Recommended process to report website security flaw

B

Bernie

Expert Member
Joined
May 2, 2006
Messages
2,134
Reaction score
98
I am able to download any benefit statement from a companies website by changing the URL, even though I have logged in as myself. If I tell them will they sue me as I probably did technically break the law from reading previous threads on here. I only tested two to make sure.

Their contact page only lists an "info" address, I don't want to send the details there as it will probably go to 10 different people. If I call them they will get me arrested ;)


How would you go about this?
 
Try and get hold of someone in their IT department....
 
I'm sure they won't arrest you.
Contact the info address and ask them to get their security team to contact you.
 
Sinbad said:
I'm sure they won't arrest you.
Contact the info address and ask them to get their security team to contact you.
Click to expand...

This is exactly what I have done. Just waiting and see what happens.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X