What to do?

[Phoenician]

 Good points indeed, but what if you anonymously notified
the IT Manager?  One part of me says it would be good
karma to let them know about the breach but there is also the dark side
that says let the poor sap find out the hard way.

 Ok....Say your web server had a vulnerability that you were not
aware of and someone found it.  Would you want them to let you know?

 Now, hypothetically speaking, if there were any litigation that came out of
this
I feel this would be an excellent opportunity to fight the legislation to
enact
a "good Samaritan" clause for instances like this.  I feel that we need to
find
every opportunity to squelch the oppression of our civil liberties and Big
Brother's
ever watchful eyes.

- Michienne

"a fronte praecipitium a tergo lupi"

-----Original Message-----
From: owner-kclug at marauder.illiana.net
[mailto:owner-kclug at marauder.illiana.net]On Behalf Of Duane Attaway
Sent: Friday, January 10, 2003 1:13 PM
To: jose sanchez
Cc: kclug at kclug.org
Subject: Re: What to do?

On Fri, 10 Jan 2003, jose sanchez wrote:

> Should I let them know their Network is vulnerable and offer to tweak it
> for a small fee or just let them find out the hard way?

Stay away.  Far away.

I hear people may lose their job for installing an access point and
leaving their network insecure.  When they get in trouble, they like to
shift the blame.  Why get fired when you can have a "hacker" arrested by
the FBI for terrorism?  That way they aren't guilty for negligence.

--
Why drive a car when you can ride a bike?
http://attaway.net                 http://counter.li.org   user #142150