Security Vulnerability

We are happy to work with you to resolve this situation as soon as possible. And request you share information with us via info@dcypher.nl. To prevent a potential vulnerability being abused by others, we ask you use the following guidelines: 

  • Provide sufficient information (for example, a detailed description including IP addresses, logs, how to reproduce the vulnerability, screenshots, etc.) so that we can handle your message as effectively as possible.
  • Do not share knowledge about the vulnerability with others, until the leak has been repaired.
  • Do not abuse the vulnerability. 

Five workdays

Once a vulnerability is reported, we will contact you within 5 workdays to make arrangements for a reasonable period of recovery and a possible coordinated publication of the vulnerability.

Notifications

To date we have received the following comments for which thanks!

  • By @MatteKlap on November 3, 2015 via Twitter "SSL has connection with RC4_128 for encryption?" (solved within a day)
  • By anonymous on April 6, 2016 in response form of news report "the certificate of the intermediate CA not send, so Firefox does not trust the website" (resolved within 90 minutes)
  • By Anonymous on April 6, 2016 in response form of news item "problem with mail server" (resolved within 13 hours)
  • On April 11, 2016, NCSC pointed us to "improper use of email address created in 2014", reported via Twitter by @mramsmeets (research on this has been completed on April 25 and concerning four persons have been removed from our mailing list, on May 20 is also a message published)
  • Notification 7 June 2016 by @marcodavids on Twitter: improvement possible with respect to IPv6 and protection against diversion to false IP addresses (DNSSEC) (resolved within half a day)
  • Report 18 Aug 2017 by Jeffrey Harders regarding unsafe url iipvv.nl: proposal submitted by referral was also realized on 18 August by the National Government.
  • Arjen Wiersma @credmp reports on 19 April 2019 that there is access to the (protected) administrator portal (http and https) and that content is missing on the homepage (resolved on 19 April 2019).
  • Arjen Wiersma @credmp reports on 25 June 2019 that the connection from http to https does not go entirely according to the NCSC guidelines, "www" is regularly placed in between while it does not appear in the initial link (improved on 26 June 2019).
  • Arjen Wiersma @credmp reports on 25 June 2019 that access to this page is not possible via the footermenu (solved on 26 June 2019).