- 6 Followers
- 35 Following
- 24 Posts
sorry i say dumb shit all the time 😔
Neverfadingwood 🇺🇦tl;dr with some fuzzing you have read access to all financial records any client of the platform might have
Hello Mastodon! I haven't really posted anything here since I'm socially awkward but I come with a cry for help.
I am not a security professional (although I strive to be), just an engineer so I need some advice. I found an unprotected endpoint on one of the sites I use daily for my business that allows read access to all documents, regardless of who they belong to. I disclosed the vulnerability with the company that owns the platform and their dev team is already working on a fix. The thing is, their OpSec is pretty much non-existent and I lack the knowledge to know what to do here. Is this something that should be disclosed to the public after it's patched? I also want to recommend they check their logs to see if someone has exploited this before, but I lack the confidence lol.
Could anyone tell me how I should recommend they handle this? Is this maybe something I should NOT do?
Thank you lovely people :)
#opsec #redteam #vulnerability #disclosure #infosec
mattIn my experience, there are two types of people in tech. There’s “Alexa controls my thermostat” people and “I live in a cabin in the woods” people. RPi thought they would be interacting with the thermostat people on the wood cabin people’s social media site.
PwnallthethingsAlso excited for the new era of "who is liable when the AI tells you to cook the frozen Turkey in the deep-fryer" / "can you maliciously interact as user A with the AI, such that the AI interacts with user B and advises them to do X" wars