[Full-disclosure] Who Do I Contact?
drfrancky at securax.org
Sat Apr 22 22:40:10 BST 2006
Then what is the meaning of "Full Disclosure" ?
Javor Ninov aka DrFrancky
Don Bailey wrote:
>>> "If the vendor refuses to act upon the news of the vulnerability, then
>>> Full Disclosure is in order." (don't release the numbers of course
>>> but release a generic statement that "this" universtity is not secure.
> Is this a joke? Absolutely do *not* implement full disclosure. Doing
> so will cause unnecessary and probable exposure of private
> First, contact the university's IT department. If that doesn't work,
> contact a regent of the university. They will put you in touch
> with an individual that can fix the problem. There is no reason
> to reveal the university to parties that have no business with
> said information. Public forums only disclose information to
> people that have no right to that information. You can not
> control the actions individuals in the public have.
> Risking the privacy of innocent students and faculty is not
> the proper means to solve a problem.
> Do you want X number of script kids pounding a university
> causing them more problems?
>>> Send a copy of the email to the University. Might want to include
>>> their local TV news as well. You'd be surprised how the alumni will
>>> react to get that fixed.
> What are you, a media whore?
>>> In order to give them one more shot you may wish to tell them on which
>>> date it will be publically released.
> Don "north" Bailey
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060423/e5e7dd67/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.