lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat Apr 22 19:23:44 2006
From: exibar at thelair.com (Exibar)
Subject: [inbox] Re: [EDU-ops] Who Do I Contact?

Sounds like you've already compromised this vulnerability ans een data.
You've already stepped over the line, no turning back from here.
  Cut and past a couple lines of what you've seen, "X" out a couple places
in the SSN if it makes you feel better, then send them that information.
Tell them in the e-mail that you will contact their local news stations for
advise on who to contact to get it fixed, as you don't have anywhere else to
turn as all the local authorities have turned you to other authorities.

   Exibar

> -----Original Message-----
> From: CrYpTiC MauleR [mailto:crypticmauler@...uxmail.org]
> Sent: Saturday, April 22, 2006 2:15 PM
> To: RLVaughn
> Cc: full-disclosure@...ts.grok.org.uk
> Subject: [inbox] Re: [EDU-ops] [Full-disclosure] Who Do I Contact?
>
>
> Yeah looking at just 'new' students there are potentially 7,000+
> socials that can be stolen. This does not include students
> already attending. I dont know an exact count of the student
> population, but only had a new student registration list posted
> on site. So estimates are based on those and the fact that
> parents' SSNs can be viewed too because were provided for
> financial aid. So a family's identity can be stolen in turn =o/
>
>
> > ----- Original Message -----
> > From: RLVaughn <Randy_Vaughn@...lor.edu>
> > To: "Gadi Evron" <ge@...uxbox.org>
> > Subject: Re: [EDU-ops] [Full-disclosure] Who Do I Contact?
> > Date: Sat, 22 Apr 2006 11:41:59 -0500
> >
> >
> > Gadi Evron wrote:
> > > CrYpTiC MauleR wrote:
> > >> I am sorry I am not going to say who the school is. Mainly
> > >> because so many socials numbers are at risk including mine. I
> > >> have contacted the VP of Information Technology and he assured
> > >> me he would call the company that makes the website. After 20
> > >> days the hole was not fixed, so I called the department heads
> > >> and am giving them 48 hours from then which is now currently at
> > >> 24 hours before I move onto notifying someone else. I was also
> > >> thinking about contacting FBI about this seeing they handle
> > >> school breaches but not sure.
> > >>
> > >> I will not go full disclosure with the info, collect SSNs and
> > >> show school (illegal) and also please don't ask me for the
> > >> school's name or the details of the hole. The school has been
> > >> careless even with the tech department making a support ticket
> > >> about my initial report which I later found out anyone could
> > >> view too. They obviously don't know how to do anything right. So
> > >> if anyone could provide me with a phone number or place I can
> > >> contact would be great. Please do not reply with a name or
> > >> number without it being posted on a credited site or be easily
> > >> verifiable. I am not going to just randomly call whoever someone
> > >> tells me too. Could be some idiot wants to just trick me into
> > >> giving the details to him. Thank for the help so far guys!
> > >>
> > >
> > > I will see if someone can contact you.
> > > _______________________________________________
> > > EDU-ops mailing list
> > > EDU-ops@...tf.org
> > > http://isotf.org/mailman/listinfo/edu-ops
> > I am checking on an appropriate contact.  I fully understand
> your desire to
> > establish a credible contact and to protect information at risk.  Given
> > this is a weekend a contact may not be forthcoming until Monday
> or Tuesday.
> >
> > --
> > Best Regards,
> > Randal Vaughn
> > Professor, Information Systems
> > Baylor University
> > (254) 710 4756
>
> >
>
>
> --
> _______________________________________________
> Check out the latest SMS services @ http://www.linuxmail.org
> This allows you to send and receive SMS through your mailbox.
>
> Powered by Outblaze
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>

Powered by blists - more mailing lists