 |
 |
I would like to address Jamie specifically as to how long this issue would have been in place. Shop.MSU transitioned to its new format last Wednesday and is now hosted through Volusion on behalf of the Shop.MSU team at University Services. The previous version of Shop.MSU, hosted at University Relations, did not have this vulnerability. I would expect someone from the Shop.MSU team would be able to handle any other questions about the new site, as University Relations no longer has any involvement in it. ---- Jack Kramer Manager of Information Technology University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: "Rytlewski, Jamie" <[log in to unmask]<mailto:[log in to unmask]>> Reply-To: "Rytlewski, Jamie" <[log in to unmask]<mailto:[log in to unmask]>> Date: Tue, 16 Aug 2011 10:18:33 -0400 To: "[log in to unmask]<mailto:[log in to unmask]>" <[log in to unmask]<mailto:[log in to unmask]>> Subject: Re: [MSUNAG] shop.msu.edu Insecure I thought about contacting shop.msu.edu, but 1) I have no idea who these contact forms actually go to, 2) I knew I’d probably get a faster response on the NAG (which happened). It’s a sad state, but sometimes making a security flaw public gets it fixed faster than just contacting the people that didn’t fix it to begin with. This is one case that should have been fixed a long time ago. This is a very apparent flaw and if it wasn’t fixed by now, my feelings were going public would fix it sooner.