how do you inform a large pile of website owners about a security issue? does sending mails to webmaster(at)domain make any sense?
By defacing their sites with a notice about the vuln, or fixing it for them in bulk with a script? ;-)
-
-
Joking aside, maybe also try common acct names like security@, abuse@, etc., but I suspect they route most email they get as spam...
-
In my experience `whois <IP> | grep abuse@` works pretty well.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.