Disclosing A Known Vunerability - My Dilemma

What is right? Is there right? Are you right?

Disclosing A Known Vunerability - My Dilemma

Post by WickedAlibi on Mon Apr 04, 2011 5:52 pm
([msg=55958]see Disclosing A Known Vunerability - My Dilemma[/msg])

I was recently staying at a well known chain of hotels for work experience. After I arrived, I discovered that the high speed internet access that was being offered was being charged at $20 a day, which I thought was quite ridiculous. When I got to my room, I had a play around with the wireless in the room I discovered that it was vulnerable to a simple SQL Injection.

My question is, should I let the company know about the simple, yet effective way of circumventing their charge for internet access. On one hand, it is a ludicrous sum that they are asking; however on the other, it is still a service that they are providing and thus they set the prices.

If I do decide to disclose, I was thinking a simple anonymous email to tip them off. What do all you guys think?
User avatar
WickedAlibi
New User
New User
 
Posts: 2
Joined: Sat Apr 02, 2011 5:48 pm
Blog: View Blog (0)


Re: Disclosing A Known Vunerability - My Dilemma

Post by Goatboy on Mon Apr 04, 2011 6:01 pm
([msg=55959]see Re: Disclosing A Known Vunerability - My Dilemma[/msg])

Reasons to disclose: It is a service they are selling to make a profit, and it is their right to make that profit. By disclosing the vulnerability, you are helping them stay in business.

Reasons not to disclose: As you said, it is a somewhat high price to pay for Internet. If you believe information should be free, keep this to yourself or tell others how to benefit from it.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2821
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Disclosing A Known Vunerability - My Dilemma

Post by bandchicky314 on Thu Apr 14, 2011 9:44 pm
([msg=56352]see Re: Disclosing A Known Vunerability - My Dilemma[/msg])

This is a very interesting topic. It's similar to people taking the law into their own hands and doing what they believe is right vs what is moral and legal. These types of things have intrigued me. Anyways, would you get in trouble for disclosing a vulnerability? If you know about it, it means you were poking around.
bandchicky314
New User
New User
 
Posts: 20
Joined: Sat Jan 08, 2011 11:14 am
Blog: View Blog (0)



Return to Ethics

Who is online

Users browsing this forum: No registered users and 0 guests