Sorry, I'm only catching up now. Thanks for featuring my questions on the podcast! About 5:40, I actually had a different problematique in mind, though: if I strictly abide by the rules of a BB programme of an evil organisation and report valid vulnerabilities to them, can that be considered ethical? Ideally, I'd like to see that organisation cease operations rather than make them more secure...
What about the ethics of publishing a redacted description of an exploit where the program has not given permission to disclose? I feel there is a benefit to the community to provide details of exploits, but programs may be very sensitive about releasing any information publicly, even if they can't be identified specifically.
Sorry, I'm only catching up now. Thanks for featuring my questions on the podcast! About 5:40, I actually had a different problematique in mind, though: if I strictly abide by the rules of a BB programme of an evil organisation and report valid vulnerabilities to them, can that be considered ethical? Ideally, I'd like to see that organisation cease operations rather than make them more secure...
55:40 That ATO story involving cookie tossing and cookie bombing is fire!
Where's the cert pinning script ??
Here you go! gist.github.com/teknogeek/4dc35fb3801bd7f13e5f0da5b784c725
What about the ethics of publishing a redacted description of an exploit where the program has not given permission to disclose? I feel there is a benefit to the community to provide details of exploits, but programs may be very sensitive about releasing any information publicly, even if they can't be identified specifically.