Thanks for all the valuable input, I decided I will just STFU and keep it to myself. Let them discover it when some bad guy drops their databases and own their box. Better than facing a prossecution because of security professionals and developers trying to blame their incompetency on me (I can even imagine the "extorsion cracker"). Altough my country doesnt have any police forensics or especific laws, things could get nasty.
The downside is: a had to delete my personal info from their hr system, no way of getting hired now. Maybe Ill just try to move to the US.
Thanks again for all your replies.
kind regards, fake name
From: Blue Boar <[EMAIL PROTECTED]> To: joseph blater <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Sql Injection big5 consultancy Date: Mon, 23 Jun 2003 09:21:14 -0700
joseph blater wrote:What should I do? Tell them their whole HR system is vulnerable and face the risks of being charged for something?
Although owning certs from most vendors, I never got to work for a top5. Shall I take the risk and use this vuln to help me getting a job?
Well, considering that they're called that because there are only 5 or so of them... and that they all have pen test people who read this list... I would guess that this problem will take care of itself.
BB
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
