MemeStreams | MemeStreams Discussion

Create an Account

This page contains all of the posts and discussion on MemeStreams referencing the following web page: Breach case could curtail Web flaw finders. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Breach case could curtail Web flaw finders
by skullaria at 1:34 am EDT, May 2, 2006

Security researchers and legal experts have voiced concern this week over the prosecution of an information-technology professional for computer intrusion after he allegedly breached a university's online application system while researching a flaw without the school's permission.

Find a bug. Report it. Have the U.S. Attorney claim in court that you are liable for the costs associated with fixing the bug. Go to Jail. Dave Aitel has it right... Retarded...

Boy am I glad this wasn't the case a few years back. I know there were some students at Shorter College here in Rome expelled and prosecuting for exploiting a very similiar flaw, but I've not looked into the details of it.

There are a lot of problems with Sungard/Banner software/webCT integration. Colleges want to forget all about security - it just has to be easy and cheap.

This is retarded and encourages people to keep stuff quiet.

RE: Breach case could curtail Web flaw finders
by Rattle at 2:57 am EDT, May 2, 2006

There are a lot of problems with Sungard/Banner software/webCT integration. Colleges want to forget all about security - it just has to be easy and cheap.

Care to detail about the problems with Sungard/Banner/WebCT?

I attend classes at a university that uses this combination. I saw a few issues with it just via common usage and a learned eye, but decided not to dig in. The main reason being issues like this article outlines. I refuse to dig into anything these days without a company providing liability protection between me and it.

At the very least, it doesn't encrypt all its traffic, and cookie/session hijacking is possible. The way most college campus networks are managed, this poses a real threat.

Breach case could curtail Web flaw finders
by Decius at 8:09 pm EDT, May 1, 2006

Security researchers and legal experts have voiced concern this week over the prosecution of an information-technology professional for computer intrusion after he allegedly breached a university's online application system while researching a flaw without the school's permission.

Find a bug. Report it. Have the U.S. Attorney claim in court that you are liable for the costs associated with fixing the bug. Go to Jail. Dave Aitel has it right... Retarded...

There is a redundant post from Rattle not displayed in this view.