Where to disclose a zero day vulnerability [duplicate]

This question already has an answer here:

We discovered a vulnerability in wide range of Ricoh printers, where with a simple PostScript file sent directly, it is possible to crash the device.

To recover you need physical access to the printer and an administration account to clear the queue (otherwise, after the restart, the crash will occur again).

This offers a simple and quick denial of service attack. If you are in the right network, you can disable all the printers within seconds.

We tried to contact Ricoh for months (but we were more or less silently ignored) and we finally where able to speak with the responsible person in our country. He stated that he does not see the problem.

Given that we are following the rules of responsible disclosure (Ricoh was warned month ago) and that they clearly stated that they will not address the problem: where should we disclose the problem?

Continue reading Where to disclose a zero day vulnerability [duplicate]

Zoom Vulnerability

The Zoom conferencing app has a vulnerability that allows someone to remotely take over the computer’s camera. It’s a bad vulnerability, made worse by the fact that it remains even if you uninstall the Zoom app: This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission. On… Continue reading Zoom Vulnerability

Consumers Urged to Junk Insecure IoT Devices

A security researcher who disclosed flaws impacting 2 million IoT devices in April – and has yet to see a patch or even hear back from the manufacturers contacted – is sounding off on the dire state of IoT security. Continue reading Consumers Urged to Junk Insecure IoT Devices

The Importance of Protecting Cybersecurity Whistleblowers

Interesting essay arguing that we need better legislation to protect cybersecurity whistleblowers. Congress should act to protect cybersecurity whistleblowers because information security has never been so important, or so challenging. In the wake of a… Continue reading The Importance of Protecting Cybersecurity Whistleblowers