Re: ACM.ORG data leak still there 4 days after announcing to CEO John White

[Christian Sciberras <uuf6429 () gmail com>]

I think Mr Lytle might be interested in reading my post re pen testing
by "the hacker".

Kindly,
Chris.

On Mon, Feb 22, 2010 at 11:14 PM, James W. Lytle <jlytle () uhcenter com> wrote:
> Were you contracted by them to conduct a penetration test?  If not, legal or no, it is an ethical violation.  I'm not 
> a lawyer, but I have asked questions of lawyers and law enforcement pertaining to similar situations and the answer 
> is that it is considered trespassing/breaking and entering and unethical unless there is a binding contract which you 
> are fulfilling for a client.
>
> Thanks!
>
> James W. Lytle
> Network Analyst
> Medical Information Systems
> 1102 West Macarthur
> Shawnee, OK 74804
> 405.395.5749 (office)
> 405.647.0364 (pager)
> jlytle () uhcenter com
>
> This electronic message transmission contains information from Unity Health Center which may be confidential or 
> privileged. This information is intended to be for the use of the individual or entity named above. If you are not 
> the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this 
> information is prohibited. If you have received this electronic transmission in error, please notify us immediately 
> by telephone (405-395-5749) or by electronic mail at jlytle () uhcenter com.
>
>
>
> > -----Original Message-----
> > From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-
> > bounces () lists grok org uk] On Behalf Of the hacker
> > Sent: Monday, February 22, 2010 3:44 PM
> > To: full-disclosure () lists grok org uk
> > Subject: Re: [Full-disclosure] ACM.ORG data leak still there 4 days after
> > announcing to CEO John White
> >
> > After raising pressure a little bit (also by writing to this list) ACM
> > has finally reacted and asked where the problem is.
> >
> > I told them the details so I guess they will finally be able to fix it.
> >
> > My opinion is still that I did never try to conceal anything, I gave
> > them my real contact information and even sent the mail from the same ip
> > I accessed their site etc., so this should not be illegal.
> >
> > But of course Benji is right in some way because you can always sue
> > anybody for anything  - the question is just who will win the trial.
> >
> > In this case I really don't think it would be worth trying to sue me...
> >
> > But I think its an important discussion & I look forward to more feedback.
> >
> > TH
> >
> >
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/