Re: Fwd: How to report a Vulnerability to a Company

From: Yousif@vapt-sec.com
Date: Sun Feb 24 2008 - 21:01:49 EST

Next message: Yousif@vapt-sec.com: "Re: Pen Test Success Factors"
Previous message: Yousif@vapt-sec.com: "Re: VA / PT Pricing??"
Maybe in reply to: Adam K: "Fwd: How to report a Vulnerability to a Company"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) Well, I believe it depends on the specific "incorrect" key the person had entered. I believe you could explain the situation to an IT Staff or a Support team, explaining that you had pressed an incorrect key and the functionality had disposed informational data, in which you took the time to report, for the better of YOU the user, the website, and the overall "what to do, I'm stuck" problem. Also, if this was a legal act that was done by mistake, then even in the servers logs,it should not appear as if illegal requests were being made in connection to that incorrect key, therefore it wouldn't look as harmful as an attack. If done promptly, the logs should show you being the last referring user after the error had displayed.

-Yousif Yalda
-Security Consultant
-http://Vapt-Sec.Com
-http://YousifYalda.BlogSpot.Com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Next message: Yousif@vapt-sec.com: "Re: Pen Test Success Factors"
Previous message: Yousif@vapt-sec.com: "Re: VA / PT Pricing??"
Maybe in reply to: Adam K: "Fwd: How to report a Vulnerability to a Company"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:25 EDT