lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sun Apr 23 10:41:38 2006
From: A.L.M.Buxey at lboro.ac.uk (A.L.M.Buxey@...ro.ac.uk)
Subject: Who Do I Contact?

Hi,

I think we're missing something here. So, you're not going to disclose
a security hole until the scholl has sorted the situation out, yes?

but is the system in use a home-built application or an off-the-shelf
system. if its the former then some people need to be looking at what
policies are in place for checking data security...and the procedures
to undertake to make sure this doesnt happen again - and ask why it did
in the first place.

if its the latter...then it doesnt matter about YOUR school as there will
be many other places that have this issue. in this case you need to get
the vendor in on the problem asap. and full disclosure of their software
issue is a must for the future safety of any other company.

you also didnt mention why this service is available for all to access...should
this system REALLY be visible to rest of school. rest of the world? is
it used for coursework submission, email, intranet, T+L ?

alan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ