July 30th, 2002, 10:52 PM
What to do....
I just recently came across 6 computers at a single university that have a vulnerable SSHd. I am pretty sure there are more than that, but I do not want to snoop too deep. I am wondering whether to e-mail the university and aware them of their vulnerabilities, but I am not sure how to go about it. Could anyone give me some advice/suggestions with what to do. Of course another option is to just walk away from the situation. Anyone?
July 30th, 2002, 11:02 PM
Tapr00t if you go to school there, find out who the IT guy is and what kind of person he is and you will know if you should let him know. Usually you will get thanked for the info. If you don't go to school there, then it maybe a bad idea to report this. But if you still think you should, try doing so anonymously...
Just my take on the situation...
- The mind is too beautiful to waste...
July 30th, 2002, 11:05 PM
I'd leave it alone. You don't want anyone to suspect you of anything. Unless you know someone in their tech department, don't bother. I remember once I found a vulnerability in my ISP's web site, but I didn't tell them because I wouldn't want my service cut. People might not always believe you have good intentions even when you do if it looks like you're meddling places you shouldn't. There are thousands of vulnerable computers... Can't help them all. Sorry.