On 04/14/2011 07:54 PM, Nathan Eisenberg wrote:
Is tracking down the original user and letting them know about the
config leak a standard practice, necessary or "the right thing to do"?
Municipal networks often provide some emergency services, and we all know what
the VA provides. Once you know whose gear it is, I guess you have to decide if
you'd be willing to have a little bit of that organization's (or their patrons)
blood on your hands.
Especially in the case of the VA, for me, the answer is 'hell no'. If it was "Joes
defunct sprocket startup", I'd likely just format flash: and move on.
A few months back I had exactly this situation - I bought a switch off
ebay that was still loaded with it's config, and it had come from
yahoo.com. Now, I am the good netizen and I flagged them about this and
was able to help them find the source which I assume they 'fixed' this
leak. The data in the fig file could have been (mis)used to yahoo's
network security disadvantage and wherever you stand I think we all can
agree that cluing them in was the right thing to do. But for someone
else's startup, probably would not have bothered.
Mike-