Jump to content

nvemb3r

Active Members
  • Posts

    33
  • Joined

  • Last visited

Everything posted by nvemb3r

  1. If you interested in hacks and mods for Android, I would look into either the Samsung Nexus S, it's CDMA cousin (the Nexus S 4G, what I have), or the Galaxy Nexus (which is avalible from the Google Play store). The Nexus phones tend to come with barebones, stock Android ROMs, and they aren't locked down so its extremely easy to get root with. There are a bunch of other phones that can messed around with, but the 3 I brought up are the most obvious ones I can think of. Plus they're usually the phones to get if your developing on the Android platform.
  2. Thanks! :) Anyway, I hope the school's helpdesk finds the info I gave them useful, and I hope that some other person in a similar situation finds this post.
  3. I wouldn't say I had balls, but thanks though. While there are a bunch of things that could happen if I came to them, there are also a bunch of ifs with keeping my mouth shut. What if someone like me stumbles upon this? What if a trained threat is able to use this vuln to very, very bad ends. Reminds me of a talk from my old high school principal about "doing the right thing". The talk itself revolved around school violence, not computer security, but the message sent was that if you see a problem, tell someone about it. If someone malicous decides to use this vuln to cause an epic disaster, and I kept quiet about the whole thing, I would be just as guilty as the guy commiting the crime.
  4. Ok. I asked my professor about who to talk to, and he pointed me out to the school's Help Desk. I sent them an email explaining my findings, and they said that they would forward it to the appropriate department. All I have now is to see what happens, and face the consequences. Also, thanks for your help guys. This kinda felt like a burden to me, plus this topic makes for good discussion.
  5. Thanks man! Also, I can see why the guys at school would be like that (I have to admit that I'm like that sometimes). I can't say whether or not the vuln is epic or not (I know more than my fair share of computers, but I'm not what you would call an expert pen-tester), but I'll figure something out. I've looked up articles about past users who've blown the whistle, and then suffered repercussions. While I would rather not get expelled or arrested, I don't think it would be wise to let a vuln be kept secret so someone malicous decides to take advantage of it.
  6. I wouldn't say I "tested" anything. I just noticed how something works, and I came here for help about doing the right thing. Anyway, if blowing the whistle does end up upsetting everyone like you said, then I'll just keep my mouth shut about the whole thing. Thanks for your time though.
  7. Hello, I've been lurking in these forums every now and then to read up on random discussion (fresh account, first post), and I need some advice here. I'm attending a school to get my Associates Degree, and we have a sort of 'system' on campus that the students and staff use. I stumbled upon a way to exploit said system (not an issue of epic proportions, but still something that bothers me), and I would like to inform the I.T. staff so they can fix it. I just don't know how to approach them. Should I drop by in person, or email them? What if they don't care? What if they get pissed? Just, too many questions with very uncertian outcomes. Anyway, enough rambling. My question is this: How do I approach the right person about a security issue?
×
×
  • Create New...