On Thu, Dec 25, 2008 at 4:39 PM, Modulok <modu...@gmail.com> wrote: > List, > > This isn't really FreeBSD related, but I have no one else to consult: > > I was given an FTP account on a server for company X. Being a UNIX > guy, I did some poking around and discovered a security flaw in how > they set their web server up, which would permit anyone at the company > with an FTP account, to intercept ANY data that passed through the > company website. > > Question: > Do I tell them about it? On the one hand I want to do the 'right > thing' and tell them about it and how to fix it. On the other, I don't > want to be criminally prosecuted for finding the flaw. I'm not > implying that they would do such a thing, but in order to find said > flaw, I had to be poking around. > > Suggestions? > -Modulok-
Personally, I'd tell them. _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"