Security Exploits...to report, or not to report?
Modulok
modulok at gmail.com
Thu Dec 25 21:39:51 UTC 2008
List,
This isn't really FreeBSD related, but I have no one else to consult:
I was given an FTP account on a server for company X. Being a UNIX
guy, I did some poking around and discovered a security flaw in how
they set their web server up, which would permit anyone at the company
with an FTP account, to intercept ANY data that passed through the
company website.
Question:
Do I tell them about it? On the one hand I want to do the 'right
thing' and tell them about it and how to fix it. On the other, I don't
want to be criminally prosecuted for finding the flaw. I'm not
implying that they would do such a thing, but in order to find said
flaw, I had to be poking around.
Suggestions?
-Modulok-
More information about the freebsd-questions
mailing list