Helpende hackers

Mocht je een digitale kwetsbaarheid op deze site hebben ontdekt, doe dan het volgende:
- Maak er geen misbruik van en meld het via dit adres
- Uiteraard niet toegestaan: fuzzing, DDoS, social engineering, backdoors installeren en andere nasty shit
- Je krijgt binnen drie dagen een reactie
- Geef ons voldoende tijd het te fixen
- Als we er wat aan hebben, kom je in onze Hall of Fame
- Zo niet, verwacht dan wat nare tweets over je...
- En nee, we geven geen financiele beloningen
- Weet je het nog steeds niet? Neem dan contact op met NCSC

Hall of Fame

- Nehal Ghoratkar provided a proof of concept that attackers may be able to use cross-site tracing and retrieve the value of HttpOnly cookies using cross-site scripting. He also warned us our site was HTTP Trace Support and leaking juicy technical file information. Contact: Facebook
- Ashish Pathak warned us about a cross site scripting vulnerability and delivered a proof of concept. This vulnerability was due to the Joomla CMS we were using and is now solved. Contact: Twitter
- Jay Patel warned in August 2015 us about a PHP issue regarding our CMS, which was not a potential exploit, but could expose relevant information on our configuration and make the website vulnerable. Contact: Facebook
- Nithish Varghese warned us in August 2015 on an e-mail spoofing issue, regarding our SMTP server, so we reconfigured it implementing SPF. Contact: Facebook.
- Shivam Kumar Agarwal helped out in June 2015 solving a SSL issue. He first reported our website could be vulnerable to the known hearthbleed exploit, based on a search with poodlebleed.com. We don’t use SSL, as tektok.nl does not have any log in forms, but other websites using the same IP address do and proved to be vulnerable. We set the report through to our provider and the bugs were fixed. We thank Shivam for his report. Contact: Bugcrowd
- Koutrouss Naddara reported in May 2015 a clickjacking vulnerability. As this is a recurrent problem in Joomla, we will soon be switching to another content management system. We thank Koutrouss for warning us. Contact: HackerOne
- Mischa van Geelen, @rickgeex: reported in september 2014 a cross site scripting vulnerability in our newsletter. I did not really understand the problem, but my provider did and solved it. Mischa also helps me out with advice on other cyber security issues and is a well known visitor of conferences. Contact: mischavangeelen.nl
- You?