Chet Ramey <chet.ra...@case.edu> writes: > Why would you feel you're entitled to a reward? Because they're trying to take advantage of other people.
This particular person also left another report for a missing SPF record to this same website and attempted to extort them out of money as well. Rather poor behavior on their part, and I say that knowing that these reports aren't made in good faith. I know several people who have received these reports, often with the same formatting and syntax, overexaggerating the risk of having an improper SPF record or missing DKIM records. I, quite frankly, am tired of hearing about them, and ironically these reports can give a bad impression on security researchers who do truly want to report issues but may, for instance, link a course they teach in their signature. Quite the impact these "reports" leave. I have no issue with informing a website owner that they could be vulnerable to clickjacking and the sort, but 1. the Bash Hackers Wiki is not at a serious risk for what Maaz is describing and 2. trying to make money off of a non-issue is extortion.
