Fwd: How to report a Vulnerability to a Company

From: Adam K (adamk1@gmail.com)
Date: Mon Jan 14 2008 - 16:37:24 EST

• Next message: JosŽé M. Palazón Romero: "Re: IPS Testing"
• Previous message: Joxean Koret: "RE: Database service discovery"
• Next in thread: Yousif@vapt-sec.com: "Re: Fwd: How to report a Vulnerability to a Company"
• Maybe reply: Yousif@vapt-sec.com: "Re: Fwd: How to report a Vulnerability to a Company"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I have been reading this with interest and was just curious about this
hypothetical situation. A person goes to use a site and accidentally
hits an incorrect key and is given an error page containing important
information. At this point would emailing the site owner be an act of
pentesting or simply a user reporting an error ? Is there a
distinguishable difference ? (I am taking the assumption the user is
trying to actively use the site, not looking for errors).

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: JosŽé M. Palazón Romero: "Re: IPS Testing"
• Previous message: Joxean Koret: "RE: Database service discovery"
• Next in thread: Yousif@vapt-sec.com: "Re: Fwd: How to report a Vulnerability to a Company"
• Maybe reply: Yousif@vapt-sec.com: "Re: Fwd: How to report a Vulnerability to a Company"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:20 EDT