[Full-disclosure] security at .edus
Brian Eaton
eaton.lists at gmail.com
Sun Apr 23 00:13:48 BST 2006
On 4/22/06, Sol Invictus <sol at haveyoubeentested.org> wrote:
> What you don't realize is that just by posting here that an Educational Institution
> is vulnerable to this, Some Readers (not me) might already be scanning for
> web vulnerabilities at these sites across the US.
I suspect the anonymous educational institution in question is hardly
the only vulnerable site out there. Universities tend to be fairly
decentralized places, where academic freedom can count for a lot more
than a secure network. Plus a university network has fewer secrets to
protect than a business.
One would hope that the registrar's office would be an exception to
the rule, but apparently not.
Regards,
Brian
Full-Disclosure is hosted and sponsored by Secunia.