[clug] What to do when confronted with usless security?
Paul Wayper
paul.wayper at anu.edu.au
Mon Jul 30 04:18:19 GMT 2007
Tony Breeds wrote:
> On Mon, Jul 30, 2007 at 01:39:50PM +1000, Michael James wrote:
>
>> Should I tell them?
>>
>
> Yes.
>
> Not much more to say really.
>
I'll say it then: you can water down what you report of your testing to
protect yourself if you think that it's the kind of situation that is
likely to lead to retributions. I also advise passing this kind of
testing off as you making sure that your data is protected - if they're
giving you data that other people shouldn't see, that is not a secure
system. And, while officially companies and governments deny any
security problems, the people at the end of the buck (i.e. the people
most likely answering your email) will appreciate the chance to make
sure that the system they're held responsible for doesn't become an
embarrassment...
Have fun,
Paul
More information about the linux
mailing list