, SecurityFocus 2002-03-06
A good Samaritan has trouble getting the attention of a fashion retailer leaking customer credit card numbers. Should reporting security holes in e-commerce sites be easier?
Expand all |
Post comment
|
Guesswork Plagues Web Hole Reporting
, SecurityFocus 2002-03-06 A good Samaritan has trouble getting the attention of a fashion retailer leaking customer credit card numbers. Should reporting security holes in e-commerce sites be easier?
Expand all |
Post comment
|
|
|
Privacy Statement |
1. "That is our ISP's problem" - This is the MOST COMMON EXCUSE!!
2. "You were trying to hack our site, we are going to report you to the FBI."
- I receive this mostly from idiot system administrators that know nothing about security and just want to blame someone (Cover their ass) for their lack of knowledge.
3. "Our security department/programmers don't see this as a problem".
- I mostly receive this type of comment from the "Microsoft Certified" Web page designes.
What I suggest (And I have started doing) is to report the sites to CERT and to NIPC. Let them to contact the company and address the problem. And if it goes public in 30 days due to people not willing to take responsibility for their own systems, well all the better.
Note: Out of the 10's of sites I have looked at, I have only had one company say 'thank you".
- Alger Hole
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/346/10834#10834