[clug] What to do when confronted with usless security?

Tim tim at murphy.org
Mon Jul 30 06:20:53 GMT 2007

> What trouble could I get in if I do tell them
>  how broken their client-based security is?

I found a similar loophole on a shared web server I was using.  I 
pointed out exactly what I did to find the hole and how I did it.  I 
even attached the scripts to the email to prove how simple it really 
was, and explained that I was more interested in the security of my data 
then getting my hands on someone else's.  They were actually grateful 
that I went into so much detail as it helped them to fix the bug, as 
well as others that I didn't think of.


More information about the linux mailing list