lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed Apr 26 20:22:37 2006
From: gluttony at gmail.com (Andrew A)
Subject: Should I Be Worried?

Your list troll was pretty lol.

I commend you.

On 4/26/06, CrYpTiC MauleR <crypticmauler@...uxmail.org> wrote:
>
> After reading http://www.securityfocus.com/news/11389 it made me think
> twice about actually going public with my school's security hole by having
> school notify students, parents and/or faculty at risk due to it.
>
> I mean I didnt access any records, just knew that it was possible for
> someone to access my account or anyone elses. I did not even exploit the
> hole to steal, modify etc any records. Does this still put me in the same
> boat at the USC guy? If so I am really not wanting to butt heads with the
> school in case they try to turn around and bite the hand that tried to help
> them. Even if my intentions were good, they might even make something up
> saying I accessed entire database or something. I have nothing to prove me
> otherwise since they have access to the logs. Already it seems like the
> school is trying to sweep the incident under the rug, so very wary as to
> what they might do if they were pushed into a corner and forced to go
> public. Anyone has any idea what I can do or should I just let this slide? I
> am already putting my credit report and such on fraud alert just in case,
> and definelty do not plan on attending this school after my degree or school
> year is over. A transfer is better than having me risk my data.
>
> Regards,
> CM
>
> --
> _______________________________________________
> Check out the latest SMS services @ http://www.linuxmail.org
> This allows you to send and receive SMS through your mailbox.
>
> Powered by Outblaze
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060426/d16ff51f/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ