Penetration Testing mailing list archives
Re: reporting a web site breach
From: "Jamie Riden" <jamie.riden () gmail com>
Date: Thu, 16 Oct 2008 21:23:06 +0100
Will the local CERT act as an intermediary? Worth a try, as they will have a bit more clout than you as a private citizen. I know AusCERT has good links in the financial community in Australia for example. Where is the site based? They could well be in breach of local laws if they're exposing that sort of data. cheers, Jamie 2008/10/16 <jason_jones98 () hotmail com>:
Hi Guys. I need some advise. I was using a web site to book a service (details witheld) and found that i could very easily browse thousands of customer details i.e. name, address, phone numbers, the credit card details are masked but just viewed source and the credit card details are cleartext along with valid from, expire and cvv number. I called the company last night to advise that they probably want to bring down their site and advise customers that their details have been potentially breached, basically they told me it would cost them too much money to go offline and that was that! I then attempted to call visa, mastercard and the high tech crime unit and none of them seem to have a process to report this type of event unless an actual crime has taken place. So for my sanity could someone advise me on the ethical steps i should take to try and protect those customers? ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
-- Jamie Riden / jamesr () europe com / jamie () honeynet org uk UK Honeynet Project: http://www.ukhoneynet.org/ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Re: reporting a web site breach, (continued)
- Re: reporting a web site breach David Glosser (Oct 16)
- Re: reporting a web site breach Jason Ross (Oct 17)
- Re: reporting a web site breach David Glosser (Oct 17)
- Re: reporting a web site breach Email Cash (Oct 17)
- RE: reporting a web site breach Nick Vaernhoej (Oct 17)
- Re: reporting a web site breach acey deucey (Oct 16)
- Re: reporting a web site breach Chris Finley (Oct 20)
- Re: reporting a web site breach Dotzero (Oct 20)
- Re: reporting a web site breach David Glosser (Oct 20)