What sould be the best thing to do ?

Tazadar
7 years ago

0

Hello everybody,

When browsing on a website I noticed an attack vector.

What would be the thing to do ? I do not want to harm people or do anything illegal.

Tell the owner even if I am pretty sure this person did not make the website.
Try to see if the attack vector is really dangerous before telling him ?
Do nothing.
Other ideas ?

Thank you

SIGKILL [r4v463]
7 years ago

0

Don’t exploit the attack vector, you can be sued for it even if you did not harm the company and your intention was to protext the company. You can tell the owner, but do this anonymously (at least for the first contact) just in case he wants to sue you for nothing. Depending on your country, there are also governemental agencies to which you can send vulnerabilities and they will handle the rest. If you don’t want to spend time for this, do not do anything.

Tazadar
7 years ago

0

Ok thank you sir for your advices :)

What would be the best way to contact someone anonymously ?

About the agencies does one exist in France ?

Thanks again.

SIGKILL [r4v463]
7 years ago

1

Yes, it’s the ANSSI, Agence Nationale de la Suritdes Systes d'Information (National Agency of Information System Security), here is the link to report a vulnerability. I strongly recommend that you go through it, in France there is a juridic void on this point, even if I highly doubt that you can go in jail for reporting a vulnerability, someone can still sue you for this. The ANSSI has put this service in place more or less one year ago if I remind well to avoid the problem of people that just report vulnerabilities without harming the company and that get sued for it. You have the needed law’s text on the page I’ve linked, I let you read them.