[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Who Do I Contact?
- To: Laura <tuonogirantesi@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Who Do I Contact?
- From: "CrYpTiC MauleR" <crypticmauler@xxxxxxxxxxxxx>
- Date: Sat, 22 Apr 2006 13:21:41 -0500
No I am not from that area, sorry. School has yet to contact me back since my
last call and email done day before yesterday. I told them 48 hours was the
grace period I was giving them to fix the hole since I had reported it 20 days
earlier and nothing was done. So they are walking on thin ice not doing whats
in their best interest, because financially this can make a big dent in their
funding and attendance when the news of it reachs the public or the government
gets involved. Not to exclude lawsuits from parents and students who could be
suffering from identity theft due to the hole which by as I can guess has been
there since 2003. Time will tell.
> ----- Original Message -----
> From: Laura <tuonogirantesi@xxxxxxxxx>
> To: "CrYpTiC MauleR" <crypticmauler@xxxxxxxxxxxxx>
> Subject: Re: [Full-disclosure] Who Do I Contact?
> Date: Sat, 22 Apr 2006 10:02:07 -0700 (PDT)
>
>
> I am looking at your email headers and wondering if you are from the Topeka
> Kansas area?
> Have you gotten any response from your school yet?
>
> --- CrYpTiC MauleR <crypticmauler@xxxxxxxxxxxxx> wrote:
> > I am sorry I am not going to say who the school is. Mainly because so many
> > socials numbers are at risk including mine. I have contacted the VP of
> > Information Technology and he assured me he would call the company that
> > makes
> > the website. After 20 days the hole was not fixed, so I called the
> > department
> > heads and am giving them 48 hours from then which is now
> > currently at 24 hours
> > before I move onto notifying someone else. I was also thinking
> > about contacting
> > FBI about this seeing they handle school breaches but not sure.
> >
> > I will not go full disclosure with the info, collect SSNs and show school
> > (illegal) and also please don't ask me for the school's name or
> > the details of
> > the hole. The school has been careless even with the tech department making
> > a
> > support ticket about my initial report which I later found out anyone could
> > view too. They obviously don't know how to do anything right. So if anyone
> > could provide me with a phone number or place I can contact would be great.
> > Please do not reply with a name or number without it being posted
> > on a credited
> > site or be easily verifiable. I am not going to just randomly call whoever
> > someone tells me too. Could be some idiot wants to just trick me into giving
> > the details to him. Thank for the help so far guys!
> >
> > -- _______________________________________________
> > Check out the latest SMS services @ http://www.linuxmail.org
> > This allows you to send and receive SMS through your mailbox.
> >
> > Powered by Outblaze
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
--
_______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/