CSIRT - Globo.com

1. O que é um CSIRT? 1. What is a CSIRT?

Um CSIRT (Computer Security Incident Response Team) é uma equipe especializada em responder a incidentes de segurança cibernética, monitorar ameaças, analisar vulnerabilidades e implementar medidas preventivas para proteger redes e sistemas de uma organização.

A CSIRT (Computer Security Incident Response Team) is a team specialized in responding to cybersecurity incidents, monitoring threats, analyzing vulnerabilities, and implementing preventive measures to protect an organization's networks and systems.

2. O que é o CSIRT da Globo? 2. What is the Globo CSIRT?

O CSIRT da Globo é o time responsável por monitorar, detectar e responder a incidentes de segurança cibernética nas redes e sistemas do Grupo Globo.

The Globo CSIRT is the team responsible for monitoring, detecting, and responding to cybersecurity incidents on the networks and systems of the Globo Group.

3. Como posso reportar uma vulnerabilidade? 3. How can I report a vulnerability?

Preferencialmente, você deve reportar uma vulnerabilidade utilizando o formulário apropriado, acessível através do botão "Reportar" na página do Programa de Divulgação Responsável.

Preferably, you should report a vulnerability using the appropriate form, accessible via the "Report" button on the Responsible Disclosure Program page.

4. O que acontece depois que eu reporto uma vulnerabilidade? 4. What happens after I report a vulnerability?

Após o reporte, nosso time analisará a vulnerabilidade e informará ao pesquisador sobre o status da submissão.

After reporting, our team will analyze the vulnerability and inform the researcher about the submission status.

5. Existe alguma recompensa financeira por reportar vulnerabilidades? 5. Is there any financial reward for reporting vulnerabilities?

Não, o Programa de Divulgação Responsável não oferece recompensas financeiras, mas contribuições válidas serão reconhecidas publicamente. Clique aqui para saber mais.

No, the Responsible Disclosure Program does not offer financial rewards, but valid contributions will be publicly recognized.

6. Quais são os tipos de vulnerabilidades devo reportar? 6. What types of vulnerabilities should I report?

As vulnerabilidades previstas incluem, mas não se limitam a:
- Falhas que comprometam a integridade ou disponibilidade dos sistemas ou serviços.
- Vazamento de credenciais.
- Explorações de execução de código remoto (RCE).
- Vulnerabilidades que permitam acesso não autorizado a dados de usuários.
- Qualquer outras falhas que possa comprometer a segurança dos sistemas e dados da Globo.

The expected vulnerabilities include, but are not limited to:
- Failures that compromise the integrity or availability of systems or services.
Credential leaks.
- Remote code execution (RCE) exploits.
- Vulnerabilities that allow unauthorized access to user data.
- Any other failures that could compromise the security of Globo's systems and data.

7. Quem pode participar do Programa de Divulgação Responsável? 7. Who can participate in the Responsible Disclosure Program?

Qualquer pesquisador ou membro da comunidade pode participar e reportar vulnerabilidades.

Any researcher or community member can participate and report vulnerabilities.

8. Quanto tempo leva para receber uma resposta após reportar uma vulnerabilidade? 8. How long does it take to receive a response after reporting a vulnerability?

Esforçamo-nos para responder o mais rápido possível, geralmente dentro de alguns dias úteis.

We strive to respond as quickly as possible, usually within a few business days.

9. Posso compartilhar publicamente as vulnerabilidades reportadas? 9. Can I publicly share the vulnerabilities I report?

Não, você não deve divulgar publicamente ou compartilhar com terceiros quaisquer vulnerabilidades relatadas sem nossa autorização expressa por escrito.

No, you should not publicly disclose or share with third parties any reported vulnerabilities without our express written authorization.

10. O que devo fazer se acessar dados de usuários inadvertidamente? 10. What should I do if I inadvertently access user data?

Entre em contato conosco imediatamente e elimine quaisquer informações locais após relatar a vulnerabilidade.

11. Quais submissões estão fora do escopo do Programa de Divulgação Responsável? 11.What submissions are out of scope for the Responsible Disclosure Program?

Submissões de baixa qualidade, problemas sem impacto de segurança claro, ataques de negação de serviço, e vulnerabilidades em ativos de terceiros não gerenciados pela Globo são considerados fora do escopo.

Low-quality submissions, issues without clear security impact, denial of service attacks, and vulnerabilities in third-party assets not managed by Globo are considered out of scope.

Ainda com dúvidas? Still in doubt?

Envie um e-mail para: Send an e-mail to:
csirt@csirt.globo
GnuPG Public:
ID: A0276FC30885E93EA5F25A8CF59D4DFB8835A0B8

-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBGcNVywBEADiezqNNZuLYbNVzCQIu/yGAjPKThx6UkkJycQ/rfjRsurIcd4V Ns+EpNZhzhHnLl2qPBJEnvBMgY1atmXxK497pVmUkxe76qRU89Xsq/c9+QFb5ZkW baFF+gpqUNtz6dDeKe4P1gl0sTHvsna5/CTgsQqPE+e49uQDunCfkjdNkNRPnzgw Cnr7YmNF/MtKG10P+XcS/uQ4KmPrmzmiAbs2sip37ossQnSJ9H+1sBeJZlNFwLua 3b1ODV4MzaUm2FCuvAsteah1s32OyhLykv6SVyF2MuE2VIFRK7YIaxWsKD9EOu/d yU91tSBdUoaLTW5WIt6wnAaVN5T1KtZin11o72gjdpp0cDM1sffpo0XQ2TxSo+oe XKRr7NEW6HvvLeqcS9CanwvBYRDwJUGKa5uj5HGOxY+AgUagtH3lR1QbSc9Ar83+ F6NWsAuuqDhPfrRYSBqiqbeyf1YZ8mryRUG1y5StSkLVHXmjQAxlRp2vo1v7bytZ n74ahpycmUmcOU9dtWczdtD6Pnyhf3TRQsAbB6PEc9vjuX/lgh0Mgafez/IYZ5S1 4zZP2LPUb5F9NurzcVHWmTfxWr+2mGfude/DmwFJzurT34/Y33SBFz8Ilh1ri7Di 16doPqlqV1/S4NpOMsm6uPhgvnyW7tSLAYZt6bB0nBmlnZRwMb8RecQ/XQARAQAB tB9DU0lSVCBHbG9ibyA8Y3NpcnRAY3NpcnQuZ2xvYm8+iQJRBBMBCAA7FiEEoCdv wwiF6T6l8lqM9Z1N+4g1oLgFAmcNVywCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC HgcCF4AACgkQ9Z1N+4g1oLhx0w/+MtGUm9fq/jwyCgk0O5VpN2KeUehyPgiiY5Bx aRcjDDTc1RlFi6YsAaWHcnIq0a8FXJeUqtbhpWLNaEKakNKyasyRpZDs7fyMjm3z 17jYgGwYxo8UIiVNSaOeeaNEMnMy1ReByBrKsHkaiH2aW4+ZOOcBirhAVuaXVVV1 1I9hCKainl3gpWgKVNXvg081JEzH1R5kw5N9jik07ryXYHVoMhO4jIQZt7iAqoV8 x4aDPVGA9J1aGEB+ad0cxtQ1juo5dHh90d9zYjiVd0TyRqh8SZ7OoadwyqwD58t8 Hl3ylEMe+y7Iy4EiQ41lg+/+wNk0qbtLEhIzK8AXDx0jeYiH3hsCQzOvWtVCPa/E KtSww8frDeenRaASwn2qhxMGic3mUFTI0ns96JDeanqjpP74jhxlr853yA9VjXfr Pu68o2nw7qMnxzyNpfyEZzhrb+TsoY/w2rHYOSiE6O0qZVnjGHIlJJtV6/ElqIz0 xrRVMeiHRs7BT89ae3w+bWfvHZyS6nrN9XbiNZ9DwrUKjiFtsfGiaZ6gKmpAHL1i quxH3sjkIl9GgzB4O9DIOpP7vMLzkPqH/826AlSSkXhRUhkns0krejY8WKMQ8lcm dt2i2BuFoiyUUucsx8pIi/StMmg/iBoOReAVurNE9X0nZ0Rq0wnxgO/55FjeBthg 3LIaOdm5Ag0EZw1XLAEQAM/weA0QaogOr8HAnPooRWYn6RZ7kMeeyOF1fHuLkb1H fY+Zg3IfeLPwdCfbdylnv5jXriQjcIJPnSiortyYYniyMvPM3txIMDOWydpxYFSX dJcdFmRCoASDrASkRlmCu4xwNUtZl7bVxZOew0OPoMTMMXvxp9iYJ9K89qySpJKw BW6xhPAEGgrQCxhl0bvookHIJyPmbqQUFrdNZpsK1vj55MGf8Kr/KEpAUsMDpyjV ToGUKXepuupN5xy3Igah6w08lhN1wPup7+cOSAply0tlplC3ENevr/0m5O9Q/teR GnBun54wFQF5u7jNCihLiWxGyGlgi2EOyoQkRA0hSNvl+ga++EERI2WssyhXpVqu j0FXlGGpmHd1qP5XYzLu6Ec6MOuSKQx00cjqQDPg0UXdwUqqaDa4CRbJamyg2RrG sA+C177ECyKb/9jULTnlnlGwxyuCwPhqXNLYirMGyhdu1QBqkWr8prVvBgQrcjMK vdHhly2k+gGIOJ64h0eeYNJL/4rvcstRQhZEA0K3aK8vS4biU2+WWXATbkkIq2P2 MolJZXS6ML2GoihsJcdzNmxuXs9o35GgfUrvFa+6Lee66Zi7D91FLXxEHZwG0+CY vC4f5pg0mouoeksPHHw10T/zu4YICR4wssM6uf7FgHURXGgwL+nHTvHHLsuwQLmj ABEBAAGJAjYEGAEIACAWIQSgJ2/DCIXpPqXyWoz1nU37iDWguAUCZw1XLAIbDAAK CRD1nU37iDWguM2GEADSjw67r5OkzlrTFcr0QwGxj0ECRyr+p9MTkJ6uY5+RYxZO Lt9mpsnUJAUObTonyvNYkLrG2crfL3W5bgoD8J3RgYstSpvg7apnTcrU0dVI9Eec ylOCgOTN9GxQ4C73kQAVl3lyXYnaCA89k1eG/KI1ZN/DfZ2D8wbkdIGO8H4Bp263 ZSkLIN/+HOgNiIs83Ci3nbfZ75XYt7eFO7AOZ6ky8N0Uhjc7GUbJC2uD6Y/8S7l6 UXaBhT8yj7FL6Y03EJ43eBF0vl8eqKQCZpvf2bIkqfc8XmPK5AfWgse67pgj69Rj kRmkckKsGqdiMe/gcqIr5b9iGtogcv9tbh3+GgaClHuOLlfuLun4tAEMQiCzZQ/9 mYUETU9c7TdIthu8/AwcwtE9CuehHoCNkA8CgchC+5h4jzDeX6Kt9EQyuY4G3F1y q0yrnuzrcYm3p2iEDeYSXRF6h+hhxwWkZQLsSE/JJfVIB/i5JffUcPnEhbOyd82I NygWGovV+HJNLsjBfRxEk7CmdxdO4Vyokf+Ig4P3Dmc7PA44QDZyLZI3/zP2+4St T9n1MOCji4Qn4tukjN9k8zWochB1W7VrPZFpxKUsongvopfmt+ZNCH3rIgChxvhp 3GH5MaRYOutOH2fnwnzCy7goC09YRJF8jDv4DQXfhRxP0hn3/phHZwQEOQAq6Q== =5OW+

-----END PGP PUBLIC KEY BLOCK-----

Fingerprint:
A027 6FC3 0885 E93E A5F2 5A8C F59D 4DFB 8835 A0B8

GnuPG Public:
ID: A0276FC30885E93EA5F25A8CF59D4DFB8835A0B8

-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBGcNVywBEADiezqNNZuLYbNVzCQIu/yGAjPKThx6UkkJycQ/rfjRsurIcd4V Ns+EpNZhzhHnLl2qPBJEnvBMgY1atmXxK497pVmUkxe76qRU89Xsq/c9+QFb5ZkW baFF+gpqUNtz6dDeKe4P1gl0sTHvsna5/CTgsQqPE+e49uQDunCfkjdNkNRPnzgw Cnr7YmNF/MtKG10P+XcS/uQ4KmPrmzmiAbs2sip37ossQnSJ9H+1sBeJZlNFwLua 3b1ODV4MzaUm2FCuvAsteah1s32OyhLykv6SVyF2MuE2VIFRK7YIaxWsKD9EOu/d yU91tSBdUoaLTW5WIt6wnAaVN5T1KtZin11o72gjdpp0cDM1sffpo0XQ2TxSo+oe XKRr7NEW6HvvLeqcS9CanwvBYRDwJUGKa5uj5HGOxY+AgUagtH3lR1QbSc9Ar83+ F6NWsAuuqDhPfrRYSBqiqbeyf1YZ8mryRUG1y5StSkLVHXmjQAxlRp2vo1v7bytZ n74ahpycmUmcOU9dtWczdtD6Pnyhf3TRQsAbB6PEc9vjuX/lgh0Mgafez/IYZ5S1 4zZP2LPUb5F9NurzcVHWmTfxWr+2mGfude/DmwFJzurT34/Y33SBFz8Ilh1ri7Di 16doPqlqV1/S4NpOMsm6uPhgvnyW7tSLAYZt6bB0nBmlnZRwMb8RecQ/XQARAQAB tB9DU0lSVCBHbG9ibyA8Y3NpcnRAY3NpcnQuZ2xvYm8+iQJRBBMBCAA7FiEEoCdv wwiF6T6l8lqM9Z1N+4g1oLgFAmcNVywCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC HgcCF4AACgkQ9Z1N+4g1oLhx0w/+MtGUm9fq/jwyCgk0O5VpN2KeUehyPgiiY5Bx aRcjDDTc1RlFi6YsAaWHcnIq0a8FXJeUqtbhpWLNaEKakNKyasyRpZDs7fyMjm3z 17jYgGwYxo8UIiVNSaOeeaNEMnMy1ReByBrKsHkaiH2aW4+ZOOcBirhAVuaXVVV1 1I9hCKainl3gpWgKVNXvg081JEzH1R5kw5N9jik07ryXYHVoMhO4jIQZt7iAqoV8 x4aDPVGA9J1aGEB+ad0cxtQ1juo5dHh90d9zYjiVd0TyRqh8SZ7OoadwyqwD58t8 Hl3ylEMe+y7Iy4EiQ41lg+/+wNk0qbtLEhIzK8AXDx0jeYiH3hsCQzOvWtVCPa/E KtSww8frDeenRaASwn2qhxMGic3mUFTI0ns96JDeanqjpP74jhxlr853yA9VjXfr Pu68o2nw7qMnxzyNpfyEZzhrb+TsoY/w2rHYOSiE6O0qZVnjGHIlJJtV6/ElqIz0 xrRVMeiHRs7BT89ae3w+bWfvHZyS6nrN9XbiNZ9DwrUKjiFtsfGiaZ6gKmpAHL1i quxH3sjkIl9GgzB4O9DIOpP7vMLzkPqH/826AlSSkXhRUhkns0krejY8WKMQ8lcm dt2i2BuFoiyUUucsx8pIi/StMmg/iBoOReAVurNE9X0nZ0Rq0wnxgO/55FjeBthg 3LIaOdm5Ag0EZw1XLAEQAM/weA0QaogOr8HAnPooRWYn6RZ7kMeeyOF1fHuLkb1H fY+Zg3IfeLPwdCfbdylnv5jXriQjcIJPnSiortyYYniyMvPM3txIMDOWydpxYFSX dJcdFmRCoASDrASkRlmCu4xwNUtZl7bVxZOew0OPoMTMMXvxp9iYJ9K89qySpJKw BW6xhPAEGgrQCxhl0bvookHIJyPmbqQUFrdNZpsK1vj55MGf8Kr/KEpAUsMDpyjV ToGUKXepuupN5xy3Igah6w08lhN1wPup7+cOSAply0tlplC3ENevr/0m5O9Q/teR GnBun54wFQF5u7jNCihLiWxGyGlgi2EOyoQkRA0hSNvl+ga++EERI2WssyhXpVqu j0FXlGGpmHd1qP5XYzLu6Ec6MOuSKQx00cjqQDPg0UXdwUqqaDa4CRbJamyg2RrG sA+C177ECyKb/9jULTnlnlGwxyuCwPhqXNLYirMGyhdu1QBqkWr8prVvBgQrcjMK vdHhly2k+gGIOJ64h0eeYNJL/4rvcstRQhZEA0K3aK8vS4biU2+WWXATbkkIq2P2 MolJZXS6ML2GoihsJcdzNmxuXs9o35GgfUrvFa+6Lee66Zi7D91FLXxEHZwG0+CY vC4f5pg0mouoeksPHHw10T/zu4YICR4wssM6uf7FgHURXGgwL+nHTvHHLsuwQLmj ABEBAAGJAjYEGAEIACAWIQSgJ2/DCIXpPqXyWoz1nU37iDWguAUCZw1XLAIbDAAK CRD1nU37iDWguM2GEADSjw67r5OkzlrTFcr0QwGxj0ECRyr+p9MTkJ6uY5+RYxZO Lt9mpsnUJAUObTonyvNYkLrG2crfL3W5bgoD8J3RgYstSpvg7apnTcrU0dVI9Eec ylOCgOTN9GxQ4C73kQAVl3lyXYnaCA89k1eG/KI1ZN/DfZ2D8wbkdIGO8H4Bp263 ZSkLIN/+HOgNiIs83Ci3nbfZ75XYt7eFO7AOZ6ky8N0Uhjc7GUbJC2uD6Y/8S7l6 UXaBhT8yj7FL6Y03EJ43eBF0vl8eqKQCZpvf2bIkqfc8XmPK5AfWgse67pgj69Rj kRmkckKsGqdiMe/gcqIr5b9iGtogcv9tbh3+GgaClHuOLlfuLun4tAEMQiCzZQ/9 mYUETU9c7TdIthu8/AwcwtE9CuehHoCNkA8CgchC+5h4jzDeX6Kt9EQyuY4G3F1y q0yrnuzrcYm3p2iEDeYSXRF6h+hhxwWkZQLsSE/JJfVIB/i5JffUcPnEhbOyd82I NygWGovV+HJNLsjBfRxEk7CmdxdO4Vyokf+Ig4P3Dmc7PA44QDZyLZI3/zP2+4St T9n1MOCji4Qn4tukjN9k8zWochB1W7VrPZFpxKUsongvopfmt+ZNCH3rIgChxvhp 3GH5MaRYOutOH2fnwnzCy7goC09YRJF8jDv4DQXfhRxP0hn3/phHZwQEOQAq6Q== =5OW+

-----END PGP PUBLIC KEY BLOCK-----

Fingerprint:
A027 6FC3 0885 E93E A5F2 5A8C F59D 4DFB 8835 A0B8

Contato

Contact

CSIRT CSIRT

Missão Mission

Programa de divulgação responsável

Responsible Disclosure Program

Documentos e Manuais Documents and Quick Guides

Guias Rápidos

Quick Guides

Dúvidas Frequentes

FAQ

Ainda com dúvidas? Still in doubt?