Have you read one of my last articles regarding webmasters ? The university of Salzburg didn’t or at least didn’t want to.

In April I tried to contact the internal university IT staff about a possible Cross-Site Scripting security flaw on their main website, but got no answer (beside the auto-response from their helpdesk system).

After a few retries – well only 3 mails (I’m a really tough spammer!) –  to the same ticket system where my first notification was sent to (using my ticket number as a reference), I’ve suddenly received an answer from one of the helpdesk operators, but his response wasn’t very eligible at all: “We never asked for your services so please stop spamming our ticketing system.”  Slightly annoyed I decided to send an email to their CIO asking about the reasons why the University refuses such kind of confidentially reported issues….but I have not received an answer until today.

The bad thing about this ? Damn, it’s a university! A university should be able to handle such kind of information with caution. They have to behave like a shining example for all of their students!

At this point I would like to thank the German Media Press-Team of www.gulli.com for their help. The full press article can be found here. (but be careful, it’s in German 😉 )!

The University of Salzburg refuses security reports
Tagged on:             

2 thoughts on “The University of Salzburg refuses security reports

  • July 8, 2012 at 2:42 pm

    if you sent unsolicited e-mails offering a vulnerability report
    that is not included on the e-mail you will definitely look very “spammer”
    to everyone on the net….

  • July 8, 2012 at 3:16 pm

    Well yes and no. The question is always how do they track security issues internally. Is every recipient (reader) of my notification allowed to read about the details ? That’s the reason why I’ve asked for a personal contact. In most of my cases this proceeding works fine.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.