Looking for a security contact at John Deere

I’m aware it’s the weekend, but anyone got a contact at John Deere?

Anyone really, just have a vulnerability report to get across.

Have tried the api support email address and the DMing them on Twitter, no response as of yet though.


Discovered the form: IT Security Consulting Form | John Deere US


What a mess that was!

Rule #1 for bounty hunters: don’t engage in extortion

Rule #1 for companies: don’t engage in blackmail


John Deere now has a HackerOne program.

Currently the program is private but you can request access.

They do not have a bounty, just swag.

Checking back in on this - How did you go @sickcodes?

Ended up speaking at DEF CON about this situation:

1 Like