Security report, or not to report?

Wojciech Puchar wojtek at
Thu Dec 25 22:54:06 UTC 2008

> I was given an FTP account on a server for company X. Being a UNIX
> guy, I did some poking around and discovered a security flaw in how
> they set their web server up, which would permit anyone at the company
> with an FTP account, to intercept ANY data that passed through the
> company website.
> Question:
> Do I tell them about it?

it looks like lack of basic skills of their admin.
if you'll tell him, you won't even hear "thanks" or in worst case you will 
end in court.

just make use of it

More information about the freebsd-questions mailing list