Insecure websites

December 26, 2006

It really worries me when I stumble across an insecurity in a website. I don’t go looking for them, but when I find one, I feel like I have a responsibility to do something about it. I don’t mean tell the world about it – that would be bad for the company and more importantly for their unsuspecting customers, I mean to let them know.

In the case that I found today, I have used the “Contact Us” part of the site, and will call their head office myself tomorrow if I haven’t heard a response. I really hope they take me seriously. I will offer to help them out to resolve their problems of course, I have no desire at all for them to be hacked.

This Post Has 4 Comments

  1. Ctrl_X

    Cool 🙂 no sql injection there 😀

  2. S.B

    Hi Rob,

    If I contact websites saying that they are susceptible to SQl Injection attacks, will I be doing something illegal?
    I mean, I could find that the sites are insecure by trying out some SQL Injection tricks so if I report it to the website, will I be considered a hacker?

  3. robfarley

    SB,

    I don’t know – and I guess it depends on your local laws. I think if you don’t do anything malicious, then that could be fine. Accessing confidential information is often considered illegal, which is why I only accessed metadata in the site I stumbled across.

    Rob

Leave a Reply

LobsterPot Blogs

Blog posts by Rob Farley and other LobsterPot Solutions team members.

Search