|
|
|
|
|
|
by nowarninglabel
4894 days ago
|
|
|
I have to wonder how much this will help. A colleague and I made a responsible exposure to a vendor that provides the application software for the California State University system. The vulnerability I chanced upon, and that my colleague was able to verify to be fully open, made it possible to obtain the private details of hundreds of thousands of applicants from their system. How were we rewarded for quietly and responsibly disclosing this to the vendor? The vendor threatened a lawsuit against the university, and the university cowtailed and nearly fired my colleague, severely reprimanding him and myself. Little did I know this would become a theme of my stint in working for academia, of the universities not caring at all about students and their private data. I worked for multiple universities and it was the same at each one. They seemed to think the problem was with people not with buggy, overpriced, insecure software. |
|
|
http://www.cbc.ca/news/canada/montreal/story/2013/01/21/mont...
In the meantime, their student body is furious that the staff have been knowingly leaving their private information public for months.
So I'd say "a lot."