Re: [Full-Disclosure] Notifying an institution about a vulnerability

["CrYpTiC MauleR" <crypticmauler () linuxmail org>]

Yes which is why I would never do it =o). I had contected tech support talked to them about it and they didnt know what 
I was talking about and well...seemed like they just got that position for something other than having any expertise. I 
finally managed to contact the VP of IT and he assured me it would be fixed but in fact STILL has not been. So I also 
talked to some people above him and yes, as you guessed it still not fixed. So I am looking for other options. I just 
want to get this resolved as soon as possible, not only is it using up my time, but putting my infomation at risk. So 
if anyone knows someone who might be able to add some leverage and press the school to fix it ASAP then please post. 
Thank you.


> ----- Original Message -----
> From: "Cliff Bamford" <bamford () oz net>
> To: full-disclosure () lists grok org uk
> Subject: [Full-Disclosure] Notifying an institution about a vulnerability
> Date: Sat, 22 Apr 2006 21:53:31 +0200
>
>
>
> > i think you may exploit this vuln and get several SSN, and then 
> > email to the institute to show the severity of your report.
>
> In the US, doing that could get you into a ton of criminal and civil trouble
> (I'm sad to say).
> What steps did the original poster take to notify the institution, exactly?
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

>


-- 
_______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.

Powered by Outblaze

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/