Before you think of being a do-gooder...
Walter Dnes
waltdnes-SLHPyeZ9y/tg9hUCZPvPmw at public.gmane.org
Thu May 25 10:33:11 UTC 2006
On Wed, May 24, 2006 at 11:36:34PM +0100, david thornton wrote
> The lesson here is: ask first.
>
> Which goes against my nature .If I see a hole; I prove it's a hole
> first, then I tell someone. I would look pretty silly screaming "the sky
> is falling" if it was not.
My idea would be to get a lawyer to draft up an email to the web
admin, along the lines of...
========================================================================
To whom it may concern;
Whilst looking for for pricing on product X at various websites I
found via the Google(TM) search engine, I came across your website. I
noticed that your website uses PHP FUBAR v1.3. At the homepage of the
publisher of PHP FUBAR, there is a security notice urging all users to
upgrade to version 1.5, as all previous versions have a vulnerability to
remote compromise.
========================================================================
Go on to point out that the hijacked PHP FUBAR can be used to mount
DDOS attacks and send out spam, and that you (the sender of this email)
might one day be a victim of a compromised machine. Maybe have the
lawyer draft a generic template that covers various situations.
I think that the best solution in the long run would be a legally
approved (could be independantly run) anonymous reporting website,
similar to anonymous police tip lines.
--
Walter Dnes <waltdnes-SLHPyeZ9y/tg9hUCZPvPmw at public.gmane.org> In linux /sbin/init is Job #1
My musings on technology and security at http://tech_sec.blog.ca
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list