Re: Sky's the limit
> I'm afraid this hits my limit on public disclosure and it is plain irresponsible to do this.
Well as the AC says
> y independent non-governmental lab did similar private security research and submitted the draft report ... Fast forward 5 years.....and Nothing....
Sometimes being responsible just means that nothing gets done.
I remember many years back working in support for a big company. I customer reported a security vulnerability to me. I confirmed it and fed it back to the developers. Their management said, we're half way through cutting tapes for the next release its too expensive to fix now, it can wait for the next release after that.
One of my friends hit the roof when he read this response.
So he went onto the internal forum and posted something along the lines of
"Hey guys try this
type .....
Then .....
count to 5
now do ....
and ....
now see who you are
have a nice day!"
The shit hit the fan
Our manger stormed round to see what the F*&^ we'd done
We explained
Our manger said, "OK, that's now my shit" and went on the war path.
Two days later the company had procedures in place to handle urgent security cockups.
There are times when you scream till you're blue in the face and get nowhere
And if you really want things to happen you just have to put your balls on the chopping block and make a big enough scene no one can brush it under the carpet.
Hats off to guys with bigger balls than I had.