ra (Oct 05)
- Re: Informing Companies about security vulnerabilities... s-williams (Oct 05)
- Re: Informing Companies about security vulnerabilities... Dan Catalin Vasile (Oct 05)
- <Possible follow-ups>
- RE: Informing Companies about security vulnerabilities... bugtraq (Oct 04)
- RE: Informing Companies about security vulnerabilities... Brian . Marino (Oct 04)
- Re: Informing Companies about security vulnerabilities... gat0r (Oct 06)
- Re: Informing Companies about security vulnerabilities... Dragos Ruiu (Oct 05)
- RE: Informing Companies about security vulnerabilities... Brian . Marino (Oct 04)
- Re: Informing Companies about security vulnerabilities... jay.tomas (Oct 04)
- Re: Informing Companies about security vulnerabilities... Thor (Hammer of God) (Oct 04)