[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] ACM.ORG data leak still there 4 days after announcing to CEO John White
- To: "James W. Lytle" <jlytle@xxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] ACM.ORG data leak still there 4 days after announcing to CEO John White
- From: Christian Sciberras <uuf6429@xxxxxxxxx>
- Date: Mon, 22 Feb 2010 23:50:48 +0100
I think Mr Lytle might be interested in reading my post re pen testing
by "the hacker".
Kindly,
Chris.
On Mon, Feb 22, 2010 at 11:14 PM, James W. Lytle <jlytle@xxxxxxxxxxxx> wrote:
> Were you contracted by them to conduct a penetration test? If not, legal or
> no, it is an ethical violation. I'm not a lawyer, but I have asked questions
> of lawyers and law enforcement pertaining to similar situations and the
> answer is that it is considered trespassing/breaking and entering and
> unethical unless there is a binding contract which you are fulfilling for a
> client.
>
> Thanks!
>
> James W. Lytle
> Network Analyst
> Medical Information Systems
> 1102 West Macarthur
> Shawnee, OK 74804
> 405.395.5749 (office)
> 405.647.0364 (pager)
> jlytle@xxxxxxxxxxxx
>
> This electronic message transmission contains information from Unity Health
> Center which may be confidential or privileged. This information is intended
> to be for the use of the individual or entity named above. If you are not the
> intended recipient, be aware that any disclosure, copying, distribution or
> use of the contents of this information is prohibited. If you have received
> this electronic transmission in error, please notify us immediately by
> telephone (405-395-5749) or by electronic mail at jlytle@xxxxxxxxxxxxx
>
>
>
>> -----Original Message-----
>> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx [mailto:full-disclosure-
>> bounces@xxxxxxxxxxxxxxxxx] On Behalf Of the hacker
>> Sent: Monday, February 22, 2010 3:44 PM
>> To: full-disclosure@xxxxxxxxxxxxxxxxx
>> Subject: Re: [Full-disclosure] ACM.ORG data leak still there 4 days after
>> announcing to CEO John White
>>
>> After raising pressure a little bit (also by writing to this list) ACM
>> has finally reacted and asked where the problem is.
>>
>> I told them the details so I guess they will finally be able to fix it.
>>
>> My opinion is still that I did never try to conceal anything, I gave
>> them my real contact information and even sent the mail from the same ip
>> I accessed their site etc., so this should not be illegal.
>>
>> But of course Benji is right in some way because you can always sue
>> anybody for anything - the question is just who will win the trial.
>>
>> In this case I really don't think it would be worth trying to sue me...
>>
>> But I think its an important discussion & I look forward to more feedback.
>>
>> TH
>>
>>
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/