Date: Thu, 25 Dec 2008 16:43:01 -0500 From: APseudoUtopia <apseudoutopia@gmail.com> To: Modulok <modulok@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Security Exploits...to report, or not to report? Message-ID: <27ade5280812251343sa35bbfxeb3219fcd5e3ff5c@mail.gmail.com> In-Reply-To: <64c038660812251339r71c0a47dy8cb069a322555eda@mail.gmail.com> References: <64c038660812251339r71c0a47dy8cb069a322555eda@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 25, 2008 at 4:39 PM, Modulok <modulok@gmail.com> wrote: > List, > > This isn't really FreeBSD related, but I have no one else to consult: > > I was given an FTP account on a server for company X. Being a UNIX > guy, I did some poking around and discovered a security flaw in how > they set their web server up, which would permit anyone at the company > with an FTP account, to intercept ANY data that passed through the > company website. > > Question: > Do I tell them about it? On the one hand I want to do the 'right > thing' and tell them about it and how to fix it. On the other, I don't > want to be criminally prosecuted for finding the flaw. I'm not > implying that they would do such a thing, but in order to find said > flaw, I had to be poking around. > > Suggestions? > -Modulok- Personally, I'd tell them.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?27ade5280812251343sa35bbfxeb3219fcd5e3ff5c>