Penetration Testing mailing list archives
Reporting website vulnerabilities
From: "Peter Manis" <manis () digital39 com>
Date: Sun, 2 Sep 2007 06:30:43 -0400
I am an affiliate of a website that I guess you could consider popular. Everything is passed over an insecure connection, such as the login, changing passwords, home address, and some other information that is more sensitive. I have plans to contact the company and inform them about all of this, however they should already know which makes it that much worse. I also feel the public should know since their information is what is being transmitted over an insecure connection. What is a good procedure for handling things like this? I have heard companies can sue if you release vulnerabilities to the public. - Pete ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Reporting website vulnerabilities Peter Manis (Sep 04)
- Message not available
- Re: Reporting website vulnerabilities Peter Manis (Sep 05)
- Message not available