-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 imho you should alert the company, I think they rather have someone report the bug and have a faster response to it then having to find out after a huge (public) exposure. If they find traces that lead to you in the latter, you could be 'kicked' severly. If you still are worried about being kicked, you could contact them anonymously. In the best case, you'll get credit about reporting the bug. Daan van de Linde *nix system admin - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.2 (FreeBSD) mQGiBD4haTgRBACJBq2GZjEe5xL8joJgJPvBECCg/vT9dzLrzbgvbqf2n/OqH3pU wd5nyHlOxg0cyiOuSjzlrR7JqA/p7yEbHamHWpUHl+pAjbBZn56IftLjYggV/HE+ yjFaT6SiC6DTm5gE8WQjoJBKKJQvYAqSotQWNe53vxpzNffOqqmNeHs46wCgh9xN Iq6xH0NA7QJIfNYzpzGQtpMD/3CE5Aa29vXbkv6iJYecveCDV0r14M4dgmXGx0qa O3uGTWOEpSJnfVG00g+siGNt8M4lJQGvUKFZabdYd/1z6Kpel8lU1yC2UCGQl2tr Y/0a8oHEt44o252ItUITI++5tmw2FcIyeKNsbcU8y6f3Y58sj+RD2GgYhz+T2RrW jJyBA/9zDmR+OJ5scnfFtpe1YVFhW38boCyo7ljQ29gJV72jTVW4BVYWPiSjKNHX 2ygN2mJnNk/pUsMa06rtJfCtIe38RrjQueA4tHCVx++TuvBmuoKwc034vLQTxrJc 9dRQu2Lk+F0lYrGC38qcxVbKfR9gXZqpoVlqQUDC8OqK2L+inrQiRGFhbiB2YW4g ZGUgTGluZGUgPGRhYW5AeHM0YWxsLm5sPohfBBMRAgAfBQI+IWk4BQkB0WGABAsH AwIDFQIDAxYCAQIeAQIXgAAKCRAw40x3vSxDiEfSAJ9K/V9u2FD+k0YOwMOlEJFR kv6mvwCePckXgGoBkNEueu0aBc2isyvyJPK5BA0EPiFq5RAQAJ0CCK4MtCij+9kv A8D7FiTc0u5QRkyEF5Kl+MWMHXJ36plMQWUYkBpKVCozF8YcYDJZq3LooDlRnmiq VqCZtar8eGaYJ6U4jNY9NPkJHVcPfDoheCns0v+YGmMym5ghjjQZSnDf+i7pRn6K dlo8i+NpRssi7DoNRvL+DSoyuZ6TpvGsY//f8W4b8Gk4ImX6MQOwsr2pgnlmqKeC fhSzdIStITj/uGRZiRJJXm/rruhPPD2aRSD9suo47uCkIou4SJHNBNtoxIzG1iF1 RJ9RkxxesVRGUY5biVhzabHj5llZdZXnJ/khFU2ZLQz5EF1tqz4DoIlYt4UiaKz7 ks2V72zRSn/miq8bmKcdXVCpMdqvAFONLpp8Y5HehkKpfoQbdJzqGK9T2hLdmxDC DMA+BI69oXsZLqOdmydwE5Nqn7LOgf0hYdf4IitfBpoWK71IJdd6Og0qDy7tsION sk9oPU/z4rGas+q5Z3oUquCh9JnR52x7DUC8I2OKwhqnOB3v30D7BrR1d8RC7Iiz IXOWitC+3y6wREiWW4MwbpXbQ5cVFptyBfUKaTZpciYKBhWtgzdk803BHgz79fUh RWmYzB+/NadOWTXBBAbxagWCPS5PrzPpiwos3RJcmuvG8x5gv8KJ4NE5BNaoUh36 irCegujuCRBhpRdX70PDMHQAfVPXAAMFEACMywcQ4IgW/ioussh9BMm9dMNVGPA4 cHyU1cWDViDUUr31nBZ+FfFRg1OHZUueM25o/K66pkmvfWo0mhhK3MFKEvO0JrMk l9t/9HqO9NEX6mRpYhi1ZHe9rTi0mzrkSZyOVZSnQzumKFcSvhHHT45M+TOvt7eE KR1O+R007PIJa1sVKzEjqANlWJTSgc+gN3VKCNZl/Xp7Wous53Z0M6VKUqnMzYea MgeB/p0BgKPRAOWq/BBQFZHq2xPqJRJiAdXpy89RLdyLnhghsJkA73pWstseBZnA GP2on44uFkGT4nj2CvtlWEbMcEBMwL2NvtMo+9u1UGIq+j9QcGdg2VDZgOm7tK8k 6FOyJzBSn9X2yQT7tHWhEDP4mHc0BYJ42cCGIBh7/XmASielK3uQP5w4UJpIYiCh AjHeg93VZgg8rlNcRTEIkksgrOZ3M80K7GWrMWpfjLeSS3fxMvWeund9+L4Ngq6J UolLvNA4HfQDj1MMw61g9fnFQPYT/P5inD16Bk0OEAtrpEiUubzEbHgZkIawWiAV +UUB5v16DfaXQAiPyyQ0USjnOfNP6Yqf+ofzvaafF1m/icmzxfmdPkwL8VIcpQdp 1O4yZCO14s7RVU1Jovf0omO9r6CIZJGBBFAs4wKodeaVj13Kc39wERqHOkcETSb8 4JejNgf3u75YAohMBBgRAgAMBQI+IWrlBQkB0WGAAAoJEDDjTHe9LEOIQY4An19Q 3sVkTTp/QFk0wj+9qeCfkpAVAKCA2nkRRFDVgytNfrxAEnY0v7q2JQ== =y3KW - -----END PGP PUBLIC KEY BLOCK----- On Thu, 5 Jun 2003, Peteris Krumins wrote: > Date: Thu, 5 Jun 2003 03:50:58 +0300 > From: Peteris Krumins <newsgroupsat_private> > To: vuln-devat_private > Subject: Decision > Resent-Date: Thu, 5 Jun 2003 03:42:33 +0300 > Resent-From: Peteris Krumins <newsgroupsat_private> > Resent-cc: recipient list not shown: ; > > Hello, > > I have run into a hard decision - i just dicovered a bug in > <someserver> which <some large company> runs and is only > accessible to the clients of <the company> - it's an auth > server, somewhere tied together with Cisco router w/ SSG and > RADIUS authentication. > > Due to bug, any source file can be read and the <the company> has spent > thousands of $ for making the system. > > Whats the best - report the bug and possible workarounds or let it > stay? > What i am nervous of is that the <the company> could 'kick' me later > for seeing the sources. > > > P.Krumins > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+349XMONMd70sQ4gRAq3YAJ9TWu0WRlE+DMvCfD6Z6JZU3uMnUQCbB5as PKMVCAzbjqOK8ZWmoUryJCM= =fBQ4 -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu Jun 05 2003 - 15:02:48 PDT