You are viewing a single comment's thread from:
RE: I was super happy ... then I got a job offer (And it all went to shit)...
Just curious, have you done some penetration testing on Steem/Steemit?
Just curious, have you done some penetration testing on Steem/Steemit?
Hey @abit , I didn't though that's a good idea.
However, I didn't see any contact details for disclosing security problems, and if I am not mistaken (???) Steemit is owned by some company. And if that's the case and they do not disclose email address for security then I don;t know how they'd react to someone testing their site.
I'd have to re-read the ToC to see if there's a mention of that cause some companies say stuff like "We do not want anyone to misuse the system and if you do we will take legal action". (Which is just stupid, cause obviously hacker would look at it and say, OH, I wanted to steal their information, but fuck, now I can't ...) And in that case I might get into trouble by disclosing their security problems to them.
Fair concerns..
Steemit is open source: https://github.com/steemit/steemit.com , most of its data is stored on the "Steem" blockchain (also open source: https://github.com/steemit/steem), although there could be a user-account related private database behind the site itself. IMHO you would be welcomed if you have interest to do the test, since it would benefit the whole platform, however perhaps you want to contact the company (Steemit, Inc) first to get a permission or somewhat similar. There is a public email address [email protected], also you can send direct message to @ned and/or @sneak on https://steemit.chat/ , and feel free to contact me by replying to this comment if above methods don't work for you (I'm not always on steemit.chat but occasionally check replies on this website).
Ok, I think I'll do it during Christmas as maybe 'll have more time.
Thanks. I'm gonna contact them now via email so they have time to reply.
I'll let you know once they reply.