Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: ACM.ORG data leak still there 4 days after announcing to CEO John White
From: Christian Sciberras <uuf6429 () gmail com>
Date: Mon, 22 Feb 2010 23:50:48 +0100

I think Mr Lytle might be interested in reading my post re pen testing
by "the hacker".

Kindly,
Chris.

On Mon, Feb 22, 2010 at 11:14 PM, James W. Lytle <jlytle () uhcenter com> wrote:
Were you contracted by them to conduct a penetration test?  If not, legal or no, it is an ethical violation.  I'm not 
a lawyer, but I have asked questions of lawyers and law enforcement pertaining to similar situations and the answer 
is that it is considered trespassing/breaking and entering and unethical unless there is a binding contract which you 
are fulfilling for a client.

Thanks!

James W. Lytle
Network Analyst
Medical Information Systems
1102 West Macarthur
Shawnee, OK 74804
405.395.5749 (office)
405.647.0364 (pager)
jlytle () uhcenter com

This electronic message transmission contains information from Unity Health Center which may be confidential or 
privileged. This information is intended to be for the use of the individual or entity named above. If you are not 
the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this 
information is prohibited. If you have received this electronic transmission in error, please notify us immediately 
by telephone (405-395-5749) or by electronic mail at jlytle () uhcenter com 



-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-
bounces () lists grok org uk] On Behalf Of the hacker
Sent: Monday, February 22, 2010 3:44 PM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] ACM.ORG data leak still there 4 days after
announcing to CEO John White

After raising pressure a little bit (also by writing to this list) ACM
has finally reacted and asked where the problem is.

I told them the details so I guess they will finally be able to fix it.

My opinion is still that I did never try to conceal anything, I gave
them my real contact information and even sent the mail from the same ip
I accessed their site etc., so this should not be illegal.

But of course Benji is right in some way because you can always sue
anybody for anything  - the question is just who will win the trial.

In this case I really don't think it would be worth trying to sue me...

But I think its an important discussion & I look forward to more feedback.

TH





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]