We have reported an issue to you
This page is designed to help you understand who we are and why we have contacted you regarding a security vulnerability. You may still have questions after reading, but we hope it answers the basics and minimises any panic or confusion.
The basics
We are an ethical cyber security consultancy, based in South Yorkshire, United Kingdom. Our address and contact details can be found on the 'contact us' page on this website. Our company aim is to To reduce victims of cyber-enabled crime, focussing on a reduction of malicious social engineering attacks. More details about our company can be found under the 'about us' page on this website.
WE never demand money
Our business is funded by traditional consultancy and paid services, we work with companies testing their physical and online security and provide training and education. If we have reported an issue to you, we have done so because our business believes it's the right thing to do - we are not trying to pitch for paid work either. All we ask is you formally acknowledge receipt of our report, this means we spend less time reporting issues and more time finding them.
Working within the law
Ethics and the law are ingrained in our company ethos, our principal consultant assists with police to help train officers in the fight against cybercrime. We understand the computer misuse act and would never break the law to identify an error on your systems. Our company believes that security issues can fuel criminal activity and reporting issues minimises this. We have unique ways to detect security errors, this normally means we have not had direct contact with your IT systems.
Fix first attitude
We keep security issues confidential as you fix them. If you would like to discuss the issue further we welcome a mutual non-disclosure agreement. An MNDA can provide the foundations to discuss the issue in greater depth. It is likely we can offer advice on the security issue we have reported, we will happily share 30 minutes for free. Our intention is to guide you to fix the issue.
What Now?
You have no obligation to speak to us about the issue further, once receipt of the security issue has been acknowledged by you we are happy to leave this to your organisation to fix. We commonly blog about the security research work we do, often this is to educate other people about the risks we have identified.
Ernst & Young
The issue regarding incorrect DNS configuration has now been fixed. Thank you for bringing this to our attention, we look forward to future collaboration. - EY