Sadly this happens, having reported hundred of vulns and dealt with dozens of angry vendors I can say that problems can be avoided, just need to be careful asking for lawyer advise and have a plan b if something goes wrong https://twitter.com/zackwhittaker/status/965571877220618240 …
-
-
I remember in a call the vendor CTO threatened me and want me to talk to his CEO to tell him that the vuls weren’t real and that it wasn’t CTO fault ¯\_(ツ)_/¯
- End of conversation
New conversation -
-
-
this just in: we hacked some hardware and notified vendor, it seems related hardware is used by US gov for classified information, vendor contacted GSA and I got a letter from GSA saying that anything we found should "only be reported to GSA" letter CCed CIA, NSA, FBI, USDOS...
-
Good, now send it to me and I will let them know how good it is.
End of conversation
New conversation -
-
-
Finding vulnerabilities without sourcecode? Impossible? Sure, it's (usually) not easy, but c'mon,
@MalwareUnicorn's dog can do reverse engineering. Her smaller dog.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
A vendor accused my employer of doing "reverse engineering" on their product. Despite me spending one full day on their site (with their collaboration) to browse the source code. Yes I found & documented the backdoor, no client wasn't happy.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Somebody on Twitter basically tried to have me fired from my new job by threatening my employer. That was a fun conversation to have so early into a new job.
-
This Tweet is unavailable.
New conversation -
-
-
So they adit that in their own estimation you could get in, steal code, and they wouldn't even notice?
-
s/amit/admit/
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
