1

Some software I'm using sends out bug reports occasionally. The bug reports contain a fair bit of information. I'm concerned about some of the user identifiable information in the bug report. In particular:

>> computer name      : JOHNSMITHCOMP
>> user name          : johnsmith
>> registered owner   : johnsmith/ Hewlett-Packard Company
>> contact name       : John Smith
>> contact email      : jsmith@hotmail.com
>> IP Address         : 98.139.180.149

Is it a bad idea to allow this information to be emailed to the software developer? The email will NOT be sent encrypted. What kind of things could a hacker do with this information?

Anders
  • 64,406
  • 24
  • 178
  • 215
Shannon Matthews
  • 111
  • 3

2 Answers2

3

The user identifiable information is a sensitive topic and if you feel their transport method isn't good enough (lack of encryption) you can raise this to the provider or stop reporting (firewall rules for example).

I dont see sending the computer name or IP address as sensitive information, but the other details that you mention would worry me a little.

My advice is to bring this up to the provider.

Purefan
  • 3,560
  • 19
  • 26
0

While I don't see much problems if someone accidentally has your computer's name / IP address, I don't see it being a good idea to broadcast it out to everyone out there. Most people wouldn't care, but putting it in a public bug report most likely means it's going to be out there for long and will get picked up by the search engines.

Now for example some time later a vulnerability gets discovered that relies on the attacker knowing your hostname, wouldn't it be so convenient for someone evil to have that info just a search away?

I think it's acceptable for one developer to know it, but I definitely won't recommend putting it on a public site such as Github.

André Borie
  • 12,706
  • 3
  • 39
  • 76