Re: [nznog] Thursday's security amusement!

Also with the Responsible Disclosure these draft guidelines were presented at Kiwicon and the audio for that presentation is here http://www.scmagazine.com.au/News/363991,kiwis-ink-bug-reporting-guidelines.... On 22 November 2013 08:59, Dean Pemberton wrote:

On the topic of highlighting security issues in a public forum...

The NZITF has just released a consultation draft of some guidelines around responsible disclosure.

PLEASE have a read and provide feedback. I'm also looking at presenting these in a form relevant to Network Operators at the conference. ie, How would you like Security Researchers to treat you when they find the next gaping hole in your network?

Here's more from the release.

Consultation open on Responsible Disclosure Guidelines

Posted: 8 November 2013

Today the New Zealand Internet Task Force (the NZITF) has released draft guidelines on responsible disclosure. These guidelines will help security researchers and organisations that operate ICT systems to work together to identify, understand and fix security vulnerabilities in New Zealand websites and ICT systems.

We are seeking your views on these draft guidelines to make sure that they are high quality and provide useful guidance on the aspects of responsible disclosure that need covering.

We welcome any comments or suggestions that you have on how the guidelines could be improved. We would also like to hear from you if your organisation is interesting in being named as a third party for finders to contact and act as an intermediary between them and the ICT owners that they deal with.

The guidelines are available for download at http://nzitf.org.nz/files/NZITF_Draft_Responsible_Disclosure_Guidelines.pdf

Submissions should be sent, by email, to
consult(a)nzitf.org.nz
by Sunday 22 December (please include the words "guidelines submission" in the subject header).

On Thu, Nov 21, 2013 at 12:04 PM, Tim Hoffman wrote:

...

This is vaguely operational and fairly amusing - one of our friendly LFC’s might want to sort their…ahem….levels of security fail!

https://www.google.co.nz/search?q=inurl%3A%2F%2Fhttp%3A%2F%2Fwww.ultrafastfibre.co.nz%2Ffiles%2F+agreement+&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&gfe_rd=cr&ei=axCMUoHzK6SN8QeI9YDQBQ

And to keep it on topic - beer!

Cheers, —hoff

<views do not represent anyone I may or may not work for etc etc> _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

---

NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog