----- Sudev Barar <[EMAIL PROTECTED]> wrote: > Full disclosure is always not good idea. The knee jerk reaction of > babudom is to take you on first (kill the messenger) than try to see > what should be done.
This is what I am afraid of. But FD for already dead ducks. Original Site: http://164.100.24.208/ls/lsmember/membershomepage.asp (linked from http://loksabha.nic.in/ -> Members' Home Page ) Check this http://164.100.24.208/ls/ Not the kind of message you should be expecting on an official server, seems someone already own3d it. and you can also try for SQL injection here and there (it works!) was reported to CERT-IN about 20 days ago. > Can we create a hall of vulnerability (like hall of shame by ILUG-D) > and send the link to CERT-IN May be that would wake them up. Seems like a good idea. -- Sincerely Ajay Pal Singh Atwal Dept of CSE & IT BBSBEC, Fatehgarh Sahib Punjab, INDIA -------------------------------- http://www.bbsbec.ac.in http://www.ajaypal.com -------------------------------- ajaypal[at]bbsbec.org, ajaypal[at]acm.org ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
