List, This isn't really FreeBSD related, but I have no one else to consult:
I was given an FTP account on a server for company X. Being a UNIX guy, I did some poking around and discovered a security flaw in how they set their web server up, which would permit anyone at the company with an FTP account, to intercept ANY data that passed through the company website. Question: Do I tell them about it? On the one hand I want to do the 'right thing' and tell them about it and how to fix it. On the other, I don't want to be criminally prosecuted for finding the flaw. I'm not implying that they would do such a thing, but in order to find said flaw, I had to be poking around. Suggestions? -Modulok- _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
