[LINK] Super fund security breach lands good Samaritan in hotwater

Darren Pauli pauli.darren at gmail.com
Wed Oct 19 14:12:26 AEDT 2011

Infosec people tell me legal threats for unauthorised vuln disclosures are
on the rise, though they can't name names because of NDAs. They reckon some
of the businesses had paid researchers bug bounties but not before first the
legal threat.

Here's the letter sent from First State to Webster.

Webster had download about 500 accounts using a script. That was then
supplied to the company.

There's some robust discussion under the stories SC and Risky.Biz covered
last week. R.B's got the audio interview with First State Super's CEO
explaining the action.


For my 2 cents, I think its a warning that organisations should have a
policy for vulnerability disclosure. I'm sure they never wanted to be front
page of three media publications.

Darren Pauli

SC editor

More information about the Link mailing list