Besides the specific vulnerability/exploit, it still perplexes me how there wasn't a "official" address/contact and the Author had to make several attempts to report the issue (and had even to go through Twitter!).
I believe this is a generic problem with lots of organizations/companies, contacting them about possible security vulnerability is made complex or impossible while there should be a simple straightforward way.
I wouldn't be surprised if a number of vulnerabilities (besides bugs) go unreported because the user that finds them is not persistent enough in communicating abou them.
1 comment
[ 2.8 ms ] story [ 14.1 ms ] threadI believe this is a generic problem with lots of organizations/companies, contacting them about possible security vulnerability is made complex or impossible while there should be a simple straightforward way.
I wouldn't be surprised if a number of vulnerabilities (besides bugs) go unreported because the user that finds them is not persistent enough in communicating abou them.