I’m aware it’s the weekend, but anyone got a contact at John Deere?
Anyone really, just have a vulnerability report to get across.
Have tried the api support email address and the DMing them on Twitter, no response as of yet though.
2 Likes
Discovered the form: IT Security Consulting Form | John Deere US
3 Likes
What a mess that was!
Rule #1 for bounty hunters: don’t engage in extortion
Rule #1 for companies: don’t engage in blackmail
Update:
John Deere now has a HackerOne program.
Currently the program is private but you can request access.
They do not have a bounty, just swag.
Checking back in on this - How did you go @sickcodes?
Ended up speaking at DEF CON about this situation:
1 Like