lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri May 12 11:39:54 2006
From: rvarada at gmail.com (Rajesh V)
Subject: Should I Be Worried?

Ohio University suffers security breaches

http://news.com.com/2100-7349_3-6071505.html?part=rss&tag=6071505&subj=news

So can we assume the matter to be closed now? Or is yours still
another school, waiting for data to be stolen?

If it is another school, maybe all these break-in news reports will
hopefully make them secure their systems a little more.

Rajesh V



On 4/27/06, CrYpTiC MauleR <crypticmauler@...uxmail.org> wrote:
> After reading http://www.securityfocus.com/news/11389 it made me think twice about actually going public with my school's security hole by having school notify students, parents and/or faculty at risk due to it.
>
> I mean I didnt access any records, just knew that it was possible for someone to access my account or anyone elses. I did not even exploit the hole to steal, modify etc any records. Does this still put me in the same boat at the USC guy? If so I am really not wanting to butt heads with the school in case they try to turn around and bite the hand that tried to help them. Even if my intentions were good, they might even make something up saying I accessed entire database or something. I have nothing to prove me otherwise since they have access to the logs. Already it seems like the school is trying to sweep the incident under the rug, so very wary as to what they might do if they were pushed into a corner and forced to go public. Anyone has any idea what I can do or should I just let this slide? I am already putting my credit report and such on fraud alert just in case, and definelty do not plan on attending this school after my degree or school year is over. A transfer is better than having me risk my data.
>
> Regards,
> CM
>
> --
> _______________________________________________
> Check out the latest SMS services @ http://www.linuxmail.org
> This allows you to send and receive SMS through your mailbox.
>
> Powered by Outblaze
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ