lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat Apr 22 19:22:03 2006
From: crypticmauler at linuxmail.org (CrYpTiC MauleR)
Subject: Who Do I Contact?

No I am not from that area, sorry. School has yet to contact me back since my last call and email done day before yesterday. I told them 48 hours was the grace period I was giving them to fix the hole since I had reported it 20 days earlier and nothing was done. So they are walking on thin ice not doing whats in their best interest, because financially this can make a big dent in their funding and attendance when the news of it reachs the public or the government gets involved. Not to exclude lawsuits from parents and students who could be suffering from identity theft due to the hole which by as I can guess has been there since 2003. Time will tell.



> ----- Original Message -----
> From: Laura <tuonogirantesi@...oo.com>
> To: "CrYpTiC MauleR" <crypticmauler@...uxmail.org>
> Subject: Re: [Full-disclosure] Who Do I Contact?
> Date: Sat, 22 Apr 2006 10:02:07 -0700 (PDT)
> 
> 
> I am looking at your email headers and wondering if you are from the Topeka
> Kansas area?
> Have you gotten any response from your school yet?
> 
> --- CrYpTiC MauleR <crypticmauler@...uxmail.org> wrote:
> > I am sorry I am not going to say who the school is. Mainly because so many
> > socials numbers are at risk including mine. I have contacted the VP of
> > Information Technology and he assured me he would call the company that makes
> > the website. After 20 days the hole was not fixed, so I called the department
> > heads and am giving them 48 hours from then which is now 
> > currently at 24 hours
> > before I move onto notifying someone else. I was also thinking 
> > about contacting
> > FBI about this seeing they handle school breaches but not sure.
> >
> > I will not go full disclosure with the info, collect SSNs and show school
> > (illegal) and also please don't ask me for the school's name or 
> > the details of
> > the hole. The school has been careless even with the tech department making a
> > support ticket about my initial report which I later found out anyone could
> > view too. They obviously don't know how to do anything right. So if anyone
> > could provide me with a phone number or place I can contact would be great.
> > Please do not reply with a name or number without it being posted 
> > on a credited
> > site or be easily verifiable. I am not going to just randomly call whoever
> > someone tells me too. Could be some idiot wants to just trick me into giving
> > the details to him. Thank for the help so far guys!
> >
> > -- _______________________________________________
> > Check out the latest SMS services @ http://www.linuxmail.org
> > This allows you to send and receive SMS through your mailbox.
> >
> > Powered by Outblaze
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >

>


-- 
_______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.

Powered by Outblaze

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ