I don't know how it works at other universities but an email to the president of the university normally gets the appropriate attention. Or give the president's office a call. They would take this very seriously.
I can't believe it is this difficult to report such a vulnerable situation. On 4/24/06 9:19 AM, "Michael Holstein" <[EMAIL PROTECTED]> wrote: >> I am sorry I am not going to say who the school is. > > Have you tried posting to EDUCAUSE or UNISOG (the second is a > security-only group for .edus). A post there (with the same detail-level > you already provided, requesting a security contact) -- will probably at > least find you someone who knows the right person to call. > > You can also email the folks at SANS/ISC (isc.sans.org) and they will > help do the legwork. They keep everything confidential. > > I assume you've already tried everything you can find in whois, and > tried all the generic (security@, abuse@, postmaster@, etc) addresses. > Also hit their website and find the phonebook (most all publish this > someplace) and try to search by department and find a title that sounds > close to what you need. > > Most any decent size .edu will all have somebody that can recognize the > risk and demand it be taken off-line until fixed. Nobody wants to get > embarrased in the news. > > Cheers, > > Michael Holstein CISSP GCIA > Cleveland State University > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ================================================== David Taylor //Sr. Information Security Specialist University of Pennsylvania Information Security Philadelphia PA USA (215) 898-1236 http://www.upenn.edu/computing/security/ ================================================== Penn Information Security RSS feed http://www.upenn.edu/computing/security/rss/rssfeed.xml Add link to your favorite RSS reader _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
