Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Should I Be Worried?

from [0x80] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Should I Be Worried?
Date: Wed, 26 Apr 2006 12:52:49 -0700 
If you didnt break the law who cares.

On Wed, 26 Apr 2006 11:30:02 -0700 CrYpTiC MauleR 
<crypticmauler@linuxmail.org> wrote:

After reading http://www.securityfocus.com/news/11389 it made me 
think twice about actually going public with my school's security 
hole by having school notify students, parents and/or faculty at 
risk due to it.

I mean I didnt access any records, just knew that it was possible 
for someone to access my account or anyone elses. I did not even 
exploit the hole to steal, modify etc any records. Does this still 



put me in the same boat at the USC guy? If so I am really not 
wanting to butt heads with the school in case they try to turn 
around and bite the hand that tried to help them. Even if my 
intentions were good, they might even make something up saying I 
accessed entire database or something. I have nothing to prove me 
otherwise since they have access to the logs. Already it seems 
like the school is trying to sweep the incident under the rug, so 
very wary as to what they might do if they were pushed into a 
corner and forced to go public. Anyone has any idea what I can do 
or should I just let this slide? I am already putting my credit 
report and such on fraud alert just in case, and definelty do not 
plan on attending this school after my degree or school year is 
over. A transfer is better than having me risk my data.

Regards,
CM

-- 
_______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.

Powered by Outblaze

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




Concerned about your privacy? Instantly send FREE secure email, no account 
required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Should I Be Worried?, Gary E. Miller
Next by Date:  [Full-disclosure] Secunia Research: SpeedProject Products ACE Archive Handling Buffer Overflow, Secunia Research
Previous by Thread:  Re: [Full-disclosure] Should I Be Worried?, Sol Invictus
Next by Thread:  Re: [Full-disclosure] Should I Be Worried?, Valdis . Kletnieks
Indexes:  [Date] [Thread] [Top] [All Lists]