UK ISP threatens security researcher
Dragos Ruiu
dr at kyx.net
Tue Apr 24 05:50:19 UTC 2007
On Thursday 19 April 2007 18:25, Simon Lyall wrote:
> If you are a random person who comes across a security hole in a website
> or commercial product then the best thing to do is tell nobody, refrain
> from any further investigation and if possible remove all evidence you
> ever did anything.
>
> There is almost zero potential upside of reporting these holes vs the very
> real potential downside that the company might decide to go after you with
> their legal team or the police.
Bullshit.
And when we start propagating messages like this, it will be bad news.
Just report the bug. Unless they are ignorant idiots they should thank
you in some way.
cheers,
--dr
--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada April 18-20 - 2007 http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp
More information about the NANOG
mailing list