Hi, I think we're missing something here. So, you're not going to disclose a security hole until the scholl has sorted the situation out, yes?
but is the system in use a home-built application or an off-the-shelf system. if its the former then some people need to be looking at what policies are in place for checking data security...and the procedures to undertake to make sure this doesnt happen again - and ask why it did in the first place. if its the latter...then it doesnt matter about YOUR school as there will be many other places that have this issue. in this case you need to get the vendor in on the problem asap. and full disclosure of their software issue is a must for the future safety of any other company. you also didnt mention why this service is available for all to access...should this system REALLY be visible to rest of school. rest of the world? is it used for coursework submission, email, intranet, T+L ? alan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
