I was interested to see how secure my information is on my school network. So I run nslookup on my school's webmail domain, and proceed to run a port scan with nmap. I have found a number of services running on this server. Well over 12 ports are open ranging from finger to msrpc and is even opened up wide for the gnutella network. This is extremely unerving considering the shear amount of sensitive data that they hold on their network. Our SS# is our student ID on the computer database. All new passwords are set to your birthday which also inherintly insecure.
I was going to share the name of the server with you but now that I think about it, I'm going to keep that info to myself. But what should I do? There is no contact information on the webmail site. No feedback options what so ever.
Any help is greatly appreciated.