RE: [inbox] Re: [EDU-ops] Who Do I Contact?

["CrYpTiC MauleR" <crypticmauler () linuxmail org>]

I have not compromised it. I have not viewed anyones SSN numbers. I just know the hole is there and that it can lead to 
someome being able to view my infomation thus in turn anyone viewing anyone's I was not born yesterday and know that 
overstepping my bounds and actually exploiting the hole to view other people's info is illegal.


> ----- Original Message -----
> From: Exibar <exibar () thelair com>
> To: "CrYpTiC MauleR" <crypticmauler () linuxmail org>, RLVaughn <Randy_Vaughn () baylor edu>
> Subject: RE: [inbox] Re: [EDU-ops] [Full-disclosure] Who Do I Contact?
> Date: Sat, 22 Apr 2006 14:23:33 -0400
>
>
> Sounds like you've already compromised this vulnerability ans een data.
> You've already stepped over the line, no turning back from here.
>    Cut and past a couple lines of what you've seen, "X" out a couple places
> in the SSN if it makes you feel better, then send them that information.
> Tell them in the e-mail that you will contact their local news stations for
> advise on who to contact to get it fixed, as you don't have anywhere else to
> turn as all the local authorities have turned you to other authorities.
>
>     Exibar
>
> > -----Original Message-----
> > From: CrYpTiC MauleR [mailto:crypticmauler () linuxmail org]
> > Sent: Saturday, April 22, 2006 2:15 PM
> > To: RLVaughn
> > Cc: full-disclosure () lists grok org uk
> > Subject: [inbox] Re: [EDU-ops] [Full-disclosure] Who Do I Contact?
> >
> >
> > Yeah looking at just 'new' students there are potentially 7,000+
> > socials that can be stolen. This does not include students
> > already attending. I dont know an exact count of the student
> > population, but only had a new student registration list posted
> > on site. So estimates are based on those and the fact that
> > parents' SSNs can be viewed too because were provided for
> > financial aid. So a family's identity can be stolen in turn =o/
> >
> >
> > > ----- Original Message -----
> > > From: RLVaughn <Randy_Vaughn () baylor edu>
> > > To: "Gadi Evron" <ge () linuxbox org>
> > > Subject: Re: [EDU-ops] [Full-disclosure] Who Do I Contact?
> > > Date: Sat, 22 Apr 2006 11:41:59 -0500
> > >
> > >
> > > Gadi Evron wrote:
> > > > CrYpTiC MauleR wrote:
> > > > > I am sorry I am not going to say who the school is. Mainly
> > > > > because so many socials numbers are at risk including mine. I
> > > > > have contacted the VP of Information Technology and he assured
> > > > > me he would call the company that makes the website. After 20
> > > > > days the hole was not fixed, so I called the department heads
> > > > > and am giving them 48 hours from then which is now currently at
> > > > > 24 hours before I move onto notifying someone else. I was also
> > > > > thinking about contacting FBI about this seeing they handle
> > > > > school breaches but not sure.
> > > > >
> > > > > I will not go full disclosure with the info, collect SSNs and
> > > > > show school (illegal) and also please don't ask me for the
> > > > > school's name or the details of the hole. The school has been
> > > > > careless even with the tech department making a support ticket
> > > > > about my initial report which I later found out anyone could
> > > > > view too. They obviously don't know how to do anything right. So
> > > > > if anyone could provide me with a phone number or place I can
> > > > > contact would be great. Please do not reply with a name or
> > > > > number without it being posted on a credited site or be easily
> > > > > verifiable. I am not going to just randomly call whoever someone
> > > > > tells me too. Could be some idiot wants to just trick me into
> > > > > giving the details to him. Thank for the help so far guys!
> > > >
> > > > I will see if someone can contact you.
> > > > _______________________________________________
> > > > EDU-ops mailing list
> > > > EDU-ops () isotf org
> > > > http://isotf.org/mailman/listinfo/edu-ops
> > > I am checking on an appropriate contact.  I fully understand
> > your desire to
> > > establish a credible contact and to protect information at risk.  Given
> > > this is a weekend a contact may not be forthcoming until Monday
> > or Tuesday.
> > > --
> > > Best Regards,
> > > Randal Vaughn
> > > Professor, Information Systems
> > > Baylor University
> > > (254) 710 4756
> >
> > >
> >
> >
> > --
> > _______________________________________________
> > Check out the latest SMS services @ http://www.linuxmail.org
> > This allows you to send and receive SMS through your mailbox.
> >
> > Powered by Outblaze
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/

>


-- 
_______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.

Powered by Outblaze

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/