Security Exploits...to report, or not to report?
apseudoutopia at gmail.com
Thu Dec 25 21:43:02 UTC 2008
On Thu, Dec 25, 2008 at 4:39 PM, Modulok <modulok at gmail.com> wrote:
> This isn't really FreeBSD related, but I have no one else to consult:
> I was given an FTP account on a server for company X. Being a UNIX
> guy, I did some poking around and discovered a security flaw in how
> they set their web server up, which would permit anyone at the company
> with an FTP account, to intercept ANY data that passed through the
> company website.
> Do I tell them about it? On the one hand I want to do the 'right
> thing' and tell them about it and how to fix it. On the other, I don't
> want to be criminally prosecuted for finding the flaw. I'm not
> implying that they would do such a thing, but in order to find said
> flaw, I had to be poking around.
Personally, I'd tell them.
More information about the freebsd-questions