Then what is the meaning of "Full Disclosure" ? -- Javor Ninov aka DrFrancky http://securitydot.net/ Don Bailey wrote: >>> "If the vendor refuses to act upon the news of the vulnerability, then >>> Full Disclosure is in order." (don't release the numbers of course >>> but release a generic statement that "this" universtity is not secure. >>> > > Is this a joke? Absolutely do *not* implement full disclosure. Doing > so will cause unnecessary and probable exposure of private > information. > > First, contact the university's IT department. If that doesn't work, > contact a regent of the university. They will put you in touch > with an individual that can fix the problem. There is no reason > to reveal the university to parties that have no business with > said information. Public forums only disclose information to > people that have no right to that information. You can not > control the actions individuals in the public have. > > Risking the privacy of innocent students and faculty is not > the proper means to solve a problem. > > Do you want X number of script kids pounding a university > causing them more problems? > >>> Send a copy of the email to the University. Might want to include >>> their local TV news as well. You'd be surprised how the alumni will >>> react to get that fixed. >>> > > What are you, a media whore? > >>> In order to give them one more shot you may wish to tell them on which >>> date it will be publically released. >>> > > Ridiculous. > > Don "north" Bailey > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/