[clug] What to do when confronted with usless security?
tim at murphy.org
Mon Jul 30 06:20:53 GMT 2007
> What trouble could I get in if I do tell them
> how broken their client-based security is?
I found a similar loophole on a shared web server I was using. I
pointed out exactly what I did to find the hole and how I did it. I
even attached the scripts to the email to prove how simple it really
was, and explained that I was more interested in the security of my data
then getting my hands on someone else's. They were actually grateful
that I went into so much detail as it helped them to fix the bug, as
well as others that I didn't think of.
More information about the linux