Penetration Testing mailing list archives
RE: Informing Companies about security vulnerabilities...
From: "Levenglick, Jeff" <JLevenglick () fhlbatl com>
Date: Thu, 5 Oct 2006 14:15:16 -0400
Altho I'm not sure the FBI will come knocking, I would think that he is very lucky if that company does not come after him. (worse case is that other companies are already looking for him) If they did read this list, then that would give them some proof, but he has stated that he sent an email with the issues, so that may be enough proof. Proof that - He knows that he did. Because he is teaching a class on security he should know it is illegal What could be a BIG nightmare for him in the future - If one or more of his students hacked any of the sites that he used to teach them. He could be held just as guilty. By that I mean : In a class if I show you how to hack a dummy class site with dummy/fake/easy hacks there are no real world connections. Anything a student does outside the class would be of their own doing. BUT.. If I show you the exact steps on how to hack www.xyc.com and then a student does the exact same steps, I am just as guilty. It would be the same as me posting instructions on the internet. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Michael Scheidell Sent: Thursday, October 05, 2006 2:11 AM To: pen-test () securityfocus com Subject: RE: Informing Companies about security vulnerabilities...
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Joseph McCray Sent: Wednesday, October 04, 2006 3:07 AM To: pen-test () securityfocus com Subject: Informing Companies about security vulnerabilities... This probably won't sound like that big of a deal, but it still bothered me so I figured I'd ask the list. I was teaching a Web Application Security class last week and we were performing simple XXS, SQL Injection, etc on the vulnerable web apps I use for class.
So, what's the pool up to now? I have $50 on two weeks before the FBI closes down the school, takes all the computers in the school, executes a search warrant for every students computer, and the bright boy teaching the class spends thousands of dollars trying to explain to a Judge (that reads the newspaper about hacks on banks) that what he did was not hacking. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016 00000008bOW ------------------------------------------------------------------------ ----------------------------------------- This e-mail message is private and may contain confidential or privileged information. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- RE: Informing Companies about security vulnerabilities..., (continued)
- RE: Informing Companies about security vulnerabilities... Michael Scheidell (Oct 05)
- RE: Informing Companies about security vulnerabilities... alan (Oct 05)
- RE: Informing Companies about security vulnerabilities... Clemens, Dan (Oct 05)
- Re: Informing Companies about security vulnerabilities... mailing lists (Oct 05)
- Re: RE: Informing Companies about security vulnerabilities... jay.tomas (Oct 05)
- RE: Informing Companies about security vulnerabilities... Levenglick, Jeff (Oct 05)
- RE: Informing Companies about security vulnerabilities... Arian J. Evans (Oct 05)
- WAS Informing Companies NOW Announcing ' or 1=1-- Thor (Hammer of God) (Oct 06)
- Re: WAS Informing Companies NOW Announcing ' or 1=1-- Ian Scott (Oct 06)
- RE: WAS Informing Companies NOW Announcing ' or 1=1-- Arian J. Evans (Oct 06)
- RE: Informing Companies about security vulnerabilities... Arian J. Evans (Oct 05)
- RE: Informing Companies about security vulnerabilities... Michael Scheidell (Oct 05)
- RE: Informing Companies about security vulnerabilities... Levenglick, Jeff (Oct 05)
- RE: (illegal?) Informing Companies about security vulnerabilities... Arian J. Evans (Oct 05)
- Re: (illegal?) Informing Companies about security vulnerabilities... Nathan Keltner (Oct 06)
- RE: (illegal?) Informing Companies about security vulnerabilities... Arian J. Evans (Oct 06)
- RE: (illegal?) Informing Companies about security vulnerabilities... Arian J. Evans (Oct 05)
- RE: Informing Companies about security vulnerabilities... Arian J. Evans (Oct 06)
- Re[4]: Informing Companies about security vulnerabilities... Matthew Leeds (Oct 06)