Jump to content

ADD

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by ADD

  1. This is still my motivation for using a thinkpad, never used it, but its glorious.
  2. So everyone knows this one right? http://securityreactions.tumblr.com/
  3. Tanks a lot! Didn't come across that thread yet. Has a lot of good advice.
  4. Hi all, I've found a quite bad security leak exposing a bunch of customer data in an app created by a small startup. Its a really obvious hole. I simply made 2 accounts, and logged in with one, went to the edit page of my account containing my info (email etc.), then changed the ID in the get request to the other account's ID. Its scary how easy this was. I never looked at other customers data. The get url's just seemed so insecure that I had to try if this would work. Anyway, I really want to make the issue clear to the company so they can fix it. However, I'm worried they might nog take this so well. I'm affraid they will take more notice to the, 'I can view all your customers data' part of my story than the 'and I'm here to help' part. Of course I could leave a nice note in their contanct form without an email address and hope they don't keep any access logs (wouldn't be supprising at this point). But that just doesn't seem right. Does anyone have any advice on how to go about this? Any experiences in this area maybe? Should I be worried at all about legal troubles? Thanks!
×
×
  • Create New...