Full Disclosure mailing list archives
Re: Rate Stratfor's Incident Response
From: Ferenc Kovacs <tyra3l () gmail com>
Date: Sat, 14 Jan 2012 20:32:04 +0100
On Sat, Jan 14, 2012 at 4:33 PM, Sanguinarious Rose < SanguineRose () occultusterra com> wrote:
I've been watching this chat for a while
you didn't watched properly. nobody said that you shouldn't report vulnerabilities. we discussed whether would it help or not if one would hire the kiddies owning their sites. and we discussed why is it bad if you report the vulnerability and back it up with the proof that you compromised that said system. I always report the vulns that I stumble upon (from my own email and such) and while I'm doing this in good faith, I would never dare to actively exploit that vuln for better proof, because if they sue me, they would win. So I try to keep it that way, that I cannot be held responsible, because I didn't broke any law. I also think that for a full penetration testing, one shouldn't act without prior agreement with the owner and having that written down. To go back to the irl analogy: even if I'm doing it in good faith, so that I would report the owner or fix the lock myself, I shouldn't try to open every door and window on a "random" house, nor should I take a photo of his belongings that I can prove that I was there. -- Ferenc Kovács @Tyr43l - http://tyrael.hu
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Rate Stratfor's Incident Response, (continued)
- Re: Rate Stratfor's Incident Response Michael Schmidt (Jan 13)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 13)
- Re: Rate Stratfor's Incident Response Paul Schmehl (Jan 13)
- Re: Rate Stratfor's Incident Response Laurelai (Jan 13)
- Re: Rate Stratfor's Incident Response Gage Bystrom (Jan 13)
- Re: Rate Stratfor's Incident Response Valdis . Kletnieks (Jan 14)
- Re: Rate Stratfor's Incident Response Sanguinarious Rose (Jan 14)
- Re: Rate Stratfor's Incident Response Paul Schmehl (Jan 14)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 14)
- Re: Rate Stratfor's Incident Response Sanguinarious Rose (Jan 14)
- Re: Rate Stratfor's Incident Response Ferenc Kovacs (Jan 14)
- Re: Rate Stratfor's Incident Response Sanguinarious Rose (Jan 14)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 14)
- Re: Rate Stratfor's Incident Response Paul Schmehl (Jan 13)
- Re: Rate Stratfor's Incident Response Benjamin Kreuter (Jan 13)
- Re: Rate Stratfor's Incident Response metasansana (Jan 17)
- Re: Fwd: Rate Stratfor's Incident Response doc mombasa (Jan 12)
- Re: Fwd: Rate Stratfor's Incident Response Laurelai (Jan 12)
- Re: Fwd: Rate Stratfor's Incident Response doc mombasa (Jan 12)
- Re: Fwd: Rate Stratfor's Incident Response Laurelai (Jan 12)
- Re: Fwd: Rate Stratfor's Incident Response doc mombasa (Jan 12)