[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 students personal data

To: Ian Hayes <cthulhucalling@xxxxxxxxx>
Subject: Re: [Full-disclosure] Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 students personal data
From: Jeffrey Walton <noloader@xxxxxxxxx>
Date: Mon, 21 Jan 2013 18:08:11 -0500

On Mon, Jan 21, 2013 at 5:57 PM, Ian Hayes <cthulhucalling@xxxxxxxxx> wrote:
> On Mon, Jan 21, 2013 at 2:54 PM, Jeffrey Walton <noloader@xxxxxxxxx> wrote:
>> On Mon, Jan 21, 2013 at 5:42 PM, Philip Whitehouse <philip@xxxxxxxxx> wrote:
>>> a class A moron.
>> What does that make Omnivox, which appears to have done no testing?
>
> The two conditions are not mutually exclusive.
Hence the reason for "appears to have done no testing."

Developer driven security is some of the worst security I have seen.
Its the reason for this (and few other) list. Obvious flaws (obvious
to a security professional) tells me Omnivox has problems with their
engineering process (perhaps incomplete testing, perhaps no testing).

Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References: