Re: Informing Companies about security vulnerabilities...



On Oct 04, pand0ra wrote:
"You can try to set them an ultimatum pretending to disclose the holes
to the public. Perhaps they are more willing to react if they are forced
to do so."

Ethically, that is bad. You should never force (or threaten) anyone
into doing something they don't want to. I agree completely with Jay
and Dan.

This depends greatly on the information that can be retrieved via a
vulnerable website IMHO.
What if you can get personal data of the customers of the company or
you can do financial harm to them? Then it would be unethical to do
nothing against it.
In general i agree with you that it is never nice to force someone to
do something.
However, i don't want to put this threat into a discussion ethical vs.
unethical behavior..

--
regards,
Andreas Putzo




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



Relevant Pages

  • Re: Informing Companies about security vulnerabilities...
    ... The problem here is that he did not have permission to do what he did. ... every house to see if I can get in. ... that can be retrieved via a vulnerable website". ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: TLS implementation test
    ... It'can be a problem, but at least, server is not ... > discover a threat in TLS but to find threat in our implementation. ... This is particularly important when using stream cipher based ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: TLS implementation test
    ... discover a threat in TLS but to find threat in our implementation. ... Replay attack (I think it will not be possible because of TLS timestamps) ... This is particularly important when using stream cipher based ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)