Australian Police Investigating Teen Who Found Database Flaw
I wonder how this would have been handled, if it was in KE. I see the PTV already screwed up in an attempt to 'protect themselves' despite having been genuinely contacted. http://goo.gl/Z04c4a -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
It's important to never download data or manipulate anything in a white hat scenario - and certainly not to admit it. Anyway, this isn't a database flaw, it's an application flaw. -- Kili.io - OpenStack for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> About Adam: www.linkedin.com/in/adamcnelson On Mon, Jan 13, 2014 at 10:34 AM, Odhiambo Washington <odhiambo@gmail.com>wrote:
I wonder how this would have been handled, if it was in KE. I see the PTV already screwed up in an attempt to 'protect themselves' despite having been genuinely contacted.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Adam, How else do you prove the flaw if you don't? By just presenting/showing the logic to them? On 13 January 2014 10:37, Adam Nelson <adam@varud.com> wrote:
It's important to never download data or manipulate anything in a white hat scenario - and certainly not to admit it.
Anyway, this isn't a database flaw, it's an application flaw.
-- Kili.io - OpenStack for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> About Adam: www.linkedin.com/in/adamcnelson
On Mon, Jan 13, 2014 at 10:34 AM, Odhiambo Washington <odhiambo@gmail.com>wrote:
I wonder how this would have been handled, if it was in KE. I see the PTV already screwed up in an attempt to 'protect themselves' despite having been genuinely contacted.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
You do nothing. If you are a customer of that business, you quietly close your account and move elsewhere. On Jan 13, 2014 10:45 AM, "Odhiambo Washington" <odhiambo@gmail.com> wrote:
Adam,
How else do you prove the flaw if you don't? By just presenting/showing the logic to them?
On 13 January 2014 10:37, Adam Nelson <adam@varud.com> wrote:
It's important to never download data or manipulate anything in a white hat scenario - and certainly not to admit it.
Anyway, this isn't a database flaw, it's an application flaw.
-- Kili.io - OpenStack for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> About Adam: www.linkedin.com/in/adamcnelson
On Mon, Jan 13, 2014 at 10:34 AM, Odhiambo Washington <odhiambo@gmail.com
wrote:
I wonder how this would have been handled, if it was in KE. I see the PTV already screwed up in an attempt to 'protect themselves' despite having been genuinely contacted.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Just present/show the logic to them is all you can legally do. Touching the data is a crime and is pretty well codified internationally. If you did touch the data, certainly don't say so. -- Kili.io - OpenStack for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> About Adam: www.linkedin.com/in/adamcnelson On Mon, Jan 13, 2014 at 10:44 AM, Odhiambo Washington <odhiambo@gmail.com>wrote:
Adam,
How else do you prove the flaw if you don't? By just presenting/showing the logic to them?
On 13 January 2014 10:37, Adam Nelson <adam@varud.com> wrote:
It's important to never download data or manipulate anything in a white hat scenario - and certainly not to admit it.
Anyway, this isn't a database flaw, it's an application flaw.
-- Kili.io - OpenStack for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> About Adam: www.linkedin.com/in/adamcnelson
On Mon, Jan 13, 2014 at 10:34 AM, Odhiambo Washington <odhiambo@gmail.com
wrote:
I wonder how this would have been handled, if it was in KE. I see the PTV already screwed up in an attempt to 'protect themselves' despite having been genuinely contacted.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
participants (3)
-
Adam Nelson -
Brian Ngure -
Odhiambo Washington