lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 22 Feb 2010 18:07:20 +0100
From: the hacker <info@...-hacker.info>
To: full-disclosure@...ts.grok.org.uk
Subject: ACM.ORG data leak still there 4 days after
 announcing to CEO John White

4 days since I informed ACM's CEO John White of the severe data leak on 
acm.org - but the leak has not been fixed

26 hour after contacting ACM and 2 hours after a reminder to the CEO I 
got an email from ACM member services:

"Thank you for pointing out the security issues you located on acm.org. 
We are in the process of updating these security issues."

But that was 3 days ago and nothing has changed - they did not even ask 
me where the leak is!

as stated before full postal and email address data can be extracted 
from a database & also overwritten

I'm going to write CEO Mr. White again and attach a sample of 2500 
extracted addresses & send it to some CC's

Its weird, I mean this company is not selling flowers, ACM states on its 
website that " ACM is an educational and scientific society uniting the 
world's computing educators, researchers and professionals to inspire 
dialogue, share resources and address the field's challenges. ACM 
strengthens the profession's collective voice through strong leadership, 
promotion of the highest standards, and recognition of technical 
excellence. ACM supports the professional growth of its members by 
providing opportunities for life-long learning, career development, and 
professional networking."

so where is technical excellence here???

details & screenshot of extracted data on http://www.the-hacker-news.com/

follow this on http://twitter.com/_the_hacker_

the hacker

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ