Only part of the security community believes in responsible disclosure, a large portion of the community is for 'full disclosure', like the post in question here.
Great example: Security Researchers point out 29 vulnerabilities in Java 7 to Oracle in April, with Proof of Concept code and everything. Oracle patches 2 of the vulnerabilities in the June update. Someone else finds some of the same flaws and exploits them in the wild. Oracle only fixed them after they were being actively exploited. Turns out, the
Not true. If you find yourself dealing with a company that fixes the things you disclose in a timely manner then just throwing exploits out and sitting back with your popcorn trying to see if the hackers can fuck the public over before the company can fix it then you are just a dick.
The study of non-linear physics is like the study of non-elephant biology.
Seriously? (Score:5, Insightful)
The intent of this blog post is not give “hackers” or “scriptkiddies” any funny ideas, but merely for awareness.
And yet , after reading the blog post, I see he made no mention of warning whatsapp, giving them a chance to alter this, etc.
Nicely done with the "responsible disclosure".
Re: (Score:4, Insightful)
do something retarded and you deserve to have it blow up in your face like that
Re: (Score:5, Insightful)
Only part of the security community believes in responsible disclosure, a large portion of the community is for 'full disclosure', like the post in question here.
Great example: Security Researchers point out 29 vulnerabilities in Java 7 to Oracle in April, with Proof of Concept code and everything. Oracle patches 2 of the vulnerabilities in the June update. Someone else finds some of the same flaws and exploits them in the wild. Oracle only fixed them after they were being actively exploited. Turns out, the
Re:Seriously? (Score:4, Insightful)
"Responsible disclosure" is a completely disingenuous term. Full disclosure is the only responsible route.
Re:"Full disclosure is the only responsible route" (Score:2)
Hatta, you're actually not far off from Bruce Schneier's "Full Disclosure of Security Vulnerabilities a 'Damned Good Idea' [schneier.com]".
Re: (Score:2)
Not true.
If you find yourself dealing with a company that fixes the things you disclose in a timely manner then just throwing exploits out and sitting back
with your popcorn trying to see if the hackers can fuck the public over before the company can fix it then you are just a dick.