[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Vulnerability Report(UI Redressing)

From: Elijah Conners
Subject: Re: Vulnerability Report(UI Redressing)
Date: Tue, 07 Mar 2023 10:49:50 -0800
User-agent: Zoho Mail

Chet Ramey <chet.ramey@case.edu> writes:
> Why would you feel you're entitled to a reward? 
Because they're trying to take advantage of other people.

This particular person also left another report for a missing SPF record to 
this same website and attempted to extort them out of money as well. Rather 
poor behavior on their part, and I say that knowing that these reports aren't 
made in good faith. I know several people who have received these reports, 
often with the same formatting and syntax, overexaggerating the risk of having 
an improper SPF record or missing DKIM records. I, quite frankly, am tired of 
hearing about them, and ironically these reports can give a bad impression on 
security researchers who do truly want to report issues but may, for instance, 
link a course they teach in their signature. Quite the impact these "reports" 

I have no issue with informing a website owner that they could be vulnerable to 
clickjacking and the sort, but 1. the Bash Hackers Wiki is not at a serious 
risk for what Maaz is describing and 2. trying to make money off of a non-issue 
is extortion.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]