Date: Thu, 25 Dec 2008 18:42:28 -0500 From: Sahil Tandon <sahil@tandon.net> To: freebsd-questions@freebsd.org Subject: Re: Security Exploits...to report, or not to report? Message-ID: <20081225234227.GA174@shepherd> In-Reply-To: <64c038660812251339r71c0a47dy8cb069a322555eda@mail.gmail.com> References: <64c038660812251339r71c0a47dy8cb069a322555eda@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Modulok wrote: > I was given an FTP account on a server for company X. Being a UNIX > guy, I did some poking around and discovered a security flaw in how > they set their web server up, which would permit anyone at the company > with an FTP account, to intercept ANY data that passed through the > company website. > > Question: > Do I tell them about it? On the one hand I want to do the 'right > thing' and tell them about it and how to fix it. On the other, I don't > want to be criminally prosecuted for finding the flaw. I'm not > implying that they would do such a thing, but in order to find said > flaw, I had to be poking around. Report it. If you are afraid of prosecution, and do not wish to be contacted by anyone, create a gmail (yahoo, or whatever) account to send the message and do so from a location that can not be traced to you. -- Sahil Tandon <sahil@tandon.net>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081225234227.GA174>