Is there a "greyhat" place to report web/cloud security issues?

Joined
Oct 23, 2018
Messages
1,011
Accidentally stumbled upon an external system at DHL which emails plain text passwords. Would like to report this somewhere and am thinking that simply reporting it to DHL will mean nothing ever gets fixed, but reporting it to the wrong place would lead to a full leak before it got fixed. Are there any in-between options?
 
What I would do is send it to the abuse email listed in the icann for their domain name--that should get it to the right person. I've done this for domains that are sending out spam to let the admins know what's up and have even gotten a job offer this way.
 
What I would do is send it to the abuse email listed in the icann for their domain name--that should get it to the right person. I've done this for domains that are sending out spam to let the admins know what's up and have even gotten a job offer this way.
Looks like it's registered via proxy, so the abuse email is just abuse@theproxy rather than abuse @dhl.
 
Looks like it's registered via proxy, so the abuse email is just abuse@theproxy rather than abuse @dhl.
That's fine as it is their responsibility to pass it on and should take it seriously or you can report them as a bad registrar.
 
Back
Top