[OWASP-Bangalore] Why full/public disclosure of WebAppSec hack/vulnerability !

Raxit Sheth raxitsheth2000 at gmail.com
Fri Jun 26 10:41:12 EDT 2009


Vikas

Site has already fixed. they are no more open !

Raxit


On Fri, Jun 26, 2009 at 11:05 AM, Vikas Jain <v_jn at yahoo.co.in> wrote:

> Hello Raxit,I just want to recollect, what I understood from your email.
>
> "Some vulnerability in outlook money website has been reported and fixed.
> But even after the fix, you are still able to exploit the vulnerability."
>
> I this case, I would suggest to go for public-disclosure. Please correct me
> if I misunderstood something.
>
> Regards,
> Vikas
>
>
>
>
> ------------------------------
> *From:* Raxit Sheth <raxitsheth2000 at gmail.com>
> *To:* owasp-mumbai at lists.owasp.org; owasp-bangalore at lists.owasp.org;
> BarCampMumbai2 <barcampmumbai2 at googlegroups.com>; BarcampAhmedabad <
> barcampahmedabad at googlegroups.com>; barcampdelhi at googlegroups.com;
> bangalore_barcamp at yahoogroups.com; null null <giimale at gmail.com>
> *Sent:* Thursday, 25 June, 2009 9:37:13 PM
> *Subject:* [OWASP-Bangalore] Why full/public disclosure of WebAppSec
> hack/vulnerability !
>
> Hi Guys
>
>
>
> On this sunday(21st jun 2k9), found few critical personal data open on
> Outlook Money website  which i twitted After it has been fixed etc.. [i.e.
> first it is fixed and then i twitted !!! just to avoid any confusion.]
>
> Now i just wanted to know why to put disclosure or bring this to public
> (After it has been fixed !) ?  [if they are not fixing and to force them to
> fix, doing public disclsure is fine ...But once they have done the fix...
> Should one ?]
>
>
> Open for thoughts !
>
>
>
> -Raxit Sheth
> www.m4mum.com
> www.twitter.com/raxit
>
>
>
> ------------------------------
> ICC World Twenty20 England '09 exclusively on YAHOO! CRICKET<http://in.rd.yahoo.com/tagline_cricket_3/*http://cricket.yahoo.com>
>
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20090626/d91b5b86/attachment.html 


More information about the OWASP-Bangalore mailing list