This time I have found a non-persistent xss vulnerability on one of Germany’s country-government websites. Immediatley after the finding (on 2012-03-11), I have noticed the webmaster about the vulnerability, but….no reaction. I noticed them 2 further times each time by extending the number of receipients…I thought that would help in getting any reaction, but it seems that I have been a naive German citizen.
Since…at least…I do care about security, I decided to send an email to the famous German IT magazine heisec.de to increase the pressure of the webmaster to fix this issue. Praise the press: the issue is fixed now.
Now I can write a lot about my philosophy about webmasters who do not like security reports, but this is very, very annoying since many of them did not understand (yes even after the Sony breach ?!) how to react to such kind of issues.