Should i tell them

What is right? Is there right? Are you right?

Should i tell them

Post by foota on Sat Apr 03, 2010 9:03 pm
([msg=37677]see Should i tell them[/msg])

Hello, I recently found a stupidly vulnerable business's site and wanted to know if I should send an email to the site admin telling him, and giving advice on how to fix it. On the one hand i want to help them and make there site, but on the other I don't want to get into trouble for exploring their site. What would you do?
foota
New User
New User
 
Posts: 3
Joined: Sat Nov 21, 2009 1:37 am
Blog: View Blog (0)


Re: Should i tell them

Post by Goatboy on Sat Apr 03, 2010 9:08 pm
([msg=37678]see Re: Should i tell them[/msg])

Speaking from experience, I'd say keep it to yourself. Most people won't be too thrilled to find out that you know their weaknesses. And even if they don't take legal action, they usually won't fix the hole anyways.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2818
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Should i tell them

Post by foota on Sat Apr 03, 2010 9:19 pm
([msg=37679]see Re: Should i tell them[/msg])

Ok, thank you. It's a sad age when people won't even let you save them. :(
foota
New User
New User
 
Posts: 3
Joined: Sat Nov 21, 2009 1:37 am
Blog: View Blog (0)


Re: Should i tell them

Post by mutantsrus on Sat Apr 03, 2010 11:05 pm
([msg=37681]see Re: Should i tell them[/msg])

Indeed. I got in a lot of trouble at my school for trying to help find vulns on our distance learning site. It was fine at first... until the teacher blatantly lied to my principal to save her job. -_-
User avatar
mutantsrus
New User
New User
 
Posts: 40
Joined: Wed Jan 21, 2009 8:01 pm
Blog: View Blog (0)


Re: Should i tell them

Post by sanddbox on Sun Apr 04, 2010 12:13 am
([msg=37682]see Re: Should i tell them[/msg])

If you don't know the business, then go for it.

If it's your job or something else, don't.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: Should i tell them

Post by tremor77 on Sun Apr 04, 2010 8:21 pm
([msg=37718]see Re: Should i tell them[/msg])

There are securities companies who do that sort of thing for a living however.. so, If you want to make a handy buck...

1. Get a business license.
2. Setup a website describing what you do.
3. Get an attorney.
4. Create an e-mail template AND a mailable letter template that sounds very professional.. and here is why...
5. Contact the business owner (NOT THEIR TECH OR WEBMASTER - because they will lie to save their job).
6. Explain clearly the security vulnerabilities found... with note, 'your IT staff should be able to fix this'.
7. If NOT - My company 'your company name' is available for $X to resolve your it problems.

This does in fact work.. I have friends who work for a security company just like the above.. it's where I'm trying to get a job actually, but I have a History Degree... lolz.. wtf is in a degree anyway, I can program better than half the monkeys coming our of RIT
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 870
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Should i tell them

Post by foota on Sun Apr 04, 2010 8:33 pm
([msg=37720]see Re: Should i tell them[/msg])

Would if I could but no-one likes taking security advice from a 15 year old. :(
foota
New User
New User
 
Posts: 3
Joined: Sat Nov 21, 2009 1:37 am
Blog: View Blog (0)


Re: Should i tell them

Post by Goatboy on Sun Apr 04, 2010 9:02 pm
([msg=37722]see Re: Should i tell them[/msg])

If you don't care about personal recognition, you can always email them anonymously. There are tons of services out there to do just that. Google it. Then you at least feel better having reported it.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2818
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Should i tell them

Post by Microelite7711 on Fri May 28, 2010 1:20 am
([msg=39192]see Re: Should i tell them[/msg])

In my experience, I emailed them about it. No response so I went ahead and exploited it. It was hilarious and they sent me a non-threatening email finally and they fixed it. I was 16 then, and I wouldn't recommend following the same path.
Microelite7711
Experienced User
Experienced User
 
Posts: 51
Joined: Tue Jun 03, 2008 10:33 pm
Blog: View Blog (0)



Return to Ethics

Who is online

Users browsing this forum: No registered users and 0 guests