lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130122004854.00c5df3d@anubis.defcon1>
Date: Tue, 22 Jan 2013 00:48:54 +0100
From: Bzzz <lazyvirus@....com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Student expelled from Montreal college after
 finding vulnerability that compromised security of 250,
 000 students personal data

On Mon, 21 Jan 2013 22:42:24 +0000
Philip Whitehouse <philip@...uk.com> wrote:

> Moreover, he ran it again after reporting it to see if it was still
> there. Essentially he's doing an unauthorised pen test having alerted
> them that he'd done one already.
> 
> I agree with Benji.

From a European point of view, I see more a young guy thinking
he was doing the right thing, then making sure the flaw's
fixed.

There are some strange things:

he retries and *minutes* after that the phone's ringing - from 
what I know of Canada's system, only 24/7 official eavesdropping
could lead to such a short delay (but even in his case more than
minutes). and I don't really think the college nor skytech had
triggered such an _official_ survey (otherwise authorities would
have call, not the skytech CEO).

It looks like more a foreseeable behavior exploited to build a
setup to push him signing the NDA.

So I think he was rather naïve than a moron.

Rise and shine, this completely justify the existence
of this wonderful mailing list ;)

Jean-Yves
-- 
<neonoe> what means "lp0 on fire" ?
<Naha>   that your printer's burning
<neonoe> ah ok
<neonoe> actually
<neonoe> shit...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ