Re: Who Do I Contact?

[Javor Ninov <drfrancky () securax org>]

Then what is the meaning of "Full Disclosure" ?

--
Javor Ninov aka DrFrancky
http://securitydot.net/

Don Bailey wrote:
> > > "If the vendor refuses to act upon the news of the vulnerability, then 
> > > Full Disclosure is in order."  (don't release the numbers of course 
> > > but release a generic statement that "this" universtity is not secure.
>
> Is this a joke? Absolutely do *not* implement full disclosure. Doing
> so will cause unnecessary and probable exposure of private
> information.
>
> First, contact the university's IT department. If that doesn't work,
> contact a regent of the university. They will put you in touch
> with an individual that can fix the problem. There is no reason
> to reveal the university to parties that have no business with
> said information. Public forums only disclose information to
> people that have no right to that information. You can not
> control the actions individuals in the public have.
>
> Risking the privacy of innocent students and faculty is not
> the proper means to solve a problem.
>
> Do you want X number of script kids pounding a university
> causing them more problems?
>
> > > Send a copy of the email to the University.  Might want to include 
> > > their local TV news as well.  You'd be surprised how the alumni will 
> > > react to get that fixed.
>
> What are you, a media whore?
>
> > > In order to give them one more shot you may wish to tell them on which 
> > > date it will be publically released.
>
> Ridiculous.
>
> Don "north" Bailey

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/