From owner-freebsd-questions@FreeBSD.ORG  Thu Dec 25 22:54:06 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C9B98106564A
	for <freebsd-questions@freebsd.org>;
	Thu, 25 Dec 2008 22:54:06 +0000 (UTC)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from wojtek.tensor.gdynia.pl (wojtek.tensor.gdynia.pl
	[IPv6:2001:4070:101:2::1])
	by mx1.freebsd.org (Postfix) with ESMTP id 01F6C8FC0C
	for <freebsd-questions@freebsd.org>;
	Thu, 25 Dec 2008 22:54:05 +0000 (UTC)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from wojtek.tensor.gdynia.pl (localhost [IPv6:::1])
	by wojtek.tensor.gdynia.pl (8.14.3/8.14.3) with ESMTP id mBPMruWd006453;
	Thu, 25 Dec 2008 23:53:56 +0100 (CET)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from localhost (wojtek@localhost)
	by wojtek.tensor.gdynia.pl (8.14.3/8.14.3/Submit) with ESMTP id
	mBPMruob006450; Thu, 25 Dec 2008 23:53:56 +0100 (CET)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Date: Thu, 25 Dec 2008 23:53:56 +0100 (CET)
From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>
To: Modulok <modulok@gmail.com>
In-Reply-To: <64c038660812251339r71c0a47dy8cb069a322555eda@mail.gmail.com>
Message-ID: <20081225235257.O6449@wojtek.tensor.gdynia.pl>
References: <64c038660812251339r71c0a47dy8cb069a322555eda@mail.gmail.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-questions@freebsd.org
Subject: Re: Security Exploits...to report, or not to report?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Dec 2008 22:54:06 -0000

> I was given an FTP account on a server for company X. Being a UNIX
> guy, I did some poking around and discovered a security flaw in how
> they set their web server up, which would permit anyone at the company
> with an FTP account, to intercept ANY data that passed through the
> company website.
>
> Question:
> Do I tell them about it?

it looks like lack of basic skills of their admin.
if you'll tell him, you won't even hear "thanks" or in worst case you will 
end in court.


just make use of it