[Gllug] [OT] Reporting security vulnerabilities
Walter Stanish
walter.stanish at saffrondigital.com
Wed Sep 29 07:55:41 UTC 2010
> I have discovered a security vulnerability in a large multinational's
> systems that can be exploited remotely via the internet.
> I cannot find any security contact information at the company web site
> that does not cost me money in order to report the problem.
> The company in question is Sky TV.
> I therefore do not think it worth me bothering to report it to them.
> Should I keep quiet or should I make more effort to report the problem?
Definitely report it.
In my experience, the best way is to simply let them know you have
confidential matters that need to be relayed to their IT security
management. Refuse to speak to anyone else.
(This way no heads will roll when your news gets through.)
The last time I did this (a large transport provider who was
accidentally exposing customer information), I was thanked then
compensated adequately for my time.
- Walter
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list