Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...)

Valdis.Kletnieks at Valdis.Kletnieks at
Tue Jan 22 18:24:16 UTC 2013

On Mon, 21 Jan 2013 23:23:16 -0500, Jean-Francois Mezei said:
> This article may be of interest:
> >
> Basically, a Montreal student, developping mobile software to interface
> with schools system found a bug. Reported it. And when he tested to see
> if the bug had been fixed, got caugh and was expelled.
> I the context of this thread, they found a vulnerability in the web
> site's archutecture that allowed the to access any student's records.
> This is the perfect type of incident you can bring to your boss to
> justify proper architecture/security for your web site. "How would you
> react if it was your company's name in the headline ?"

The interesting part is where the same people who were totally unaware
that they had a major security hole until it was pointed out to them
were also able to issue a very fast blanket denial that any student's
information was in fact compromised.  Sure, you can check your logs for
the footprint of the attack - but apparently this wasn't actually being
done before the student mentioned it to them.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list