[attrition] rant: What The Hell Was He Thinking?
lyger
lyger at attrition.org
Fri Jul 20 22:52:07 UTC 2007
http://attrition.org/security/rant/z/privacy.html
Fri Jul 20 17:40:29 EST 2007
Lyger and Jericho
For those who haven't heard, a recent data loss incident involving the
Louisiana Board of Regents was recently disclosed to the media. In short,
about 80,000 Social Security numbers were inadvertently exposed over the
internet, and the media seemed to be very quick in picking up on the
story. An independent researcher by the name of Aaron Titus made this
discovery, contacted a media source and made the disclosure. Fairly
interesting.
Here's the problem: Aaron Titus made a mistake. He asked for advice
regarding responsible disclosure of a known vulnerability (i.e. an
exposure of personal information in a public location), and then proceeded
to ignore almost every bit of rational advice given to him.
[..]
Note that we redacted Aaron's email address in the email above. It is
worth mentioning that we also redacted his work telephone number from the
same email. We would really hate to invade his personal privacy since he
values it so much, but with that said, why would a "privacy advocate" ask
for advice regarding responsible disclosure, email us at attrition.org,
receive our advice, and then do this:
https://www.ssnbreach.org/
[...]
More information about the attrition
mailing list