Full Disclosure mailing list archives
RE: [inbox] Re: [EDU-ops] Who Do I Contact?
From: "CrYpTiC MauleR" <crypticmauler () linuxmail org>
Date: Sat, 22 Apr 2006 13:30:59 -0500
I have not compromised it. I have not viewed anyones SSN numbers. I just know the hole is there and that it can lead to someome being able to view my infomation thus in turn anyone viewing anyone's I was not born yesterday and know that overstepping my bounds and actually exploiting the hole to view other people's info is illegal.
----- Original Message ----- From: Exibar <exibar () thelair com> To: "CrYpTiC MauleR" <crypticmauler () linuxmail org>, RLVaughn <Randy_Vaughn () baylor edu> Subject: RE: [inbox] Re: [EDU-ops] [Full-disclosure] Who Do I Contact? Date: Sat, 22 Apr 2006 14:23:33 -0400 Sounds like you've already compromised this vulnerability ans een data. You've already stepped over the line, no turning back from here. Cut and past a couple lines of what you've seen, "X" out a couple places in the SSN if it makes you feel better, then send them that information. Tell them in the e-mail that you will contact their local news stations for advise on who to contact to get it fixed, as you don't have anywhere else to turn as all the local authorities have turned you to other authorities. Exibar-----Original Message----- From: CrYpTiC MauleR [mailto:crypticmauler () linuxmail org] Sent: Saturday, April 22, 2006 2:15 PM To: RLVaughn Cc: full-disclosure () lists grok org uk Subject: [inbox] Re: [EDU-ops] [Full-disclosure] Who Do I Contact? Yeah looking at just 'new' students there are potentially 7,000+ socials that can be stolen. This does not include students already attending. I dont know an exact count of the student population, but only had a new student registration list posted on site. So estimates are based on those and the fact that parents' SSNs can be viewed too because were provided for financial aid. So a family's identity can be stolen in turn =o/----- Original Message ----- From: RLVaughn <Randy_Vaughn () baylor edu> To: "Gadi Evron" <ge () linuxbox org> Subject: Re: [EDU-ops] [Full-disclosure] Who Do I Contact? Date: Sat, 22 Apr 2006 11:41:59 -0500 Gadi Evron wrote:CrYpTiC MauleR wrote:I am sorry I am not going to say who the school is. Mainly because so many socials numbers are at risk including mine. I have contacted the VP of Information Technology and he assured me he would call the company that makes the website. After 20 days the hole was not fixed, so I called the department heads and am giving them 48 hours from then which is now currently at 24 hours before I move onto notifying someone else. I was also thinking about contacting FBI about this seeing they handle school breaches but not sure. I will not go full disclosure with the info, collect SSNs and show school (illegal) and also please don't ask me for the school's name or the details of the hole. The school has been careless even with the tech department making a support ticket about my initial report which I later found out anyone could view too. They obviously don't know how to do anything right. So if anyone could provide me with a phone number or place I can contact would be great. Please do not reply with a name or number without it being posted on a credited site or be easily verifiable. I am not going to just randomly call whoever someone tells me too. Could be some idiot wants to just trick me into giving the details to him. Thank for the help so far guys!I will see if someone can contact you. _______________________________________________ EDU-ops mailing list EDU-ops () isotf org http://isotf.org/mailman/listinfo/edu-opsI am checking on an appropriate contact. I fully understandyour desire toestablish a credible contact and to protect information at risk. Given this is a weekend a contact may not be forthcoming until Mondayor Tuesday.-- Best Regards, Randal Vaughn Professor, Information Systems Baylor University (254) 710 4756-- _______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- _______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: [inbox] Re: [EDU-ops] Who Do I Contact? CrYpTiC MauleR (Apr 22)