Date: Thu, 25 Dec 2008 14:39:49 -0700 From: Modulok <modulok@gmail.com> To: freebsd-questions@freebsd.org Subject: Security Exploits...to report, or not to report? Message-ID: <64c038660812251339r71c0a47dy8cb069a322555eda@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
List, This isn't really FreeBSD related, but I have no one else to consult: I was given an FTP account on a server for company X. Being a UNIX guy, I did some poking around and discovered a security flaw in how they set their web server up, which would permit anyone at the company with an FTP account, to intercept ANY data that passed through the company website. Question: Do I tell them about it? On the one hand I want to do the 'right thing' and tell them about it and how to fix it. On the other, I don't want to be criminally prosecuted for finding the flaw. I'm not implying that they would do such a thing, but in order to find said flaw, I had to be poking around. Suggestions? -Modulok-
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?64c038660812251339r71c0a47dy8cb069a322555eda>