Security Vulnerability

We are happy to work with you to resolve this situation as soon as possible. And request you share information with us via info@dcypher.nl. To prevent a potential vulnerability being abused by others, we ask you use the following guidelines: 

  • Provide sufficient information (for example, a detailed description including IP addresses, logs, how to reproduce the vulnerability, screenshots, etc.) so that we can handle your message as effectively as possible.
  • Do not share knowledge about the vulnerability with others, until the leak has been repaired.
  • Do not abuse the vulnerability. 

Five workdays

Once a vulnerability is reported, we will contact you within 5 workdays to make arrangements for a reasonable period of recovery and a possible coordinated publication of the vulnerability.

Notifications

To date we have received the following comments for which thanks!

  • By @MatteKlap on November 3, 2015 via Twitter "SSL has connection with RC4_128 for encryption?" (solved within a day)
  • By anonymous on April 6, 2016 in response form of news report "the certificate of the intermediate CA not send, so Firefox does not trust the website" (resolved within 90 minutes)
  • By Anonymous on April 6, 2016 in response form of news item "problem with mail server" (resolved within 13 hours)
  • On April 11, 2016, NCSC pointed us to "improper use of email address created in 2014", reported via Twitter by @mramsmeets (research on this has been completed on April 25 and concerning four persons have been removed from our mailing list, on May 20 is also a message published)
  • Notification 7 June 2016 by @marcodavids on Twitter: improvement possible with respect to IPv6 and protection against diversion to false IP addresses (DNSSEC) (resolved within half a day)
  • Report 18 Aug 2017 by Jeffrey Harders regarding unsafe url iipvv.nl: proposal submitted by referral was also realized on 18 August by the National Government.