[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] ACM.ORG data leak still there 4 days after
From: Stack Smasher <stacksmasher () gmail ! com>
Date: 2010-02-25 15:18:53
Message-ID: 591fd0b21002250718p3a4542e3xc218c8dc27041fee () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Seriously dude this is not a big deal. This site does not have any
information worth protecting. Stop acting like you hacked the fucking
Pentagon and move alone.
They don't give a shit and nether does anyone else.
Its a professional group who would give you the information you found if you
asked nice enough!
On Mon, Feb 22, 2010 at 10:07 AM, the hacker <info@the-hacker.info> wrote:
> 4 days since I informed ACM's CEO John White of the severe data leak on
> acm.org - but the leak has not been fixed
>
> 26 hour after contacting ACM and 2 hours after a reminder to the CEO I got
> an email from ACM member services:
>
> "Thank you for pointing out the security issues you located on acm.org. We
> are in the process of updating these security issues."
>
> But that was 3 days ago and nothing has changed - they did not even ask me
> where the leak is!
>
> as stated before full postal and email address data can be extracted from a
> database & also overwritten
>
> I'm going to write CEO Mr. White again and attach a sample of 2500
> extracted addresses & send it to some CC's
>
> Its weird, I mean this company is not selling flowers, ACM states on its
> website that " ACM is an educational and scientific society uniting the
> world's computing educators, researchers and professionals to inspire
> dialogue, share resources and address the field's challenges. ACM
> strengthens the profession's collective voice through strong leadership,
> promotion of the highest standards, and recognition of technical excellence.
> ACM supports the professional growth of its members by providing
> opportunities for life-long learning, career development, and professional
> networking."
>
> so where is technical excellence here???
>
> details & screenshot of extracted data on http://www.the-hacker-news.com/
>
> follow this on http://twitter.com/_the_hacker_
>
> the hacker
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
"If you see me laughing, you better have backups"
[Attachment #5 (text/html)]
Seriously dude this is not a big deal. This site does not have any information worth \
protecting. Stop acting like you hacked the fucking Pentagon and move alone.<br><br> They \
don't give a shit and nether does anyone else. <br> <br>Its a professional group who would \
give you the information you found if you asked nice enough!<br><br><br><br><br><br><div \
class="gmail_quote">On Mon, Feb 22, 2010 at 10:07 AM, the hacker <span dir="ltr"><<a \
href="mailto:info@the-hacker.info">info@the-hacker.info</a>></span> wrote:<br> <blockquote \
class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, \
204); padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000">
4 days since I informed ACM's CEO John White of the severe data leak on
<a href="http://acm.org" target="_blank">acm.org</a>
- but the leak has not been fixed<br>
<br>
26 hour after contacting ACM and 2 hours after a reminder to the CEO I
got an email from ACM member services:<br>
<br>
"Thank you for pointing out the security issues you located on <a href="http://acm.org" \
target="_blank">acm.org</a>. We are in the process of updating these security issues."<br>
<br>
But that was 3 days ago and nothing has changed - they did not even ask
me where the leak is!<br>
<br>
as stated before full postal and email address data can be extracted
from a database & also overwritten<br>
<br>
I'm going to write CEO Mr. White again and attach a sample of 2500
extracted addresses & send it to some CC's<br>
<br>
Its weird, I mean this company is not selling flowers, ACM states on
its website that "
ACM is an educational and scientific
society uniting the world's computing educators, researchers and
professionals to inspire dialogue, share resources and address the
field's challenges. ACM strengthens the profession's collective voice
through strong leadership, promotion of the highest standards, and
recognition of technical excellence. ACM supports the professional
growth of its members by providing opportunities for life-long
learning, career development, and professional networking."<br>
<br>
so where is technical excellence here???<br>
<br>
details & screenshot of extracted data on
<a href="http://www.the-hacker-news.com/" \
target="_blank">http://www.the-hacker-news.com/</a><br> <br>
follow this on <a href="http://twitter.com/_the_hacker_" \
target="_blank">http://twitter.com/_the_hacker_</a><br> <br>
the hacker<br>
</div>
<br>_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" \
target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br> Hosted and \
sponsored by Secunia - <a href="http://secunia.com/" \
target="_blank">http://secunia.com/</a><br></blockquote></div><br><br clear="all"><br>-- \
<br>"If you see me laughing, you better have backups"<br> <br><br>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic