Penetration Testing mailing list archives
Re: Ps. Informing Companies about security vulnerabilities...
From: "mailing lists" <bofn () irq org>
Date: Thu, 05 Oct 2006 10:06:36 +0200
Ps. we have had contact with the police a few times after some reactive_aggressive had reported a "hackers attack" to them. but after showing the law enforcers what really happened and how with prove, they every time reached the same conclusion with something like "So, they have wasted our time by screaming Wolf!, when you guys only did your friendly neighbour duty by telling them they didn't lock their car door, and did not take anything from it" and then the police phoned the complainers with the message, please stop wasting our time, we have closed the file. slight difference with your case, is that we do not actively go out to find sites and try attacks on them, we some times notice flaws when following a path from a paying clients who ask us to look at the information sources they are using. but i think there is nothing bad about walking over a parking space and putting notes under windshield-wipers of every car that has unlocked doors. just because most people don't care about their living environment, doesn't mean that the few friendly neighbours that still have the guts to stand for doing the right thing should be persecuted by those who stand for nothing other then making a few quick bucks. so ;) keep up the good work! there are way too many servers 'leaking' privacy sensitive information, and the people who's information is leaked are the real victims, not the rich companies who are responsible for leaking it by neglect. Cheers, ------------
Has anyone else gone through a similar situation? Was the company receptive? Other companies I've contacted in the past have been quite receptive - I'm just curious if other people have gone through this as well. No need to fill the list with this, you can email me directly with your inputs and stories. -- Joe McCray
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Re: Ps. Informing Companies about security vulnerabilities... mailing lists (Oct 05)
- <Possible follow-ups>
- RE: Ps. Informing Companies about security vulnerabilities... Craig Wright (Oct 05)