[OWASP-Bangalore] Why full/public disclosure of WebAppSechack/vulnerability !

Raxit Sheth raxitsheth2000 at gmail.com
Fri Jun 26 10:40:11 EDT 2009


Well. Except fame, if community or other WebAdmin is having any benefit,
then i am more than happy to disclose.

Raxit

On Fri, Jun 26, 2009 at 2:47 PM, Prashanth Sivarajan <prash.siv at gmail.com>wrote:

> What he means is...Why talk about a vulnerability that is already fixed....
>
> We all learn from something that already happened. if you see any security
> tutorial, They talk about how some websites 'were' hacked they never teach
> you how to hack.
> Thats for you to figure out.
>
> It is like reading the poems of other great poets to get inspired and write
> your own.
>
>
> On Fri, Jun 26, 2009 at 12:23 PM, Syed Mohamed A <SyedMA at microland.com>wrote:
>
>>  Send it to security focus …
>>
>> Regards
>>
>> Syed Mohamed A
>>
>> AGM – Security Services,
>>
>> Microland LTd
>>
>> (Co-author OWASP Guide, WASC Threat Classification, SANS Top 20)
>>
>>
>>
>> *From:* owasp-bangalore-bounces at lists.owasp.org [mailto:
>> owasp-bangalore-bounces at lists.owasp.org] *On Behalf Of *Raxit Sheth
>> *Sent:* Thursday, June 25, 2009 9:37 PM
>> *To:* owasp-mumbai at lists.owasp.org; owasp-bangalore at lists.owasp.org;
>> BarCampMumbai2; BarcampAhmedabad; barcampdelhi at googlegroups.com;
>> bangalore_barcamp at yahoogroups.com; null null
>> *Subject:* [OWASP-Bangalore] Why full/public disclosure of
>> WebAppSechack/vulnerability !
>>
>>
>>
>> Hi Guys
>>
>>
>>
>>
>> On this sunday(21st jun 2k9), found few critical personal data open on
>> Outlook Money website  which i twitted After it has been fixed etc.. [i.e.
>> first it is fixed and then i twitted !!! just to avoid any confusion.]
>>
>> Now i just wanted to know why to put disclosure or bring this to public
>> (After it has been fixed !) ?  [if they are not fixing and to force them to
>> fix, doing public disclsure is fine ...But once they have done the fix...
>> Should one ?]
>>
>>
>> Open for thoughts !
>>
>>
>>
>> -Raxit Sheth
>> www.m4mum.com
>> www.twitter.com/raxit
>>
>> The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material.
>> Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon,this information by persons or entities other than the intended recipient is prohibited.
>> If you received this in error, please contact the sender and delete the material from your computer.
>> Microland takes all reasonable steps to ensure that its electronic communications are free from viruses.
>> However, given Internet accessibility, the Company cannot accept liability for any virus introduced by this e-mail or any attachment and you are advised to use up-to-date virus checking software.
>>
>>
>> _______________________________________________
>> OWASP-Bangalore mailing list
>> OWASP-Bangalore at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>>
>>
>
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20090626/1e463776/attachment-0001.html 


More information about the OWASP-Bangalore mailing list