| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Jan 2013 00:48:54 +0100 From: Bzzz <lazyvirus@....com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 students personal data On Mon, 21 Jan 2013 22:42:24 +0000 Philip Whitehouse <philip@...uk.com> wrote: > Moreover, he ran it again after reporting it to see if it was still > there. Essentially he's doing an unauthorised pen test having alerted > them that he'd done one already. > > I agree with Benji. From a European point of view, I see more a young guy thinking he was doing the right thing, then making sure the flaw's fixed. There are some strange things: he retries and *minutes* after that the phone's ringing - from what I know of Canada's system, only 24/7 official eavesdropping could lead to such a short delay (but even in his case more than minutes). and I don't really think the college nor skytech had triggered such an _official_ survey (otherwise authorities would have call, not the skytech CEO). It looks like more a foreseeable behavior exploited to build a setup to push him signing the NDA. So I think he was rather naïve than a moron. Rise and shine, this completely justify the existence of this wonderful mailing list ;) Jean-Yves -- <neonoe> what means "lp0 on fire" ? <Naha> that your printer's burning <neonoe> ah ok <neonoe> actually <neonoe> shit... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists