nanog mailing list archives
Re: Security reporting response handling [was: Suggestions for the future on your web site]
From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Tue, 22 Jan 2013 16:57:04 +0530
On Tuesday, January 22, 2013, Matt Palmer wrote:
That article doesn't justify security review, it justifies not being a complete knob when someone reports a security hole in your site. There are so many site vulnerabilities these days that they're not news. What *is* news is when the vulnerable organisation goes off the deep end and massively overreacts to the situation.
Report - yes. What this kid seems to have done is - reported it, got thanked for it. Then went ahead and pentested the site to see for himself whether the bug was fixed or not. Which justifies the company asking him to stop I guess - and it definitely justifies the kid's prof chewing him out. Expulsion, maybe not, though the article I read said 14 out of 15 profs in his college voted to boot the kid out. --srs -- --srs (iPad)
Current thread:
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...), (continued)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Andrew Sullivan (Jan 24)
- Re: Suggestions for the future on your web site: (was cookies, and Joe Greco (Jan 24)
- Re: Suggestions for the future on your web site: (was cookies, and . (Jan 25)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Scott Howard (Jan 24)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Jimmy Hess (Jan 24)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) . (Jan 21)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) . (Jan 21)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Jean-Francois Mezei (Jan 21)
- Re: Security reporting response handling [was: Suggestions for the future on your web site] Matt Palmer (Jan 22)
- Re: Security reporting response handling [was: Suggestions for the future on your web site] Suresh Ramasubramanian (Jan 22)
- Re: Security reporting response handling [was: Suggestions for the future on your web site] Alain Hebert (Jan 22)
- Re: Security reporting response handling [was: Suggestions for the future on your web site] Jimmy Hess (Jan 23)
- Re: Security reporting response handling [was: Suggestions for the future on your web site] . (Jan 23)