[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20060423094129.GA10690@lboro.ac.uk>
Date: Sun Apr 23 10:41:38 2006
From: A.L.M.Buxey at lboro.ac.uk (A.L.M.Buxey@...ro.ac.uk)
Subject: Who Do I Contact?
Hi,
I think we're missing something here. So, you're not going to disclose
a security hole until the scholl has sorted the situation out, yes?
but is the system in use a home-built application or an off-the-shelf
system. if its the former then some people need to be looking at what
policies are in place for checking data security...and the procedures
to undertake to make sure this doesnt happen again - and ask why it did
in the first place.
if its the latter...then it doesnt matter about YOUR school as there will
be many other places that have this issue. in this case you need to get
the vendor in on the problem asap. and full disclosure of their software
issue is a must for the future safety of any other company.
you also didnt mention why this service is available for all to access...should
this system REALLY be visible to rest of school. rest of the world? is
it used for coursework submission, email, intranet, T+L ?
alan
Powered by blists - more mailing lists