Microsoft pay?? For the good of thier customers??

That isn't how they got so rich.. a while back I discovered close to 15 extremly serious issues on various msn.com subdomains. These issues lead to easily hi-jacking of hotmail accounts.

I contacted them, and showed a few of the vulnerabilities to them. I further proved thier exploitable nature to them after which they went about fixing these vulnerabilities.

I informed them that I would appreciate some sort of compensation, even if not of monetory value. They refused to do anything of the sort and clearly said that they didn't care and if I didn't disclose the vulnerablities to them they would just let them be till they were widely spread and pubicly disclosed after which they would fix them.

Think about it, a publicly disclosed flaw could lead to 10,000's of emails being taken over in a matter of hours. But that isn't worth anything for microsoft.

If microsoft only rewarded vulnerability researchers, as they do virus reporters I think microsoft would have a lot more secure future and so would thier customers.

-- admin (at) dbtech (dot) org [email concealed]

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/58/215#215