[Owasp-singapore] [Fwd: Re: Leakage of private information of students]

Wong Onn Chee ocwong at usa.net
Tue Jul 14 12:05:57 EDT 2009


For once, just want to let all of you see what the core team of
organisers are doing silently.

In future, we won't be sending such email correspondence to the group.
We will publish our success cases on http://www.infothatmatter.org once
the leaks are closed.

-------- Original Message --------
Subject: 	Re: Leakage of private information of students
Date: 	Tue, 14 Jul 2009 23:58:34 +0800
From: 	Wong Onn Chee <ocwong at usa.net>
To: 	Pok Vic Sent <XXXX at litespeed.com.sg>



Hi Vic Sent,

On behalf of the SSMG and the general public, I thank you for your
prompt action for closing the information leakage.
Our subsequent checks have shown that the offending URL has been disabled.
Appreciate your cooperation to ensure appropriate controls are put in
place before access is given again.
Thank you for your co-operation.

Regards
Onn Chee
SSMG Organizer

On 07/12/2009 11:46 PM, Pok Vic Sent wrote:
> Dear Onn Chee,
>
> Thank you for your feedback. We will address this security issue and
> evaluate a change in this functionality that was requested by our schools.
>
> best regards
> -------------------------------
> Vic Sent POK
> Group Chief Technology Officer
> Litespeed Education
>
> -------------------------------
>
>
> Wong Onn Chee wrote:
>> Hi Tech Support,
>>
>> On behalf of the Singapore Security Meetup Group (SSMG -
>> http://security.meetup.com/77), we will like to bring to your attention
>> that the following URL on Litespeed web server allows the Name, NRIC,
>> Gender, School and Timetable of minors/students to be exposed to the
>> public without any access control.
>>
>> The offending URL is <URL removed>
>>
>> A sample of what we detected can be found at <URL removed>
>>
>> Given the increased usage of e-learning services due to the recent H1N1
>> incidents, we appreciate that your company takes due care to protect the
>> private information of students while providing valuable services to
>> your customers.
>>
>> We hope to see the offending URL, together with others which we may not
>> have detected, can be better secured asap.
>> Feel free to drop me a note or call if you have any further queries.
>>
>> Regards
>> Onn Chee
>> SSMG Organizer
>>
>>
>>
>>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20090715/3070ad61/attachment.html 


More information about the Owasp-singapore mailing list