Full Disclosure mailing list archives
Re: [Full-Disclosure] Notifying an institution about a vulnerability
From: "CrYpTiC MauleR" <crypticmauler () linuxmail org>
Date: Sat, 22 Apr 2006 15:09:26 -0500
Yes which is why I would never do it =o). I had contected tech support talked to them about it and they didnt know what I was talking about and well...seemed like they just got that position for something other than having any expertise. I finally managed to contact the VP of IT and he assured me it would be fixed but in fact STILL has not been. So I also talked to some people above him and yes, as you guessed it still not fixed. So I am looking for other options. I just want to get this resolved as soon as possible, not only is it using up my time, but putting my infomation at risk. So if anyone knows someone who might be able to add some leverage and press the school to fix it ASAP then please post. Thank you.
----- Original Message ----- From: "Cliff Bamford" <bamford () oz net> To: full-disclosure () lists grok org uk Subject: [Full-Disclosure] Notifying an institution about a vulnerability Date: Sat, 22 Apr 2006 21:53:31 +0200i think you may exploit this vuln and get several SSN, and then email to the institute to show the severity of your report.In the US, doing that could get you into a ton of criminal and civil trouble (I'm sad to say). What steps did the original poster take to notify the institution, exactly? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- _______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [Full-Disclosure] Notifying an institution about a vulnerability Cliff Bamford (Apr 22)
- <Possible follow-ups>
- Re: [Full-Disclosure] Notifying an institution about a vulnerability CrYpTiC MauleR (Apr 22)