Re: reporting a web site breach
- From: acey deucey <aceinyaface@xxxxxxxxx>
- Date: Thu, 16 Oct 2008 21:12:24 -0400
I think Jason has done more than his duty. I second calling a reporter. That will certainly get some atention. Hell, contact 10 reporters.
On Oct 16, 2008, at 15:58, "Prodigi Child" <prodigi.child@xxxxxxxxx> wrote:
If the company refuses to do anything about it, and it is based in the US,
try the FTC. If it is a bank, try the FDIC. Try to find an organization to
which they must answer. If you have ABSOLUTELY NO other recourse, then I
think you should act on the fact that the bad guys likely already know about
the security hole, and as a last resort consider calling a journalist.
Nothing like bad publicity to enact change in an organization :)
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx ] On
Behalf Of jason_jones98@xxxxxxxxxxx
Sent: Thursday, October 16, 2008 7:01 AM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: reporting a web site breach
Hi Guys.
I need some advise. I was using a web site to book a service (details
witheld) and found that i could very easily browse thousands of customer
details i.e. name, address, phone numbers, the credit card details are
masked but just viewed source and the credit card details are cleartext
along with valid from, expire and cvv number. I called the company last
night to advise that they probably want to bring down their site and advise
customers that their details have been potentially breached, basically they
told me it would cost them too much money to go offline and that was that! I
then attempted to call visa, mastercard and the high tech crime unit and
none of them seem to have a process to report this type of event unless an
actual crime has taken place. So for my sanity could someone advise me on
the ethical steps i should take to try and protect those customers?
--- ---------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
--- ---------------------------------------------------------------------
--- ---------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
--- ---------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
- Follow-Ups:
- Re: reporting a web site breach
- From: Chris Finley
- Re: reporting a web site breach
- References:
- reporting a web site breach
- From: jason_jones98
- RE: reporting a web site breach
- From: Prodigi Child
- reporting a web site breach
- Prev by Date: RE: Mitigate FTP
- Next by Date: Re: SQL Injection - Waitfor delay
- Previous by thread: RE: reporting a web site breach
- Next by thread: Re: reporting a web site breach
- Index(es):
Relevant Pages
|
