Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Question about ethics when discovering a security faul

from [Torbjörn Samuelsson] Network Security [Permanent Link]
Subject: [Full-disclosure] Question about ethics when discovering a security fault in system
Date: Thu, 27 Oct 2005 20:28:36 +0200 
Hi

I stumbled upon a security fault (discovered it by mistake) this Sunday in a perimeter security device.
The day after I contacted the manufacturer and informed them about it and later that evening the acknowledged the problem and they where able to reproduce it.

My question is what is good ethics for me to continue with this? Sense I discovered it by mistake, and everyone can do the same thing and everyone can reproduce it. And it is a perimeter security device providing remote access from a large manufacturer. And might be a known problem by others than the manufacturer, how ever the product has only bean on the market for about 2 months.

What I want a resolution so the device we bought to provide us with remote access and security shall work securely and that the company shall inform other owner of there products about the problem so they wont have the same security breach.

BR Tobbe

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through forged magic byte, Thierry Zoller
Next by Date:  [Full-disclosure] MDKSA-2005:200 - Updated apache-mod_auth_shadow packages fix security restriction bypass issues., Mandriva Security Team
Previous by Thread:  [Full-disclosure] Secunia Research: ATutor Multiple Vulnerabilities, Secunia Research
Next by Thread:  Re: [Full-disclosure] Question about ethics when discovering a security fault in system, Jeremy Bishop
Indexes:  [Date] [Thread] [Top] [All Lists]