Re: [EDU-ops] [Full-disclosure] Who Do I Contact?



Yeah looking at just 'new' students there are potentially 7,000+ socials that can be stolen. This does not include students already attending. I dont know an exact count of the student population, but only had a new student registration list posted on site. So estimates are based on those and the fact that parents' SSNs can be viewed too because were provided for financial aid. So a family's identity can be stolen in turn =o/


----- Original Message -----
From: RLVaughn <Randy_Vaughn@xxxxxxxxxx>
To: "Gadi Evron" <ge@xxxxxxxxxxxx>
Subject: Re: [EDU-ops] [Full-disclosure] Who Do I Contact?
Date: Sat, 22 Apr 2006 11:41:59 -0500


Gadi Evron wrote:
CrYpTiC MauleR wrote:
I am sorry I am not going to say who the school is. Mainly
because so many socials numbers are at risk including mine. I
have contacted the VP of Information Technology and he assured
me he would call the company that makes the website. After 20
days the hole was not fixed, so I called the department heads
and am giving them 48 hours from then which is now currently at
24 hours before I move onto notifying someone else. I was also
thinking about contacting FBI about this seeing they handle
school breaches but not sure.

I will not go full disclosure with the info, collect SSNs and
show school (illegal) and also please don't ask me for the
school's name or the details of the hole. The school has been
careless even with the tech department making a support ticket
about my initial report which I later found out anyone could
view too. They obviously don't know how to do anything right. So
if anyone could provide me with a phone number or place I can
contact would be great. Please do not reply with a name or
number without it being posted on a credited site or be easily
verifiable. I am not going to just randomly call whoever someone
tells me too. Could be some idiot wants to just trick me into
giving the details to him. Thank for the help so far guys!


I will see if someone can contact you.
_______________________________________________
EDU-ops mailing list
EDU-ops@xxxxxxxxx
http://isotf.org/mailman/listinfo/edu-ops
I am checking on an appropriate contact. I fully understand your desire to
establish a credible contact and to protect information at risk. Given
this is a weekend a contact may not be forthcoming until Monday or Tuesday.

--
Best Regards,
Randal Vaughn
Professor, Information Systems
Baylor University
(254) 710 4756




--
_______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.

Powered by Outblaze

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • RE: [inbox] Re: [EDU-ops] [Full-disclosure] Who Do I Contact?
    ... Subject: Re: [EDU-ops] [Full-disclosure] Who Do I Contact? ... Yeah looking at just 'new' students there are potentially 7,000+ ... Check out the latest SMS services @ http://www.linuxmail.org ...
    (Full-Disclosure)
  • [Full-disclosure] FW: SMS Banking
    ... looks like SANS has dumped you Craig. ... Subject: [Full-disclosure] SMS Banking ... The statement on SMS was that this is a time degrading risk function. ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Who Do I Contact?
    ... [Full-disclosure] Who Do I Contact? ... about contacting FBI about this seeing they handle school ... show school and also please don't ask me for the ... Check out the latest SMS services @ http://www.linuxmail.org ...
    (Full-Disclosure)
  • RE: [inbox] Re: [EDU-ops] [Full-disclosure] Who Do I Contact?
    ... Subject: Re: [EDU-ops] [Full-disclosure] Who Do I Contact? ... Yeah looking at just 'new' students there are potentially 7,000+ ... school breaches but not sure. ...
    (Full-Disclosure)
  • Re: 4.7 messenger audio
    ... id rather not run the risk of funy people contacting me ... I can hear them but they dont ... my ISP catches all spam and viruses ... If you care to risk the spam you can post ...
    (microsoft.public.windowsxp.messenger)