Kevin Poulsen, SecurityFocus 2002-03-06
A good Samaritan has trouble getting the attention of a fashion retailer leaking customer credit card numbers. Should reporting security holes in e-commerce sites be easier?
Colapse all |
Post comment
Guesswork Plagues Web Hole Reporting
2002-03-06
Anonymous (4 replies)
Anonymous (4 replies)
Guesswork Plagues Web Hole Reporting
2002-03-06
The Clone
The Clone
Well put, Anonymous. You're absolutely right. I've had a similar problem with several companies (oil companies, tech companies, and even banks) regarding wireless security holes I found. I was luckly enough to find a valid e-mail address, but unfortunately they never got back to me. And no, not one ...
[ more ] [ reply ]
[ more ] [ reply ]
Guesswork Plagues Web Hole Reporting
2002-03-07
Tommy Ward
Tommy Ward
I completely sympathize with anyone who has tried to contact a human being at many large organizations. It can really be difficult. The default stance seems to be "send us an order", or do you want to "order something".
To be fair to the companies, however, I know what type of insane crap come...
[ more ] [ reply ]
To be fair to the companies, however, I know what type of insane crap come...
[ more ] [ reply ]
Guesswork Plagues Web Hole Reporting
2002-03-07
Anonymous
Anonymous
You are absolutly right. I work for a company that purposly ommited to put a big maze of supposed online help on the site so that people would write or call tech support. It's more work but in the end, we get so much more valuable feedback than you can gather from ranting mad emails from frustrated ...
[ more ] [ reply ]
[ more ] [ reply ]
Guesswork Plagues Web Hole Reporting
2002-03-06
Anonymous
Anonymous
I have seen dozens of sites like this. The excuses range from:
1. "That is our ISP's problem" - This is the MOST COMMON EXCUSE!!
2. "You were trying to hack our site, we are going to report you to the FBI."
- I receive this mostly from idiot system administrators that know nothing about se...
[ more ] [ reply ]
1. "That is our ISP's problem" - This is the MOST COMMON EXCUSE!!
2. "You were trying to hack our site, we are going to report you to the FBI."
- I receive this mostly from idiot system administrators that know nothing about se...
[ more ] [ reply ]
Guesswork Plagues Web Hole Reporting
2002-03-08
Anonymous (1 replies)
Anonymous (1 replies)
"Good samaritan," huh? My question is this: if this individual was so interested in honestly informing this company of their security flaws, why is he pulling down credit card numbers instead of the other account information no doubt stored in the sql database, such as usernames, order numbers, mail...
[ more ] [ reply ]
[ more ] [ reply ]
Guesswork Plagues Web Hole Reporting
2002-03-11
Anonymous
Anonymous
I'm a security engineer for a Fortune 500 company. My work primarily involves our NT servers, while the firewall and routing is handled by the network group. Internet security is handled by yet another group, and so on. This is representitive of the entire company's structure, in that each group doe...
[ more ] [ reply ]
[ more ] [ reply ]
Guesswork Plagues Web Hole Reporting
2002-03-13
Andrew Daviel
Andrew Daviel
www.ietf.org/rfc/rfc2142.txt
RFC 2142 specifies several standard mailboxes. "abuse"
is very common, "security" less so. Someone should at least
listen on "abuse" as that's the place to report their
servers doing a DDoS attack. Reading this mail is the price
of doing business on the net.
...
[ more ] [ reply ]
RFC 2142 specifies several standard mailboxes. "abuse"
is very common, "security" less so. Someone should at least
listen on "abuse" as that's the place to report their
servers doing a DDoS attack. Reading this mail is the price
of doing business on the net.
...
[ more ] [ reply ]
[ more ] [ reply ]