Educause Security Discussion mailing list archives
Conference registration leaks YOUR personal information
From: Justin Klein Keane <jukeane () SAS UPENN EDU>
Date: Wed, 29 Oct 2008 09:25:21 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I thought the list might be interested to know that the Educause conference registration pages leak your personal information to anyone curious. If you go to any conference registration page, for instance: http://net.educause.edu/Registration/15931 and click the "Register someone else online using our secure server" link you can enter a target e-mail address and click through the registration process to not only reveal their full contact information, but also their emergency contact information! I've emailed Educause about this problem but thought the list would like to know so you can provide pressure to get this problem fixed. Justin C. Klein Keane Sr. Information Security Specialist Information Security and Unix Systems University of Pennsylvania School of Arts and Sciences 3600 Market St. Room 520 Philadelphia, PA 19104 215.898.0236(p) 215.573.3166(f) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFJCGRBR4a3EW2yjlQRAvc9AJ9Nx9H6cCKGYBhD4xIDGjYZpSXPfACVHZGG ElNurKaME0vDh2BqJKajJQ== =WdCz -----END PGP SIGNATURE-----
Current thread:
- Conference registration leaks YOUR personal information Justin Klein Keane (Oct 29)
- <Possible follow-ups>
- Re: Conference registration leaks YOUR personal information Becky Granger (Oct 29)
- Re: Conference registration leaks YOUR personal information Cal Frye (Oct 29)
- Re: Conference registration leaks YOUR personal information Rodney Petersen (Oct 31)