I was recently staying at a well known chain of hotels for work experience. After I arrived, I discovered that the high speed internet access that was being offered was being charged at $20 a day, which I thought was quite ridiculous. When I got to my room, I had a play around with the wireless in the room I discovered that it was vulnerable to a simple SQL Injection.
My question is, should I let the company know about the simple, yet effective way of circumventing their charge for internet access. On one hand, it is a ludicrous sum that they are asking; however on the other, it is still a service that they are providing and thus they set the prices.
If I do decide to disclose, I was thinking a simple anonymous email to tip them off. What do all you guys think?