Have you read one of my last articles regarding webmasters ? The university of Salzburg didn’t or at least didn’t want to.
In April I tried to contact the internal university IT staff about a possible Cross-Site Scripting security flaw on their main website, but got no answer (beside the auto-response from their helpdesk system).
After a few retries – well only 3 mails (I’m a really tough spammer!) – to the same ticket system where my first notification was sent to (using my ticket number as a reference), I’ve suddenly received an answer from one of the helpdesk operators, but his response wasn’t very eligible at all: “We never asked for your services so please stop spamming our ticketing system.” Slightly annoyed I decided to send an email to their CIO asking about the reasons why the University refuses such kind of confidentially reported issues….but I have not received an answer until today.
The bad thing about this ? Damn, it’s a university! A university should be able to handle such kind of information with caution. They have to behave like a shining example for all of their students!