lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sun Apr 23 19:49:07 2006
From: crypticmauler at linuxmail.org (CrYpTiC MauleR)
Subject: Re: Who Do I Contact?

Wouldn't it matter on which state? I know California for instance has strict laws about telling public of breaches, but not sure about other states. I will be calling the Attorney General of the the school's state tomorrow so should have a good answer.



> ----- Original Message -----
> From: "Dave "No, not that one" Korn" <davek_throwaway@...mail.com>
> To: full-disclosure@...ts.grok.org.uk
> Subject: [Full-disclosure] Re: Who Do I Contact?
> Date: Sun, 23 Apr 2006 15:18:49 +0100
> 
> 
> CrYpTiC MauleR wrote:
> 
> > students attending. So everyone please dont wast your time trying to
> > play 'who can guess what school it is or where it is?' because I
> > really will not verify if you are correct or not and plain do not
> > want to play that game. I just asked FD on advice of what to do
> > considering the implications, and that is all it will be kept at.
> 
>    :)  It was just a game, and I'm not actually interested in guessing where
> it is.  See my other recent post in this thread for my actual serious advice
> about what might work the best.  Good luck, it is important and it does need
> fixing.
> 
>    Incidentally, since presumably this bug has been there for some time, and
> if it's accessible from the web, then it's already too late; the data might
> have been leaked and without going through server logs with a fine-tooth
> comb it may be impossible to tell (and perhaps even with).  I don't know if
> SarbOx applies to an edu, but if the data may already have leaked then they
> really ought to be obliged to warn everyone whose data is on that database
> that they need to take precautions to protect themselves against identity
> theft.  They shouldn't be allowed to cover it up or sweep it under the
> carpet.
> 
>      cheers,
>        DaveK
> --
> Can't think of a witty .sigline today....
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

>


-- 
_______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.

Powered by Outblaze

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ