lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <200507182056.26220.fdlist@digitaloffense.net> Date: Tue Jul 19 02:55:24 2005 From: fdlist at digitaloffense.net (H D Moore) Subject: Advice RE Site Exploit It doesn't work that way ;-) You either get to abuse the bug or tell the them about it; trying to do both is what gets people put into jail. In your communication with the company, you could always ask for a discount on your service or some other perk (in a polite and non-demanding way), but IMO thats as far as you can go without it looking like extortion. If you left your wallet in your car with the windows down and someone walks up to you and tells you about it, you will have one of two reactions. You will be happy that someone seemed concerned for your well-being or pissed off that some jerk was looking into your car in the first place. The reaction is going to depend on how you are approached and what they say. If they immediately ask for $10 on the grounds that they could have just taken your entire wallet, you might be motivated to break their face. Just because someone has the potential to rob you doesn't mean that you should be grateful to them if they don't :-) -HD On Monday 18 July 2005 19:22, David Wilde wrote: > Hello All, > > Long time lurker. I have recently come across a rather significant > (IMHO) exploit to gain access to a significant number of accounts held > by one of the two satellite tv companies in the US. I of course want > to do the right thing (TM), but I also would like a free lifetime > subscription to all of the channels with hardware upgrades at my > discression :) What is the best way of informing the company of my > discovery and my wishes with the ultimate goal of 1) not going to jail > being labeled a terrorist and threat to national security, and 2) > getting what I want? > > TIA > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists