[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Vulnerability Report(UI Redressing)
|
From: |
Elijah Conners |
|
Subject: |
Re: Vulnerability Report(UI Redressing) |
|
Date: |
Tue, 07 Mar 2023 10:49:50 -0800 |
|
User-agent: |
Zoho Mail |
Chet Ramey <chet.ramey@case.edu> writes:
> Why would you feel you're entitled to a reward?
Because they're trying to take advantage of other people.
This particular person also left another report for a missing SPF record to
this same website and attempted to extort them out of money as well. Rather
poor behavior on their part, and I say that knowing that these reports aren't
made in good faith. I know several people who have received these reports,
often with the same formatting and syntax, overexaggerating the risk of having
an improper SPF record or missing DKIM records. I, quite frankly, am tired of
hearing about them, and ironically these reports can give a bad impression on
security researchers who do truly want to report issues but may, for instance,
link a course they teach in their signature. Quite the impact these "reports"
leave.
I have no issue with informing a website owner that they could be vulnerable to
clickjacking and the sort, but 1. the Bash Hackers Wiki is not at a serious
risk for what Maaz is describing and 2. trying to make money off of a non-issue
is extortion.