Nice! They offer some really interesting classes   

Time to buy a new one 

I think this really depends on how you "research" and how professional you report your findings.

If it sounds like you try to extort the website owner -> you'll get in trouble.

If you send a mail from your 1337haxxor@steal-your-cc.com mail account containing a responsible report, nobody would trust you -> you'll get in trouble.

If you provide the webmaster with his entire database -> you'll get in trouble.

I can say from my own experience that most webmasters are thankful for a responsible and professional reported vulnerability 

Regards.

...and there are quite a lot of providers where you can buy a vpn access or even servers in different countries anonymously.

Thanks for your answers guys.


And this is exactly the problem! Most of my found vulnerabilities might be easy to reproduce for an attacker, even if they only state the type of the vulnerability in their patch notes. So patching it silently might be the right way here. But the problem will still persist on the devices of the people who simply cannot update due to a missing technical understanding. If the devices would auto-update, this wouldn't probably be a problem, but this is not implemented for some reasons.

So the vendor doesn't like to see the vulnerability to be disclosed because of loosing reputation and of course to protect their customers in the obvious "security through obscurity" way.

@3xban:
I had a talk with the product manager again about the situation and he clearly stated that they appreciate all of my further findings too.

I finally agree with unicityd - if and how they report this issue to their customers is their descision/problem, so I decided to take their offer.

Regards.

Hello community,

I'm currently in the following situation and need an advice for it:

I've found several security vulnerabilities in the whole product-line of a modem/router vendor. I've reported the vulnerabilities confidentially to the vendor. We got in contact, and they are currently working on updates for their products to be published - some updates are already out. In general I wait for the updates to be publically available before publishing
any information on the issues (responsible disclosure).

A few weeks ago the vendor called me and appreciated the way of dealing with the issues. Then they asked if I would agree with not publishing any information on these issues. Their problem: Most of their customers are not very technically experienced and since there isn't an automatic update-process, most of them just won't update to fix the security issues.
In return they would pay me an amount of money for my effort or sponsor a training like the OSCP.

What to do ? Take the money and shut up ? Give this story to the press ?

Thanks for your ideas!  

Congrats...I'm a little bit jealous

But if you try to bruteforce your - of course long and secure - password, this could probably take a while. It's definitively faster to ask your ISP for the details like chrisj said 

Regards.

You can try "netstat -aon" and then use the PIDs to find out which application(s) is(are) establishing these connections.

Since I do not know IPredator (just the facts from their website)...the traffic is probably related to their network infrastructure ?

Regards.

What about asking your ISP only for the DSL/CABLE/Whatever account details, so you can setup your router by yourself after resetting to manufactory defaults ?

I think this is the easiest way.

I think it also does have an impact on you personally - just by talking to the guys who belong to the "elite" which may lead to a lot of new ideas 

Welcome 

Congrats! It's a valuable course 

And Facebook takes this with humor 

https://www.facebook.com/?-s

the interesting part is the integration into other google services....and...it's cheaper than DropBox