Quote:
|
Originally Posted by NetRodent
Actually that's the estabished and accepted method of bug reporting. Notify the company privately and if they don't fix it in a reasonable amount of time make the bug public so they have to fix it. Its far better to embarrass the company into fixing the bug than to have someone less reputable discover the bug and be free exploit it indefinitely.
|
I agree, this goes for all exploits found. They were given a decent amount of time to fix the bug, but they chose not to. This time, they have to or all hell will fall onto their laps. Personally, if Fris got into my server, I would be like, "Dude wtf ... sweet, how did you get in?"