|
|
|
|
|
|
by silencio
6301 days ago
|
|
|
> none of us will give out our usernames to external websites Maybe so, but in the case of Twitter, not many people seemed to learn their lessons - and there people were giving away their usernames and passwords. > decide between emailing someone hoping they fix the problem, or just fixing it But you do not know if a vendor will fix the problem as soon as you report it to them, even if they already have a past history of not caring. the balance here is responsible disclosure: maybe it's a big enough issue or maybe the right person noticed that your problem will get fixed when you first let them know..in the event you feel you are ignored though, go public. best of both worlds. > I found this whole event funny. I don't think it's funny or angering. It's probably educational, as more people learn what CSRF is and it's probably a little annoying in that not as many people are discussing responsible disclosure, but there's not much to get angry about. Votes? big deal.... |
|
|