Security Exploits...to report, or not to report?
modulok at gmail.com
Thu Dec 25 21:39:51 UTC 2008
This isn't really FreeBSD related, but I have no one else to consult:
I was given an FTP account on a server for company X. Being a UNIX
guy, I did some poking around and discovered a security flaw in how
they set their web server up, which would permit anyone at the company
with an FTP account, to intercept ANY data that passed through the
Do I tell them about it? On the one hand I want to do the 'right
thing' and tell them about it and how to fix it. On the other, I don't
want to be criminally prosecuted for finding the flaw. I'm not
implying that they would do such a thing, but in order to find said
flaw, I had to be poking around.
More information about the freebsd-questions