lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun Apr 23 15:19:13 2006 From: davek_throwaway at hotmail.com (Dave "No, not that one" Korn) Subject: Re: Who Do I Contact? CrYpTiC MauleR wrote: > students attending. So everyone please dont wast your time trying to > play 'who can guess what school it is or where it is?' because I > really will not verify if you are correct or not and plain do not > want to play that game. I just asked FD on advice of what to do > considering the implications, and that is all it will be kept at. :) It was just a game, and I'm not actually interested in guessing where it is. See my other recent post in this thread for my actual serious advice about what might work the best. Good luck, it is important and it does need fixing. Incidentally, since presumably this bug has been there for some time, and if it's accessible from the web, then it's already too late; the data might have been leaked and without going through server logs with a fine-tooth comb it may be impossible to tell (and perhaps even with). I don't know if SarbOx applies to an edu, but if the data may already have leaked then they really ought to be obliged to warn everyone whose data is on that database that they need to take precautions to protect themselves against identity theft. They shouldn't be allowed to cover it up or sweep it under the carpet. cheers, DaveK -- Can't think of a witty .sigline today....
Powered by blists - more mailing lists