Re: [FD] Legality of Open Source Tools

Toni, The English version has this information in Chapter 38, I didn't find it in a Chapter 34. The key to all this is the language of intent, using verbiage such as "aggravated", "unlawful", and "to cause detriment". This is the same as the United States and many other countries; if you don'

Re: [FD] So You Like Pain and Vulnerability Management? New Article.

Pedro, I think you misinterpreted the article. I can see how his writing style can be confusing with all the joking and contradictions throughout. I had to reread it twice to make sure I was taking away what was intended Just to be clear though, I agree and don't think it really adds value fo

Re: [FD] Responsible disclosure: terms and conditions

Keep in mind you can always be sued. No matter what 'legal' document you may have. I'm the third down on that attrition list. This brings to mind this recent blog from John Strand: http://pen-testing.sans.org/blog/pen-testing/2014/06/04/five-things-every-pen-tester-should-know-about-working-wit

Re: [FD] Responsible disclosure: terms and conditions

Should also point out that getting E&O insurance is a good idea. Daniel > On Jun 8, 2014, at 1:34 PM, Dave Warren wrote: > >> On 2014-06-08 04:03, Paul Vixie wrote: >> this is concerning, for two reasons. >> >> first, for enforceability, a contract requires exchange of >> consideration. what'

Re: [FD] Regarding how can I request a CVE number?

Unfortunately, this has been happening to many people within the last year. My suggestion is to assign your own numbering schema to them and post the details. If they gain momentum then you may get one assigned anyway if it's serious enough. Sent from my iPhone > On Mar 18, 2015, at 6:32 AM,

Re: [FD] Google Chrome Address Spoofing (Request For Comment)

Yes this is a pretty good find. I can also confirm it works on iOS 8.3 (12F69) with Safari. DW Sent from my iPad > On Jul 2, 2015, at 9:33 AM, Mustafa Al-Bassam wrote: > > That's pretty neat. Played around with this and made a few discoveries. > > 1. It shows a valid certificate when you spoo

Re: [FD] 360 security android app snoops data to China Unicom network via insecure HTTP

Can't you just run the app in an Android emulator and shark it? Sent from my iPhone > On Apr 30, 2017, at 06:02, secli...@email.tg wrote: > > I have a further update on the issue. After uninstalling the 360 security > android app, I found after repeated checks of Network Info on my phone via >

[FD] Multiple vulnerabilities discovered in Qualys Cloud Agent

/vuln/detail/CVE-2022-29550 Read more: https://www.unqork.com/resources/unqork-and-qualys-partner-to-resolve-zero-day-vulnerabilities https://blog.qualys.com/product-tech/2022/08/15/qualys-security-updates-cloud-agent-for-linux Daniel Wood Head of Product Security, Unqork -- **This e-mail, and any