For the avoidance of doubt, this is not an April Fool's day prank. We were informed yesterday of a fault in the IETF meeting t-shirt system that allowed someone to retrieve the name, size and delivery address of a third party using a simple URL rewrite. The system was shut down and an investigation conducted to determine if any data had been breached other than by the reporter. So far this investigation shows no breach but efforts will continue until we have confirmed that with a high degree of confidence. The affected system has been changed to close the vulnerability and is back online.
I wish to extend our thanks to the reporter for alerting us directly and confidentially. Please feel free to contact me directly if you have any questions. Jay -- Jay Daley IETF Executive Director [email protected] _______________________________________________ IETF-Announce mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-announce
