[Full-disclosure] Should I Be Worried?
gluttony at gmail.com
Wed Apr 26 20:22:25 BST 2006
Your list troll was pretty lol.
I commend you.
On 4/26/06, CrYpTiC MauleR <crypticmauler at linuxmail.org> wrote:
> After reading http://www.securityfocus.com/news/11389 it made me think
> twice about actually going public with my school's security hole by having
> school notify students, parents and/or faculty at risk due to it.
> I mean I didnt access any records, just knew that it was possible for
> someone to access my account or anyone elses. I did not even exploit the
> hole to steal, modify etc any records. Does this still put me in the same
> boat at the USC guy? If so I am really not wanting to butt heads with the
> school in case they try to turn around and bite the hand that tried to help
> them. Even if my intentions were good, they might even make something up
> saying I accessed entire database or something. I have nothing to prove me
> otherwise since they have access to the logs. Already it seems like the
> school is trying to sweep the incident under the rug, so very wary as to
> what they might do if they were pushed into a corner and forced to go
> public. Anyone has any idea what I can do or should I just let this slide? I
> am already putting my credit report and such on fraud alert just in case,
> and definelty do not plan on attending this school after my degree or school
> year is over. A transfer is better than having me risk my data.
> Check out the latest SMS services @ http://www.linuxmail.org
> This allows you to send and receive SMS through your mailbox.
> Powered by Outblaze
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
Full-Disclosure is hosted and sponsored by Secunia.