How Do You Report A Security Hole?
from the difficulties dept
A SecurityFocus article about how Guess (the fashion company) had a security hole in their server that let people access their customers' credit card records. As they say, this "credit cards exposed" story is quickly becoming the "dog bites man" story of the internet. A different one appears every few days. The interesting part of this story was how the guy who discovered the hole couldn't get to the right person at Guess to fix the hole. He sent emails that were ignored. He called and was transferred around and dumped off into voicemail. There isn't a standard person or method for contacting companies about security holes, and some people are suggesting that maybe their should be. Instead, what usually seems to happen is that after a few useless attempts, whoever found the hole ends up going public to the media - and then no one is happy.
1 Comments | Leave a Comment..
- DailyDirt: Autonomous Vehicles
- How Publishers Repeated The Same Mistake As Record Labels: DRM Obsession Gave Amazon Dominant Position
- Park Ranger Tases Guy Walking Dogs Without A Leash
- Brazilian Government Ordering Web Hosting Firms To Kill Domain Names They Don't Like
- Syrian President's Email Hacked... His Password Was 12345





Reader Comments (rss)
(Flattened / Threaded)
You get more results with a kind word and a 2x4...
Companies who don't have some way of reporting security breaches should have their problems aired in public. Even M$ had security holes into their network and the one who found them months back had notified them only to still have them around until recently.
Sometimes embarressment can be an excellent motivator (along with depressed stock prices, a pink slip, or 2x4)...
[ reply to this | link to this | view in thread ]
Add Your Comment