lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <444AA9AF.5010607@haveyoubeentested.org>
Date: Sat Apr 22 23:10:29 2006
From: sol at haveyoubeentested.org (Sol Invictus)
Subject: Who Do I Contact?

"I am a supporter of full disclosure, but when I see in this situation the pros and cons of going FD the cons heavily outweigh any benefit. Yes the school may move faster, or they wont but in the process it would put thousands of student records at risk to misuse and id theft."

What you don't realize is that just by posting here that an Educational Institution is vulnerable to this,  Some Readers (not me) might already be scanning for web vulnerabilities at these sites across the US.

So Why not just post it here and tell everyone and then maybe the President of the Institution may get a call at 2 am Sunday morning realizing that they need to fix this now.

Sol.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ