JayeLTee<p>Oh, and there are over 1 billion info-stealer records exposed at the moment between a couple of IPs. This is so common, I'm surprised this was even on the news in the last few weeks for a rather small server.</p><p>180 million is really on the low end of what usually shows up exposed. I've seen servers with over 3.5 billion logs running before being wiped by wiperware.</p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/responsibledisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>responsibledisclosure</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/readyouremail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>readyouremail</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
212active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#responsibledisclosure
2 posts · 1 participant · 0 posts today
JayeLTee<p>Some wild things I found exposed recently that I am actively trying to close down:</p><p>1) 🇺🇸 Criminal Defense firm with archived case files exposed (evidence, discovery, court docs, etc) includes crash reports with dead people - Contacted the Law firm last week and nothing done.</p><p>2) 🇺🇸 Phone extracts for multiple cases that have been on the news, including a case of a cop suicide, sexual abuse cases - Looking at who to notify about this one, being extra careful as the file listing suggests illegal stuff gathered as evidence might be exposed on it.</p><p>3) 🇳🇿 A database backup with a table that includes someone's diary, with a lot of entries about their sexual life.<br>This backup also includes ~1,500 logins for a police association on other tables and credentials to multiple companies & websites - Contacted higher-ups in the police association for help identifying who is responsible, but so far, no reply.</p><p>Just a few more servers to add to the list of dozens of pending cases. Will start escalating contacts until stuff gets fixed. </p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/responsibledisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>responsibledisclosure</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/readyouremail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>readyouremail</span></a></p>
Ge0rG<p>What's the new / current place for publishing vulnerability reports (as part of responsible disclosure; I already got a CVE ID)? </p><p>Last time I published something, BugTraq still was a thing.</p><p> :BoostOK:</p><p><a href="https://chaos.social/tags/FediHelp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FediHelp</span></a> <a href="https://chaos.social/tags/AskFedi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AskFedi</span></a> <a href="https://chaos.social/tags/ResponsibleDisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ResponsibleDisclosure</span></a> <a href="https://chaos.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p>
kantorkel<p>Happy Birthday (nachträglich) zu drei Jahren <a href="https://23.social/tags/Datenleck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Datenleck</span></a>, lieber Tuev Nord</p><p><a href="https://lims.tuv-nord.co.th/main_app/.env" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lims.tuv-nord.co.th/main_app/.</span><span class="invisible">env</span></a><br>https://185.39.106.141/main_app/google-credential.json<br>https://185.39.106.141/.git/config</p><p>inetnum: 185.39.106.0 - 185.39.106.255<br>netname: DE-TUEVNORD-H-106</p><p><a href="https://23.social/tags/responsibleDisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>responsibleDisclosure</span></a> <a href="https://23.social/tags/disclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>disclosure</span></a></p>
JayeLTee<p>Looking for some help, boosts appreciated: </p><p>Anyone with a security contact at Disney or ABC Network?</p><p>I know Disney has a bug bounty program, but the issue is with a third-party software leaking data from multiple companies. </p><p>Found no information as to who owns the software online and would like some help figuring out who to notify.</p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/disney" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>disney</span></a> <a href="https://infosec.exchange/tags/abc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>abc</span></a> <a href="https://infosec.exchange/tags/responsibledisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>responsibledisclosure</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a></p>
Dissent Doe :cupofcoffee:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@JayeLTee" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>JayeLTee</span></a></span> Just to add some context about my attempt to get Mango's Place to lock down their data back in 2022:</p><p>I had been contacted by a researcher with info on the exposed data. Because that researcher was not in the U.S., I followed up on unsuccessful notifications with a phone call. I even made a note of who I spoke to in August 2022. </p><p>But alerting entities to their leaks is not my job, and when they didn't get back to me, I eventually forgot about them. I had waited to report anything because -- unlike a site that all-too-often reports on leaks that are still exposed --- I didn't want to publish about a leak where the still-exposed data had their name in the storage location's URL. </p><p>Whether Mango's Place will get sued by any irate parents remains to be seen. If they are, their failure to respond in 2022 may become part of any case. </p><p><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>incidentresponse</span></a> <a href="https://infosec.exchange/tags/responsibledisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>responsibledisclosure</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
H.Lunke & Socke<p>Immer noch eins meiner liebsten T-Shirts<br><a href="https://darmstadt.social/tags/ResponsibleDisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ResponsibleDisclosure</span></a></p>
Brian Greenberg :verified:<p>🔒 How to Report Security Issues in Open Source—Responsibly</p><p>Security flaws happen—but how we handle disclosure matters.</p><p>In this smart and timely guide, Jacob Kaplan-Moss outlines the three-step process for responsible vulnerability reporting in open source software (OSS):</p><p>✔️ Report the issue privately to maintainers<br>⏳ Allow a reasonable time frame (up to 3 months) for a fix<br>📢 If needed, publicly disclose to protect users</p><p>Kaplan-Moss also explains how to find contact info, the ethics of disclosure timelines, and tools available to OSS maintainers.</p><p>This is must-read content for anyone in security, development, or open source governance.</p><p>👉 <a href="https://jacobian.org/2025/mar/27/reporting-security-issues-in-oss/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">jacobian.org/2025/mar/27/repor</span><span class="invisible">ting-security-issues-in-oss/</span></a></p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DevSecOps</span></a> <a href="https://infosec.exchange/tags/ResponsibleDisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ResponsibleDisclosure</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p>
Dissent Doe :cupofcoffee:<p>Great thanks to <span class="h-card" translate="no"><a href="https://infosec.exchange/@adamshostack" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>adamshostack</span></a></span> for getting people together to think about this issue and to make recommendations to <a href="https://infosec.exchange/tags/HHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HHS</span></a> under the <a href="https://infosec.exchange/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIPAA</span></a> Security Rule. </p><p><a href="https://shostack.org/blog/security-researcher-comment-on-hipaa-security-rules/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">shostack.org/blog/security-res</span><span class="invisible">earcher-comment-on-hipaa-security-rules/</span></a></p><p>Direct link to comments to HHS by <span class="h-card" translate="no"><a href="https://infosec.exchange/@adamshostack" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>adamshostack</span></a></span>, <span class="h-card" translate="no"><a href="https://infosec.exchange/@dykstra" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dykstra</span></a></span>, Fred Jennings, Chloé Messdaghi, and me:</p><p><a href="https://downloads.regulations.gov/HHS-OCR-2024-0020-4673/attachment_1.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">downloads.regulations.gov/HHS-</span><span class="invisible">OCR-2024-0020-4673/attachment_1.pdf</span></a></p><p><a href="https://infosec.exchange/tags/GoodFaith" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoodFaith</span></a> <a href="https://infosec.exchange/tags/SecurityRule" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityRule</span></a> <a href="https://infosec.exchange/tags/ResponsibleDisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ResponsibleDisclosure</span></a> <a href="https://infosec.exchange/tags/VDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VDP</span></a></p>
Jan Wildeboer 😷:krulorange:<p><a href="https://social.wildeboer.net/tags/ResponsibleDisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ResponsibleDisclosure</span></a> also means to share if you have been diagnosed with an infectious disease while at or after an event or conference, ideally posted in a way that as many possible visitors of said event will notice (e.g. post here with a hashtag of the event, like <a href="https://social.wildeboer.net/tags/FOSDEM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSDEM</span></a>). There is no embargo on sharing such a vulnerability ;)</p>
Dissent Doe :cupofcoffee:<p>If you haven't read this post by <span class="h-card" translate="no"><a href="https://mastodon.green/@gcluley" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>gcluley</span></a></span> about a proposed Turkish law and you are a researcher or journalist reporting on breaches, read it:</p><p>New Law Could Mean Prison for Reporting Data Leaks:<br><a href="https://www.tripwire.com/state-of-security/new-law-could-mean-prison-reporting-data-leaks" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">tripwire.com/state-of-security</span><span class="invisible">/new-law-could-mean-prison-reporting-data-leaks</span></a></p><p><a href="https://infosec.exchange/tags/ResponsibleDisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ResponsibleDisclosure</span></a> <a href="https://infosec.exchange/tags/research" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>research</span></a> <a href="https://infosec.exchange/tags/journalism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>journalism</span></a> <a href="https://infosec.exchange/tags/freepress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>freepress</span></a> <a href="https://infosec.exchange/tags/censorship" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>censorship</span></a> <a href="https://infosec.exchange/tags/intimidation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>intimidation</span></a></p>
Jan Wildeboer 😷:krulorange:<p>FTR. I still believe in <a href="https://social.wildeboer.net/tags/ResponsibleDisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ResponsibleDisclosure</span></a> with a 90 day limit after the first acknowledged receipt. If the company/government/organisation won't move 90 days after they've acknowledged receiving your info, you should be free to go public. But going 0day is a different story.</p>
Dissent Doe :cupofcoffee:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@JayeLTee" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>JayeLTee</span></a></span> This is why sometimes it's not enough to just disclose responsibly to an entity. Did you let the data protection regulator know that although the entity is claiming 4-day exposure window, your research found it was almost a year? And did you tell the data protect regulator that the entity is reportedly telling some departments that their data was not exposed, when you found clear proof that it was? </p><p><span class="h-card" translate="no"><a href="https://xn--baw-joa.social/@lfdi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>lfdi</span></a></span> </p><p><a href="https://infosec.exchange/tags/responsibledisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>responsibledisclosure</span></a> <a href="https://infosec.exchange/tags/transparency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>transparency</span></a> <a href="https://infosec.exchange/tags/accountability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>accountability</span></a> <a href="https://infosec.exchange/tags/dataprotection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dataprotection</span></a> <a href="https://infosec.exchange/tags/misconfiguration" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>misconfiguration</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
chris@strafpla.net<p><span class="h-card" translate="no"><a href="https://chaos.social/@cccpresser" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cccpresser</span></a></span> Der in Deutschland politisch gewollte <a href="https://mstdn.strafpla.net/tags/ResponsibleDisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ResponsibleDisclosure</span></a> Prozess ist offensichtlich: <br>1) 4chan. <br>2) There’s no step 2. </p><p>(Hat <a href="https://mstdn.strafpla.net/tags/ModernSolution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ModernSolution</span></a> eigentlich Kunden und ab wann ist es fahrlässig, einer Firma mit dieser Expertise (Datenbank-Passwort für alle Kunden im Executable) PII anzuvertrauen?)</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.bund.de/@bfdi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bfdi</span></a></span> <span class="h-card" translate="no"><a href="https://gruene.social/@weddige" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>weddige</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@JayeLTee" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>JayeLTee</span></a></span> <span class="h-card" translate="no"><a href="https://social.bund.de/@BayLfD" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BayLfD</span></a></span> Q: Any estimates on how long that can take?</p><p>Cuz if it was me <a href="https://infosec.space/@kkarhan/113345431225819955" rel="nofollow noopener noreferrer" target="_blank">I'd escalate this</a> and make it the problem of the participants to sort out who's responsible...</p><p>Cuz <a href="https://infosec.space/tags/ResponsibleDisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ResponsibleDisclosure</span></a> is done with that...</p>
Wladimir Mufty<p>Don’t be a <a href="https://social.edu.nl/tags/zendesk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zendesk</span></a></p><p>👎 <a href="https://social.edu.nl/tags/responsibledisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>responsibledisclosure</span></a><br>👎 <a href="https://social.edu.nl/tags/bounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bounty</span></a><br>👎 <a href="https://social.edu.nl/tags/bug" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bug</span></a><br>😂 <a href="https://social.edu.nl/tags/outofscope" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>outofscope</span></a></p><p><a href="https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gist.github.com/hackermondev/6</span><span class="invisible">8ec8ed145fcee49d2f5e2b9d2cf2e52</span></a></p>
Dissent Doe :cupofcoffee:<p>It's particularly frustrating when the big tech firms don't respond appropriately to alerts. </p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@JayeLTee" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>JayeLTee</span></a></span> tells me he reported a server with 2.1B infostealer records hosted on Microsoft servers to <a href="https://cert.microsoft[.]com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">cert.microsoft[.]com</span><span class="invisible"></span></a> -- which is the URL listed in the WHOIS to report illegal content. His case came back within an hour as closed but they didn't do anything! He's trying abuse@microsoft[.]com now. </p><p>Anyone at <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> reading this: c'mon folks, respond appropriately to notifications like this. </p><p><a href="https://infosec.exchange/tags/infostealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infostealer</span></a> <a href="https://infosec.exchange/tags/responsibledisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>responsibledisclosure</span></a> <a href="https://infosec.exchange/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>incidentresponse</span></a></p>
Dissent Doe :cupofcoffee:<p>"Italy, exposed database puts dental clinic patients’ data at risk: "<br><a href="https://www.suspectfile.com/italy-exposed-database-puts-dental-clinic-patients-data-at-risk/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">suspectfile.com/italy-exposed-</span><span class="invisible">database-puts-dental-clinic-patients-data-at-risk/</span></a></p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@amvinfe" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>amvinfe</span></a></span> followed up on some findings by <span class="h-card" translate="no"><a href="https://infosec.exchange/@chum1ng0" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>chum1ng0</span></a></span> and they tried to get two entities to lock down exposed data that includes personal information. </p><p>Despite repeated notifications, the data are still not locked down, it seems. </p><p><a href="https://infosec.exchange/tags/responsibledisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>responsibledisclosure</span></a> <a href="https://infosec.exchange/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>incidentresponse</span></a> <a href="https://infosec.exchange/tags/incidentmanagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>incidentmanagement</span></a> <a href="https://infosec.exchange/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GDPR</span></a></p>
Dissent Doe :cupofcoffee:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@JayeLTee" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>JayeLTee</span></a></span> Nice work on your part. It's a shame that too many entities don't even say a simple "thank you" to those who try to alert them to a leak or situation. And, of course, how many of those who don't even acknowledge will ever disclose a leak or breach on their own? </p><p><a href="https://infosec.exchange/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>incidentresponse</span></a> <a href="https://infosec.exchange/tags/transparency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>transparency</span></a> <a href="https://infosec.exchange/tags/gratitude" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gratitude</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/responsibledisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>responsibledisclosure</span></a> <a href="https://infosec.exchange/tags/govsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>govsec</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://veganism.social/@MichalBryxi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>MichalBryxi</span></a></span> Just communicating with them as a Sysadmin that prevented said scammers from attacking one's systems will get them moving...</p><p>But based off <span class="h-card" translate="no"><a href="https://chaos.social/@Lilith" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Lilith</span></a></span> 's own experiences doing <a href="https://infosec.space/tags/ResponsibleDisclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ResponsibleDisclosure</span></a> LEAs and <a href="https://infosec.space/tags/TechIlliterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechIlliterate</span></a> <a href="https://infosec.space/tags/judges" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>judges</span></a> can be insultingly stupid...</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload