Is there a "greyhat" place to report web/cloud security issues?

Joined
Oct 23, 2018
Messages
930
Accidentally stumbled upon an external system at DHL which emails plain text passwords. Would like to report this somewhere and am thinking that simply reporting it to DHL will mean nothing ever gets fixed, but reporting it to the wrong place would lead to a full leak before it got fixed. Are there any in-between options?
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
5,950
What I would do is send it to the abuse email listed in the icann for their domain name--that should get it to the right person. I've done this for domains that are sending out spam to let the admins know what's up and have even gotten a job offer this way.
 
Joined
Oct 23, 2018
Messages
930
What I would do is send it to the abuse email listed in the icann for their domain name--that should get it to the right person. I've done this for domains that are sending out spam to let the admins know what's up and have even gotten a job offer this way.
Looks like it's registered via proxy, so the abuse email is just abuse@theproxy rather than abuse @dhl.
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
5,950
Looks like it's registered via proxy, so the abuse email is just abuse@theproxy rather than abuse @dhl.
That's fine as it is their responsibility to pass it on and should take it seriously or you can report them as a bad registrar.
 
Top