[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 students personal data
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 students personal data
- From: Bzzz <lazyvirus@xxxxxxx>
- Date: Tue, 22 Jan 2013 00:48:54 +0100
On Mon, 21 Jan 2013 22:42:24 +0000
Philip Whitehouse <philip@xxxxxxxxx> wrote:
> Moreover, he ran it again after reporting it to see if it was still
> there. Essentially he's doing an unauthorised pen test having alerted
> them that he'd done one already.
>
> I agree with Benji.
From a European point of view, I see more a young guy thinking
he was doing the right thing, then making sure the flaw's
fixed.
There are some strange things:
he retries and *minutes* after that the phone's ringing - from
what I know of Canada's system, only 24/7 official eavesdropping
could lead to such a short delay (but even in his case more than
minutes). and I don't really think the college nor skytech had
triggered such an _official_ survey (otherwise authorities would
have call, not the skytech CEO).
It looks like more a foreseeable behavior exploited to build a
setup to push him signing the NDA.
So I think he was rather naïve than a moron.
Rise and shine, this completely justify the existence
of this wonderful mailing list ;)
Jean-Yves
--
<neonoe> what means "lp0 on fire" ?
<Naha> that your printer's burning
<neonoe> ah ok
<neonoe> actually
<neonoe> shit...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/