Danny:<div><br></div><div>Suggest that you reach out to <a href="http://dankaminsky.com/bio/">Dan Kaminsky</a> (<a href="mailto:dan@doxpara.com">dan@doxpara.com</a>) . I think he has actually stopped by NB in the past.</div>
<div><br></div><div>Dan is known in the industry as having executed one of the most responsible disclosures of a major flaw to date. Poor guy had to convince and coordinate with all the tech giants. </div><div><br></div>
<div>Friendly guy, I am sure he could give you a few pointers as to how to execute a responsible disclosure that is effective.</div><div><br></div><div>Regards</div><div><br></div><div>Ken<br><br><div class="gmail_quote">
On Sat, Jul 23, 2011 at 11:33 PM, Danny O'Brien <span dir="ltr"><<a href="mailto:danny@spesh.com">danny@spesh.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
I've been able to deduce a fairly glaring security problem with a<br>
widely-available commercial product. Other users have found the same<br>
problem, and reported it to the company, but it sounds like they've<br>
sat on the problem for at least two months without pushing out a fix.<br>
(There's no cleverness here: it really didn't take me very long to<br>
work out a workable remote exploit from public information. It's a<br>
very clumsy mistake.)<br>
<br>
Can somebody who has been through this themselves walk me through the<br>
actual protocol to formally report this to the company (or gather<br>
evidence that they've been aware of the problem), and how to publicise<br>
it further through the correct channels?<br>
<br>
d.<br>
_______________________________________________<br>
Noisebridge-discuss mailing list<br>
<a href="mailto:Noisebridge-discuss@lists.noisebridge.net">Noisebridge-discuss@lists.noisebridge.net</a><br>
<a href="https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss" target="_blank">https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>Ken Adler <br>510-290-5806 (cell)<br><a href="mailto:Ken@adler.net">Ken@adler.net</a> <br>----<br> <br>
</div>