From: Peter Manis (manis@digital39.com)
Date: Sun Sep 02 2007 - 06:30:43 EDT
I am an affiliate of a website that I guess you could consider
popular. Everything is passed over an insecure connection, such as
the login, changing passwords, home address, and some other
information that is more sensitive.
I have plans to contact the company and inform them about all of this,
however they should already know which makes it that much worse. I
also feel the public should know since their information is what is
being transmitted over an insecure connection. What is a good
procedure for handling things like this? I have heard companies can
sue if you release vulnerabilities to the public.
- Pete
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:05 EDT