[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] Should I Be Worried?
From: Steve Kudlak <chromazine () sbcglobal ! net>
Date: 2006-04-29 22:45:01
Message-ID: 4453EC6D.3060701 () sbcglobal ! net
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
His question is valid. I mean with Grand Juries going around and letting
proscutor indict
ham sandwhiches maybe olther food groups should be a little worried and
cautious. I haven't
weighed in on this other than I kinw people who did manage to get in to
their High Schools
computer and changed the note on the report cards from "If any of these
Grades are incorrect
please contact ***such and such a school district***" to "If any of
these grades seem incorrect
please contact your friendsly local hacker." This happened decades ago
and in the school district
it was done in they just rolled their eyes and I guess the kids who did
it di get something out of
the covert technique stuff they learned from a variety of sources.
Have Fun,
Sends Steve
0x80@hush.ai wrote:
>If you didnt break the law who cares.
>
>On Wed, 26 Apr 2006 11:30:02 -0700 CrYpTiC MauleR
><crypticmauler@linuxmail.org> wrote:
>
>
>>After reading http://www.securityfocus.com/news/11389 it made me
>>think twice about actually going public with my school's security
>>hole by having school notify students, parents and/or faculty at
>>risk due to it.
>>
>>I mean I didnt access any records, just knew that it was possible
>>for someone to access my account or anyone elses. I did not even
>>exploit the hole to steal, modify etc any records. Does this still
>>
>>
>
>
>
>>put me in the same boat at the USC guy? If so I am really not
>>wanting to butt heads with the school in case they try to turn
>>around and bite the hand that tried to help them. Even if my
>>intentions were good, they might even make something up saying I
>>accessed entire database or something. I have nothing to prove me
>>otherwise since they have access to the logs. Already it seems
>>like the school is trying to sweep the incident under the rug, so
>>very wary as to what they might do if they were pushed into a
>>corner and forced to go public. Anyone has any idea what I can do
>>or should I just let this slide? I am already putting my credit
>>report and such on fraud alert just in case, and definelty do not
>>plan on attending this school after my degree or school year is
>>over. A transfer is better than having me risk my data.
>>
>>Regards,
>>CM
>>
>>--
>>_______________________________________________
>>Check out the latest SMS services @ http://www.linuxmail.org
>>This allows you to send and receive SMS through your mailbox.
>>
>>Powered by Outblaze
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>
>
>
>Concerned about your privacy? Instantly send FREE secure email, no account required
>http://www.hushmail.com/send?l=480
>
>Get the best prices on SSL certificates from Hushmail
>https://www.hushssl.com?l=485
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
[Attachment #5 (text/html)]
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
His question is valid. I mean with Grand Juries going around and
letting proscutor indict<br>
ham sandwhiches maybe olther food groups should be a little worried and
cautious. I haven't<br>
weighed in on this other than I kinw people who did manage to get in to
their High Schools<br>
computer and changed the note on the report cards from "If any of these
Grades are incorrect<br>
please contact ***such and such a school district***" to "If any of
these grades seem incorrect<br>
please contact your friendsly local hacker." This happened decades ago
and in the school district<br>
it was done in they just rolled their eyes and I guess the kids who did
it di get something out of <br>
the covert technique stuff they learned from a variety of sources.<br>
<br>
<br>
Have Fun,<br>
Sends Steve <br>
<br>
<br>
<br>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:0x80@hush.ai">0x80@hush.ai</a> wrote:
<blockquote cite="mid20060426195253.80947DA821@mailserver8.hushmail.com"
type="cite">
<pre wrap="">If you didnt break the law who cares.
On Wed, 26 Apr 2006 11:30:02 -0700 CrYpTiC MauleR
<a class="moz-txt-link-rfc2396E" \
href="mailto:crypticmauler@linuxmail.org"><crypticmauler@linuxmail.org></a> wrote: \
</pre> <blockquote type="cite">
<pre wrap="">After reading <a class="moz-txt-link-freetext" \
href="http://www.securityfocus.com/news/11389">http://www.securityfocus.com/news/11389</a> it \
made me think twice about actually going public with my school's security
hole by having school notify students, parents and/or faculty at
risk due to it.
I mean I didnt access any records, just knew that it was possible
for someone to access my account or anyone elses. I did not even
exploit the hole to steal, modify etc any records. Does this still
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
<blockquote type="cite">
<pre wrap="">put me in the same boat at the USC guy? If so I am really not
wanting to butt heads with the school in case they try to turn
around and bite the hand that tried to help them. Even if my
intentions were good, they might even make something up saying I
accessed entire database or something. I have nothing to prove me
otherwise since they have access to the logs. Already it seems
like the school is trying to sweep the incident under the rug, so
very wary as to what they might do if they were pushed into a
corner and forced to go public. Anyone has any idea what I can do
or should I just let this slide? I am already putting my credit
report and such on fraud alert just in case, and definelty do not
plan on attending this school after my degree or school year is
over. A transfer is better than having me risk my data.
Regards,
CM
--
_______________________________________________
Check out the latest SMS services @ <a class="moz-txt-link-freetext" \
href="http://www.linuxmail.org">http://www.linuxmail.org</a> This allows you to send and \
receive SMS through your mailbox.
Powered by Outblaze
_______________________________________________
Full-Disclosure - We believe in it.
Charter: <a class="moz-txt-link-freetext" \
href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a>
Hosted and sponsored by Secunia - <a class="moz-txt-link-freetext" \
href="http://secunia.com/">http://secunia.com/</a> </pre>
</blockquote>
<pre wrap=""><!---->
Concerned about your privacy? Instantly send FREE secure email, no account required
<a class="moz-txt-link-freetext" \
href="http://www.hushmail.com/send?l=480">http://www.hushmail.com/send?l=480</a>
Get the best prices on SSL certificates from Hushmail
<a class="moz-txt-link-freetext" \
href="https://www.hushssl.com?l=485">https://www.hushssl.com?l=485</a>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: <a class="moz-txt-link-freetext" \
href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a>
Hosted and sponsored by Secunia - <a class="moz-txt-link-freetext" \
href="http://secunia.com/">http://secunia.com/</a>
</pre>
</blockquote>
<br>
</body>
</html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic