[Owasp-singapore] [Fwd: Re: Leakage of private information of students]

Wong Onn Chee ocwong at usa.net
Sun Jul 19 23:35:14 EDT 2009


Details and sanitised screenshots are uploaded to

On 07/15/2009 12:05 AM, Wong Onn Chee wrote:
> For once, just want to let all of you see what the core team of
> organisers are doing silently.
> In future, we won't be sending such email correspondence to the group.
> We will publish our success cases on http://www.infothatmatter.org
> once the leaks are closed.
> -------- Original Message --------
> Subject: 	Re: Leakage of private information of students
> Date: 	Tue, 14 Jul 2009 23:58:34 +0800
> From: 	Wong Onn Chee <ocwong at usa.net>
> To: 	Pok Vic Sent <XXXX at litespeed.com.sg>
> Hi Vic Sent,
> On behalf of the SSMG and the general public, I thank you for your
> prompt action for closing the information leakage.
> Our subsequent checks have shown that the offending URL has been disabled.
> Appreciate your cooperation to ensure appropriate controls are put in
> place before access is given again.
> Thank you for your co-operation.
> Regards
> Onn Chee
> SSMG Organizer
> On 07/12/2009 11:46 PM, Pok Vic Sent wrote:
>> Dear Onn Chee,
>> Thank you for your feedback. We will address this security issue and
>> evaluate a change in this functionality that was requested by our
>> schools.
>> best regards
>> -------------------------------
>> Vic Sent POK
>> Group Chief Technology Officer
>> Litespeed Education
>> -------------------------------
>> Wong Onn Chee wrote:
>>> Hi Tech Support,
>>> On behalf of the Singapore Security Meetup Group (SSMG -
>>> http://security.meetup.com/77), we will like to bring to your attention
>>> that the following URL on Litespeed web server allows the Name, NRIC,
>>> Gender, School and Timetable of minors/students to be exposed to the
>>> public without any access control.
>>> The offending URL is <URL removed>
>>> A sample of what we detected can be found at <URL removed>
>>> Given the increased usage of e-learning services due to the recent H1N1
>>> incidents, we appreciate that your company takes due care to protect the
>>> private information of students while providing valuable services to
>>> your customers.
>>> We hope to see the offending URL, together with others which we may not
>>> have detected, can be better secured asap.
>>> Feel free to drop me a note or call if you have any further queries.
>>> Regards
>>> Onn Chee
>>> SSMG Organizer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20090720/b5869d99/attachment.html 

More information about the Owasp-singapore mailing list