[LINK] Super fund security breach lands good Samaritan in hotwater
Darren Pauli
pauli.darren at gmail.com
Wed Oct 19 14:12:26 AEDT 2011
Infosec people tell me legal threats for unauthorised vuln disclosures are
on the rise, though they can't name names because of NDAs. They reckon some
of the businesses had paid researchers bug bounties but not before first the
legal threat.
Here's the letter sent from First State to Webster.
http://i.haymarket.net.au/News/20111014034645_FSS-Solicitors_Redacted.pdf
Webster had download about 500 accounts using a script. That was then
supplied to the company.
There's some robust discussion under the stories SC and Risky.Biz covered
last week. R.B's got the audio interview with First State Super's CEO
explaining the action.
http://www.scmagazine.com.au/News/276780,security-researcher-threatened-with-vulnerability-repair-bill.aspx
and
http://risky.biz/minter
For my 2 cents, I think its a warning that organisations should have a
policy for vulnerability disclosure. I'm sure they never wanted to be front
page of three media publications.
Darren Pauli
SC editor
More information about the Link
mailing list