[OWASP-Bangalore] Why full/public disclosure of WebAppSechack/vulnerability !

Prashanth Sivarajan prash.siv at gmail.com
Fri Jun 26 05:17:53 EDT 2009


What he means is...Why talk about a vulnerability that is already fixed....

We all learn from something that already happened. if you see any security
tutorial, They talk about how some websites 'were' hacked they never teach
you how to hack.
Thats for you to figure out.

It is like reading the poems of other great poets to get inspired and write
your own.


On Fri, Jun 26, 2009 at 12:23 PM, Syed Mohamed A <SyedMA at microland.com>wrote:

>  Send it to security focus …
>
> Regards
>
> Syed Mohamed A
>
> AGM – Security Services,
>
> Microland LTd
>
> (Co-author OWASP Guide, WASC Threat Classification, SANS Top 20)
>
>
>
> *From:* owasp-bangalore-bounces at lists.owasp.org [mailto:
> owasp-bangalore-bounces at lists.owasp.org] *On Behalf Of *Raxit Sheth
> *Sent:* Thursday, June 25, 2009 9:37 PM
> *To:* owasp-mumbai at lists.owasp.org; owasp-bangalore at lists.owasp.org;
> BarCampMumbai2; BarcampAhmedabad; barcampdelhi at googlegroups.com;
> bangalore_barcamp at yahoogroups.com; null null
> *Subject:* [OWASP-Bangalore] Why full/public disclosure of
> WebAppSechack/vulnerability !
>
>
>
> Hi Guys
>
>
>
> On this sunday(21st jun 2k9), found few critical personal data open on
> Outlook Money website  which i twitted After it has been fixed etc.. [i.e.
> first it is fixed and then i twitted !!! just to avoid any confusion.]
>
> Now i just wanted to know why to put disclosure or bring this to public
> (After it has been fixed !) ?  [if they are not fixing and to force them to
> fix, doing public disclsure is fine ...But once they have done the fix...
> Should one ?]
>
>
> Open for thoughts !
>
>
>
> -Raxit Sheth
> www.m4mum.com
> www.twitter.com/raxit
>
> The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material.
> Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon,this information by persons or entities other than the intended recipient is prohibited.
> If you received this in error, please contact the sender and delete the material from your computer.
> Microland takes all reasonable steps to ensure that its electronic communications are free from viruses.
> However, given Internet accessibility, the Company cannot accept liability for any virus introduced by this e-mail or any attachment and you are advised to use up-to-date virus checking software.
>
>
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20090626/4453d1ed/attachment.html 


More information about the OWASP-Bangalore mailing list