lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun Apr 23 15:19:13 2006
From: davek_throwaway at hotmail.com (Dave "No, not that one" Korn)
Subject: Re: Who Do I Contact?

CrYpTiC MauleR wrote:

> students attending. So everyone please dont wast your time trying to
> play 'who can guess what school it is or where it is?' because I
> really will not verify if you are correct or not and plain do not
> want to play that game. I just asked FD on advice of what to do
> considering the implications, and that is all it will be kept at.

  :)  It was just a game, and I'm not actually interested in guessing where 
it is.  See my other recent post in this thread for my actual serious advice 
about what might work the best.  Good luck, it is important and it does need 
fixing.

  Incidentally, since presumably this bug has been there for some time, and 
if it's accessible from the web, then it's already too late; the data might 
have been leaked and without going through server logs with a fine-tooth 
comb it may be impossible to tell (and perhaps even with).  I don't know if 
SarbOx applies to an edu, but if the data may already have leaked then they 
really ought to be obliged to warn everyone whose data is on that database 
that they need to take precautions to protect themselves against identity 
theft.  They shouldn't be allowed to cover it up or sweep it under the 
carpet.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



Powered by blists - more mailing lists