Should I report this security issue to my school?
October 19, 2011 11:29 PM Subscribe
Is it troublesome to be able to obtain access to the names and e-mail addresses of students, faculty, employees, and alumni of a university? If so, how should I go about reporting it without being misinterpreted or punished?
My school has recently switched to a new e-mail system and it seems to be pretty easy to get access to every name and e-mail address on the system. You must be an authorized user to do so (basically anyone with an e-mail login), but otherwise there seems to be no strategy in place to hide irrelevant addresses from the user (for example, most students likely don't need employee or alumn[nus/na] names or e-mail addresses unless they are explicitly given).
If this is a significant security issue, how do I go about reporting this to whomever is in charge of the system without incriminating myself or inviting reprisal?