From: Andreas Putzo (putzoa@gmx.de)
Date: Thu Oct 05 2006 - 04:06:04 EDT
On Oct 04, pand0ra wrote:
> "You can try to set them an ultimatum pretending to disclose the holes
> to the public. Perhaps they are more willing to react if they are forced
> to do so."
>
> Ethically, that is bad. You should never force (or threaten) anyone
> into doing something they don't want to. I agree completely with Jay
> and Dan.
This depends greatly on the information that can be retrieved via a
vulnerable website IMHO.
What if you can get personal data of the customers of the company or
you can do financial harm to them? Then it would be unethical to do
nothing against it.
In general i agree with you that it is never nice to force someone to
do something.
However, i don't want to put this threat into a discussion ethical vs.
unethical behavior..
--
regards,
Andreas Putzo
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:06 EDT