Thread replies: 48
Thread images: 3
Thread images: 3
Anonymous
Should I discloseeeee? 2017-04-28 07:18:50 Post No. 60116149
[Report] Image search: [Google]
Should I discloseeeee? 2017-04-28 07:18:50 Post No. 60116149
[Report] Image search: [Google]
File: protectyonetworks.jpg (52KB, 500x304px) Image search:
[Google]
52KB, 500x304px
So I applied for this job and had my interview today. Was browsing their website/source and noticed they have a page thats visible to all viewers that has every single upload made to the site (thousands of resumes). This is for sure a permissions failure on the server. Should I inform the person I had an interview with? It was an IT job after all ¯\_(ツ)_/¯
>>
Link?
>>
use it as leverage if you dont get hired
>>
>tell them
>their current IT guy claims you hacked them
>go to prison
>>
>>60116149
They'll either give you the job or try to get you arrested. Your call.
>>
>>60116149
You run a good chance of getting in serious trouble for informing them of their retardation. We all remember Weev, right?
>>
Tell them if you get the job and leverage it for a raise. If you don't get the job, who cares?
>>
>>60116258
No proof you hacked them
>>
>>60116308
>implying
>>
OP here, I mean, I only used my web browser, that is all. Clicked view source, found a reference to a directory, clicked it, browsed it and found the mentioned directory. Is that really illegal?
>>
>>60116149
>download all of the resumes
>apply to shady companies with them
>>
Delete every other job application. Surefire way to get the job.
>>
>>60116318
According to the tech illiterate legal system, absolutely. It's not a hypothetical either: people have literally been put in prison for letting companies know about security flaws that anyone with a browser can access.
>>
>>60116318
Corrupt DA looking to pad their record so they can eventually become a corrupt judge would paint you as a literal Russian hacker.
>>
>>60116390
>Knew OP was Russian
>NSA confirmed?
good guess maybe ¯\_(ツ)_/¯
>>
>>60116318
I'm looking for a link to a doc I watched a few years ago about a guy who was on a banks website, with a few clicks found himself with a ton of access, informed them, and ended up in jail for 10 years. Will post if I find it but point is don't do it OP. Let them get fucked by shity laws.
>>
>>60116149
Don't bother. Not kidding. They're likely to call over the cops to nail you for teh cyber. Just forget about it and don't mention it to anyone.
>>
>>60116645
Don't do it op
>>
share the link OP, gotta take a look at those resumes
>>
>>60116775
This. Post link.
>>
>>60116308
No proof you didn't either.
>>
>>60116149
Like many are telling you, don't leak it. Just sit on it. One day it could be your trump card.
>>
>>60116852
Additionally, document it. Especially how easy it was to get to so the fact that anyone else could do it is shown.
Curiosity does not always mean malicious intent.
>>
>>60116906
Additionally additionally, include in documentation what you would have done to fix said leak.
>>
>>60116906
Yeah I think this is what I'll do, thanks for the advice all <3. You all may have helped me avoid a prison sentence and/or a lengthy trial lol
>>
>>60116926
op, it's vladimir1337. don't listen to boring fags in teh tread. post the url, i will take care of it.
>>
>>60116926
also, never, never acces those database/webpages from a computer of the companie
>>
>>60116318
That's more than weev got v& for.
>>
>>60117040
weew who?
>>
>>60117001
If you have an old smartphone you can run a screen recording app, use that. If you feel you need to ditch the device, it's no big loss.
>>
>>60117142
Also, don't do it from work or your house if possible. Don't know how you initially access the website to start with. I'm assuming no login portal needed.
>>
>>60117077
newfag
>>
>>60117077
the party van
>>
>>60117077
weew lad
>>
>>60117169
I did access it from my house. No login portal or anything though. If they have shite permissions on their upload directory I doubt they have leet logging skills
>>
File: 1491000110177.gif (89KB, 256x256px) Image search:
[Google]
89KB, 256x256px
>Boot into TailsOS
>Put on ski mask over freshly trimmed neckbeard
>Open Tor
>Go in and edit all the PDF's
>Place cp in all of the files
>Burn computer and possibly also house
>Dance hard techno
>>
>>60116624
still waiting on that link dawg
>>
>>60116149
>Should I inform the person I had an interview with?
Never!
Inform anonymously using a disposable non-tracable email address.
>>60116308
No proof is needed to land in hot water. ok so you are found not guilty after 10 years of investigations, prosecution and trials but you will still have wasted your life and your career will be ruined forever.
REMEMBER: No deed ever goes unpunished. NEVER. When will people learn??
>>60116359
>people have literally been put in prison for letting companies know about security flaws that anyone with a browser can access
This guy gets it.
>>60116318
>Is that really illegal?
In some countries that can be questionable. And questionable is enough to get you in jail awaiting trial.
>>
If you get the job, point it out a few days after you get hired, easy brownie points
if you don't, ignore it
>>
>>60117809
Actually that might work.
"Hey boss, I found a problem in *out* website"
sounds a lot better than
"Your website was coded by monkeys and you should feel bad. Also please hire me"
>>
>>60116339
Devilish. Do it OP, I command you.
>>
>>60116318
In the US this can probably be considered a violation of the CFAA
>>
>>60116318
weev went to jail for that.
Don't be a retard
>>
>>60116339
This would be funny as shit but it'd be so suspicious.
>>
>>60116318
absolutely not
>>
>>60117850
Yeah if I get hired I'll definitely mention it for sure
>>
>>60117947
According to others it is? CFAA is some serious shit:(
>>
You sound like a hacker on steroids
>>>/wsg/1661591
Thread posts: 48
Thread images: 3
Thread images: 3