lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat Apr 22 19:31:19 2006 From: crypticmauler at linuxmail.org (CrYpTiC MauleR) Subject: [inbox] Re: [EDU-ops] Who Do I Contact? I have not compromised it. I have not viewed anyones SSN numbers. I just know the hole is there and that it can lead to someome being able to view my infomation thus in turn anyone viewing anyone's I was not born yesterday and know that overstepping my bounds and actually exploiting the hole to view other people's info is illegal. > ----- Original Message ----- > From: Exibar <exibar@...lair.com> > To: "CrYpTiC MauleR" <crypticmauler@...uxmail.org>, RLVaughn <Randy_Vaughn@...lor.edu> > Subject: RE: [inbox] Re: [EDU-ops] [Full-disclosure] Who Do I Contact? > Date: Sat, 22 Apr 2006 14:23:33 -0400 > > > Sounds like you've already compromised this vulnerability ans een data. > You've already stepped over the line, no turning back from here. > Cut and past a couple lines of what you've seen, "X" out a couple places > in the SSN if it makes you feel better, then send them that information. > Tell them in the e-mail that you will contact their local news stations for > advise on who to contact to get it fixed, as you don't have anywhere else to > turn as all the local authorities have turned you to other authorities. > > Exibar > > > -----Original Message----- > > From: CrYpTiC MauleR [mailto:crypticmauler@...uxmail.org] > > Sent: Saturday, April 22, 2006 2:15 PM > > To: RLVaughn > > Cc: full-disclosure@...ts.grok.org.uk > > Subject: [inbox] Re: [EDU-ops] [Full-disclosure] Who Do I Contact? > > > > > > Yeah looking at just 'new' students there are potentially 7,000+ > > socials that can be stolen. This does not include students > > already attending. I dont know an exact count of the student > > population, but only had a new student registration list posted > > on site. So estimates are based on those and the fact that > > parents' SSNs can be viewed too because were provided for > > financial aid. So a family's identity can be stolen in turn =o/ > > > > > > > ----- Original Message ----- > > > From: RLVaughn <Randy_Vaughn@...lor.edu> > > > To: "Gadi Evron" <ge@...uxbox.org> > > > Subject: Re: [EDU-ops] [Full-disclosure] Who Do I Contact? > > > Date: Sat, 22 Apr 2006 11:41:59 -0500 > > > > > > > > > Gadi Evron wrote: > > > > CrYpTiC MauleR wrote: > > > >> I am sorry I am not going to say who the school is. Mainly > > > >> because so many socials numbers are at risk including mine. I > > > >> have contacted the VP of Information Technology and he assured > > > >> me he would call the company that makes the website. After 20 > > > >> days the hole was not fixed, so I called the department heads > > > >> and am giving them 48 hours from then which is now currently at > > > >> 24 hours before I move onto notifying someone else. I was also > > > >> thinking about contacting FBI about this seeing they handle > > > >> school breaches but not sure. > > > >> > > > >> I will not go full disclosure with the info, collect SSNs and > > > >> show school (illegal) and also please don't ask me for the > > > >> school's name or the details of the hole. The school has been > > > >> careless even with the tech department making a support ticket > > > >> about my initial report which I later found out anyone could > > > >> view too. They obviously don't know how to do anything right. So > > > >> if anyone could provide me with a phone number or place I can > > > >> contact would be great. Please do not reply with a name or > > > >> number without it being posted on a credited site or be easily > > > >> verifiable. I am not going to just randomly call whoever someone > > > >> tells me too. Could be some idiot wants to just trick me into > > > >> giving the details to him. Thank for the help so far guys! > > > >> > > > > > > > > I will see if someone can contact you. > > > > _______________________________________________ > > > > EDU-ops mailing list > > > > EDU-ops@...tf.org > > > > http://isotf.org/mailman/listinfo/edu-ops > > > I am checking on an appropriate contact. I fully understand > > your desire to > > > establish a credible contact and to protect information at risk. Given > > > this is a weekend a contact may not be forthcoming until Monday > > or Tuesday. > > > > > > -- > > > Best Regards, > > > Randal Vaughn > > > Professor, Information Systems > > > Baylor University > > > (254) 710 4756 > > > > > > > > > > > -- > > _______________________________________________ > > Check out the latest SMS services @ http://www.linuxmail.org > > This allows you to send and receive SMS through your mailbox. > > > > Powered by Outblaze > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > -- _______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze
Powered by blists - more mailing lists