Quoting l0rtamus Prime (simonat_private): > The problem with his web site is a simple perl issue that any average > perl programmer can figure out. Any advice on what I should do? Should > I post a full disclosure? > I have tried to contact him, his ISP (verio) and other people but thus > far have yet to speak to anyone reasonable. I've got very good experience with sending them a polite email, explaining the issues, and making clear your intentions are good. If they don't reply, mail again, Cc-ing the ISP/upstream involved. Give them time, if they don't reply within a _reasonable_ amount of time, try calling; try making the 'full disclosure' decision the last thing you fall back on. I'm ofcourse completely in favour of full disclosure, but the target you're trying to help might have their own ideas about that. If you can, try to leave that decision up to them. I personally never had a bad response, or threats/legal stuff thrown at me. Greets, Robert -- Linux Generation encrypted mail preferred. finger rvdmat_private for my GnuPG/PGP key. "Invalid element 'rvdm' in content of 'p'." (WAP emulator error) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Dec 19 2001 - 16:05:03 PST