The Chaos Computer Club offers proxy services for vulnerability disclosures, as they also have a legal team that can help you. It's totally anonymous, create a shitty randomized protonmail or whatever for it and you're set.
I am never filing any vulnerability disclosure under my real name and neither my pseudonym. I've learned this lesson the hard way. Incompetence gets never punished, because intentions do not matter in front of the law - and especially not in front of a criminalizing-by-default law.
Only mad men file responsible disclosures under their real name and risk going to prison because of barbaric laws. Don't be that fool.
I guess that one of the takeaways is that Belgian systems and services are significantly more likely than average to have vulnerabilities, so you should stay away from them.
Not sure why they author wants to tell the world xxx org had a business logic vulnerability and I found it. The rest was OK, but why the need to talk about that type of vulnerability? It's a one-off. Also, making the existence of it public might draw others to their site looking for more.
The Chaos Computer Club offers proxy services for vulnerability disclosures, as they also have a legal team that can help you. It's totally anonymous, create a shitty randomized protonmail or whatever for it and you're set.
I am never filing any vulnerability disclosure under my real name and neither my pseudonym. I've learned this lesson the hard way. Incompetence gets never punished, because intentions do not matter in front of the law - and especially not in front of a criminalizing-by-default law.
Only mad men file responsible disclosures under their real name and risk going to prison because of barbaric laws. Don't be that fool.
[1] https://www.ccc.de/disclosure
Check this out also: http://mikhailian.mova.org/node/295
CCB does some strange things indeed.
I guess that one of the takeaways is that Belgian systems and services are significantly more likely than average to have vulnerabilities, so you should stay away from them.
Sounds onerous & a fair bit of the requirements add nothing.
Laws on the books rarely change, plenty of places have silly leftovers like laws about where you can park your horse.
it applies to me even if I am not a citizen of Belgium and don’t live in Belgium
Stay anonymous, look up extradition laws to be extra-safe.
qrd: if Belgium gov gets hacked they fully deserve it
> coordinated vulnerability disclosure
And I was thinking it was a disease.
Please don't help this country. It needs to fall apart.
[dead]
Not sure why they author wants to tell the world xxx org had a business logic vulnerability and I found it. The rest was OK, but why the need to talk about that type of vulnerability? It's a one-off. Also, making the existence of it public might draw others to their site looking for more.
Many people like talking about what they do for work, or their hobbies.