Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
[Full-disclosure] Question about ethics when discovering a security fault in system
From: Torbjörn Samuelsson (torbjorn.samuelssongmail.com)
Date: Thu Oct 27 2005 - 13:28:36 CDT
I stumbled upon a security fault (discovered it by mistake) this Sunday
in a perimeter security device.
The day after I contacted the manufacturer and informed them about it
and later that evening the acknowledged the problem and they where able
to reproduce it.
My question is what is good ethics for me to continue with this? Sense I
discovered it by mistake, and everyone can do the same thing and
everyone can reproduce it. And it is a perimeter security device
providing remote access from a large manufacturer. And might be a known
problem by others than the manufacturer, how ever the product has only
bean on the market for about 2 months.
What I want a resolution so the device we bought to provide us with
remote access and security shall work securely and that the company
shall inform other owner of there products about the problem so they
wont have the same security breach.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature