Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Fwd: How to report a Vulnerability to a Company

from [Yousif] Network Security [Permanent Link]
Subject: Re: Fwd: How to report a Vulnerability to a Company
Date: 25 Feb 2008 02:01:49 -0000 
Well, I believe it depends on the specific "incorrect" key the person had 
entered. I believe you could explain the situation to an IT Staff or a Support 
team, explaining that you had pressed an incorrect key and the functionality 
had disposed informational data, in which you took the time to report, for the 
better of YOU the user, the website, and the overall "what to do, I'm stuck" 
problem. Also, if this was a legal act that was done by mistake, then even in 
the servers logs,it should not appear as if illegal requests were being made in 
connection to that incorrect key, therefore it wouldn't look as harmful as an 
attack. If done promptly, the logs should show you being the last referring 
user after the error had displayed. 

-Yousif Yalda
-Security Consultant
-Http://Vapt-Sec.Com
-Http://YousifYalda.BlogSpot.Com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: Fwd: How to report a Vulnerability to a Company, Yousif <=
Previous by Date:  Re: VA / PT Pricing??, Yousif
Next by Date:  Re: Pen Test Success Factors, Yousif
Previous by Thread:  Re: VA / PT Pricing??, Yousif
Next by Thread:  Re: Pen Test Success Factors, Yousif
Indexes:  [Date] [Thread] [Top] [All Lists]