Responsible-Disclosure

A common complaint that you often hear in Infosec is how hard it can be to report vulnerabilities sometimes. This story tells of my journey using OSINT tools to find the right person to responsibly report a bug to. Of course, I enjoyed the journey more than the destination. The Discovery Even today, you can still find lots of misconfigured S3 buckets full of juicy data. I recently found one which contained a lot of personal documents belonging to the employees of a electric vehicle startup, lets refer to them with a made up name to save them some face. Lets call them EVzap. ...

I am a customer of Eureka Forbes, and last year I was accessing their website for making a payment. I own an Aquaguard Water Purifier by them and wanted to pay for the yearly maintenance contract (AMC). For anything related to your account, you need to login via their website (https://www.eurekaforbes.com/). There is currently only 1 mechanism available for login – OTP Login. You provide your phone-number (registered with Eureka Forbes) and they send an SMS OTP to your phone. ...