Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
MOS.ru report backend leak
#1
MOS.ru




Quote:What is information disclosure support?
When a hole is found, it needs to quickly enter the right hand. This is the only way to ensure it is safely resolved without damaging the public. To support this process, Disclosure Support has introduced the Directory to determine the best way to report potential vulnerabilities directly to organizations that can address them.

Some organizations do not have a definite method to receive reporting vulnerabilities from external search engines. In these situations, Disclosure Support will work with friendly hackers on the basis of best efforts to verify the legality of the vulnerability, access and verify an individual's identity at the organization. affected, then share this vulnerability with the organization to be able to resolve.

Why Support Disclosure provides Disclosure Support?
It is risky for security researchers to report vulnerabilities to organizations lacking official policies. Will the researcher receive a warm welcome, a cold shoulder, a punitive lawsuit or a visit from law enforcement? This uncertainty enhances the cooling effect so that the vulnerabilities are not reported and the Internet becomes less secure than possible. It is for our best collective benefit to help friendly hackers can disclose vulnerabilities to any organization.

In the material world, "If you see something, say something." is a core tenet of any safe community. The same thing must be true online, but good samaritans are often pressured to "say nothing". Encouraging strong relationships with organizations and the hacker community is the key to creating a safer Internet for everyone. The Disclosure Support List aims to reduce personal risk and help narrow this important gap.

How does it work correctly?
A friendly hacker found a vulnerability.
They searched for the Disclosure Support List for a published security contact method and tried alternative communication facilities.
If hackers have exhausted their options in an effort to contact the organization, they may request Disclosure Support.
At this point, hackers provide information about their efforts to reach the affected organization along with relevant vulnerability information. Information about this vulnerability is received by the Disclosure Support Disclosure team, who verifies the legality of the error, as well as identifies the potential impact.

Because Disclosure Support is a best-effort service, Priority Disclosure Support for errors that need support based on impact and may not be able to support low impact errors. Please note that we cannot guarantee success, so we encourage you to familiarize yourself with the Frequently Asked Questions about the EFF vulnerability report and encourage you to make other contact efforts in parallel. our effort.

Disclosure support will attempt to contact the affected organization and verify the identity of an appropriate contact point to receive information about the vulnerability. When their identity is verified, an email will be sent to the contact point with a secret link to the content of the bug report and interactions between hackers and Revealed Support. At this point, information about the vulnerability has been successfully shared with the affected organization.
Reply
 


Possibly Related Threads...
Thread Author Replies Views Last Post
  Huawei.com - App dev backend leak emailsnipper 12 878 03-12-2019, 06:59 PM
Last Post: frantaw
  JCrew.com Jira admin backend leak emailsnipper 0 312 03-07-2019, 10:54 PM
Last Post: emailsnipper
  Technisys.com Jira access leak emailsnipper 1 162 03-02-2019, 07:53 PM
Last Post: cocukadam
  Sephora.com Jira access leak emailsnipper 1 142 03-02-2019, 07:31 PM
Last Post: cocukadam
  Dialog.lk Admin Jira access leak emailsnipper 2 147 02-27-2019, 11:55 PM
Last Post: emailsnipper



Users browsing this thread: 1 Guest(s)