Educause Security Discussion mailing list archives

Conference registration leaks YOUR personal information

From: Justin Klein Keane <jukeane () SAS UPENN EDU>
Date: Wed, 29 Oct 2008 09:25:21 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

  I thought the list might be interested to know that the Educause
conference registration pages leak your personal information to anyone
curious.  If you go to any conference registration page, for instance:

http://net.educause.edu/Registration/15931

and click the "Register someone else online using our secure server"
link you can enter a target e-mail address and click through the
registration process to not only reveal their full contact information,
but also their emergency contact information!  I've emailed Educause
about this problem but thought the list would like to know so you can
provide pressure to get this problem fixed.

Justin C. Klein Keane

Sr. Information Security Specialist
Information Security and Unix Systems
University of Pennsylvania
School of Arts and Sciences
3600 Market St.
Room 520
Philadelphia, PA 19104
215.898.0236(p)
215.573.3166(f)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD4DBQFJCGRBR4a3EW2yjlQRAvc9AJ9Nx9H6cCKGYBhD4xIDGjYZpSXPfACVHZGG
ElNurKaME0vDh2BqJKajJQ==
=WdCz
-----END PGP SIGNATURE-----

Current thread:

Conference registration leaks YOUR personal information Justin Klein Keane (Oct 29)
- <Possible follow-ups>
- Re: Conference registration leaks YOUR personal information Becky Granger (Oct 29)
- Re: Conference registration leaks YOUR personal information Cal Frye (Oct 29)
- Re: Conference registration leaks YOUR personal information Rodney Petersen (Oct 31)