I don't see where I'm being arrogant in the post, and actually, you are right, it's not a "professional" report, it's just the summary about how "easy" some data can be stolen, and what people with really bad porpoises could do with a little bit of luck (The "big" problem it's just weak credentials in the end). It's a blog post, not the report itself.
About clarifying the measures and the communication with the company, this is something that it's not related to the idea of the post, and no one else's business.
Someone else's published my post here in HN, and I saw some "overreacted concerns", my idea was just to say: "They know, it's safe, I'll help to fix things, don't worry. Take care of your creds, that's all". Also, thank you for the tip, I'm about to get the OSCP soon, I'll take into account your advice.
I want to clarify that the post/report has been agreed with the consultancy. Some of you would consider this as bad behavior from my side, and I'm sorry to hear that. What would you do if you ever find something like this? All this has been reported, and it’s being fixed. DISCLOSURE accepted, and that’s why the post/report won’t contain names ever. IMHO bad behavior is having all this information available "open to the Internet.", waiting for someone else to come with really unethical purposes. If you ever find a vulnerability and keep quiet about it, I don’t think that makes you any more ethical.
I don't see where I'm being arrogant in the post, and actually, you are right, it's not a "professional" report, it's just the summary about how "easy" some data can be stolen, and what people with really bad porpoises could do with a little bit of luck (The "big" problem it's just weak credentials in the end). It's a blog post, not the report itself.
About clarifying the measures and the communication with the company, this is something that it's not related to the idea of the post, and no one else's business.
Someone else's published my post here in HN, and I saw some "overreacted concerns", my idea was just to say: "They know, it's safe, I'll help to fix things, don't worry. Take care of your creds, that's all". Also, thank you for the tip, I'm about to get the OSCP soon, I'll take into account your advice.
Regards,
edbrsk