Collaborate Disseminate
I noticed a severe data leak on a Chinese website allowing me to access other users’ phone numbers, addresses and names.
Should I report this? I don’t want the higher management at the company to assume I was purposefully ha… Continue reading Should I report a severe data leak on a site?
This question already has an answer here:
We discovered a vulnerability in wide range of Ricoh printers, where with a simple PostScript file sent directly, it is possible to crash the device.
To recover you need physical access to the printer and an administration account to clear the queue (otherwise, after the restart, the crash will occur again).
This offers a simple and quick denial of service attack. If you are in the right network, you can disable all the printers within seconds.
We tried to contact Ricoh for months (but we were more or less silently ignored) and we finally where able to speak with the responsible person in our country. He stated that he does not see the problem.
Given that we are following the rules of responsible disclosure (Ricoh was warned month ago) and that they clearly stated that they will not address the problem: where should we disclose the problem?
Continue reading Where to disclose a zero day vulnerability [duplicate]
This question already has an answer here:
How to be taken seriously when doing responsible disclosure?
1 answer
In the co… Continue reading Responsible disclosure for hacked small business website [duplicate]
I accidently discovered a misconfiguration (?) security vulnerability:
Workstation managing system is publicly exposed with default credentials. admin/admin
The system contains arround 2k workstations with functionality such… Continue reading Misconfiguration security vulnerability disclosure
After Valve banned him from its bug bounty program, a researcher has found a second zero-day vulnerability affecting the Steam gaming client. Continue reading Researcher Discloses Second Steam Zero-Day After Valve Bug Bounty Ban
The Zoom conferencing app has a vulnerability that allows someone to remotely take over the computer’s camera. It’s a bad vulnerability, made worse by the fact that it remains even if you uninstall the Zoom app: This vulnerability allows any website to… Continue reading Zoom Vulnerability
The Zoom conferencing app has a vulnerability that allows someone to remotely take over the computer’s camera. It’s a bad vulnerability, made worse by the fact that it remains even if you uninstall the Zoom app: This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission. On… Continue reading Zoom Vulnerability
A security researcher who disclosed flaws impacting 2 million IoT devices in April – and has yet to see a patch or even hear back from the manufacturers contacted – is sounding off on the dire state of IoT security. Continue reading Consumers Urged to Junk Insecure IoT Devices
Interesting essay arguing that we need better legislation to protect cybersecurity whistleblowers. Congress should act to protect cybersecurity whistleblowers because information security has never been so important, or so challenging. In the wake of a barrage of shocking revelations about data breaches and companies mishandling of customer data, a bipartisan consensus has emerged in support of legislation to give consumers… Continue reading The Importance of Protecting Cybersecurity Whistleblowers
Interesting essay arguing that we need better legislation to protect cybersecurity whistleblowers. Congress should act to protect cybersecurity whistleblowers because information security has never been so important, or so challenging. In the wake of a… Continue reading The Importance of Protecting Cybersecurity Whistleblowers