After reading http://www.securityfocus.com/news/11389 it made me think twice
about actually going public with my school's security hole by having school
notify students, parents and/or faculty at risk due to it.
I mean I didnt access any records, just knew that it was possible for someone
to access my account or anyone elses. I did not even exploit the hole to steal,
modify etc any records. Does this still put me in the same boat at the USC guy?
If so I am really not wanting to butt heads with the school in case they try to
turn around and bite the hand that tried to help them. Even if my intentions
were good, they might even make something up saying I accessed entire database
or something. I have nothing to prove me otherwise since they have access to
the logs. Already it seems like the school is trying to sweep the incident
under the rug, so very wary as to what they might do if they were pushed into a
corner and forced to go public. Anyone has any idea what I can do or should I
just let this slide? I am already putting my credit report and such on fraud
alert just in case, and definelty do not plan on attending this school after my
degree or school year is over. A transfer is better than having me risk my data.
Regards,
CM
--
_______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
