Make sure the stones are real
I wrote the other day about the Brian Krebs article on the Russian site that said a lot of high visibility security companies web sites had some XSS vulnerabilities. Among which was none other than eEye. Well in a case of you meet the nicest people blogging, I received an email today from Ross Brown, the CEO of eEye. Ross saw my post and took the time to respond to me off line. I thought that was a very classy move on his part and I thanked him for it.
I also wanted to mention that eEye has not been able to recreate the vulnerability mentioned and it appears it may have been a case of this happening while some changes were being made to the website. It may be a case of irresponsible disclosure before adequate verification was done by the security group in Russia, who by the way, even Ross says is usually pretty good. Anyway, it was a funny way to meet Ross, but am glad that I did. Ross has also joined the security blogging world. You can read his blog at: http://technobabylon.typepad.com/.
Welcome to blogging Ross and thanks for clearing this up.
Comments