Re: Who Do I Contact?

["CrYpTiC MauleR" <crypticmauler () linuxmail org>]

No I am not from that area, sorry. School has yet to contact me back since my last call and email done day before 
yesterday. I told them 48 hours was the grace period I was giving them to fix the hole since I had reported it 20 days 
earlier and nothing was done. So they are walking on thin ice not doing whats in their best interest, because 
financially this can make a big dent in their funding and attendance when the news of it reachs the public or the 
government gets involved. Not to exclude lawsuits from parents and students who could be suffering from identity theft 
due to the hole which by as I can guess has been there since 2003. Time will tell.



> ----- Original Message -----
> From: Laura <tuonogirantesi () yahoo com>
> To: "CrYpTiC MauleR" <crypticmauler () linuxmail org>
> Subject: Re: [Full-disclosure] Who Do I Contact?
> Date: Sat, 22 Apr 2006 10:02:07 -0700 (PDT)
>
>
> I am looking at your email headers and wondering if you are from the Topeka
> Kansas area?
> Have you gotten any response from your school yet?
>
> --- CrYpTiC MauleR <crypticmauler () linuxmail org> wrote:
> > I am sorry I am not going to say who the school is. Mainly because so many
> > socials numbers are at risk including mine. I have contacted the VP of
> > Information Technology and he assured me he would call the company that makes
> > the website. After 20 days the hole was not fixed, so I called the department
> > heads and am giving them 48 hours from then which is now 
> > currently at 24 hours
> > before I move onto notifying someone else. I was also thinking 
> > about contacting
> > FBI about this seeing they handle school breaches but not sure.
> >
> > I will not go full disclosure with the info, collect SSNs and show school
> > (illegal) and also please don't ask me for the school's name or 
> > the details of
> > the hole. The school has been careless even with the tech department making a
> > support ticket about my initial report which I later found out anyone could
> > view too. They obviously don't know how to do anything right. So if anyone
> > could provide me with a phone number or place I can contact would be great.
> > Please do not reply with a name or number without it being posted 
> > on a credited
> > site or be easily verifiable. I am not going to just randomly call whoever
> > someone tells me too. Could be some idiot wants to just trick me into giving
> > the details to him. Thank for the help so far guys!
> >
> > -- _______________________________________________
> > Check out the latest SMS services @ http://www.linuxmail.org
> > This allows you to send and receive SMS through your mailbox.
> >
> > Powered by Outblaze
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/

>


-- 
_______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.

Powered by Outblaze

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/