lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20060426195253.80947DA821@mailserver8.hushmail.com>
Date: Wed Apr 26 20:53:06 2006
From: 0x80 at hush.ai (0x80@...h.ai)
Subject: Should I Be Worried?

If you didnt break the law who cares.

On Wed, 26 Apr 2006 11:30:02 -0700 CrYpTiC MauleR 
<crypticmauler@...uxmail.org> wrote:
>After reading http://www.securityfocus.com/news/11389 it made me 
>think twice about actually going public with my school's security 
>hole by having school notify students, parents and/or faculty at 
>risk due to it.
>
>I mean I didnt access any records, just knew that it was possible 
>for someone to access my account or anyone elses. I did not even 
>exploit the hole to steal, modify etc any records. Does this still 

>put me in the same boat at the USC guy? If so I am really not 
>wanting to butt heads with the school in case they try to turn 
>around and bite the hand that tried to help them. Even if my 
>intentions were good, they might even make something up saying I 
>accessed entire database or something. I have nothing to prove me 
>otherwise since they have access to the logs. Already it seems 
>like the school is trying to sweep the incident under the rug, so 
>very wary as to what they might do if they were pushed into a 
>corner and forced to go public. Anyone has any idea what I can do 
>or should I just let this slide? I am already putting my credit 
>report and such on fraud alert just in case, and definelty do not 
>plan on attending this school after my degree or school year is 
>over. A transfer is better than having me risk my data.
>
>Regards,
>CM
>
>-- 
>_______________________________________________
>Check out the latest SMS services @ http://www.linuxmail.org
>This allows you to send and receive SMS through your mailbox.
>
>Powered by Outblaze
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/



Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ