Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Who Do I Contact?
From: A.L.M.Buxey () lboro ac uk
Date: Sun, 23 Apr 2006 10:41:29 +0100


I think we're missing something here. So, you're not going to disclose
a security hole until the scholl has sorted the situation out, yes?

but is the system in use a home-built application or an off-the-shelf
system. if its the former then some people need to be looking at what
policies are in place for checking data security...and the procedures
to undertake to make sure this doesnt happen again - and ask why it did
in the first place.

if its the latter...then it doesnt matter about YOUR school as there will
be many other places that have this issue. in this case you need to get
the vendor in on the problem asap. and full disclosure of their software
issue is a must for the future safety of any other company.

you also didnt mention why this service is available for all to access...should
this system REALLY be visible to rest of school. rest of the world? is
it used for coursework submission, email, intranet, T+L ?


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]