lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 21 Aug 2003 13:16:55 -0700
From: "Drew Copley" <dcopley@...e.com>
To: <bugtraq@...urityfocus.com>
Subject: RE: Popular Net anonymity service back-doored


Conscience wise, their only absolution I could see is if one of them
leaked this information to the Usenet under an assumed name. If I was in
this situation, I would do that. Maybe they did. Otherwise, they should
have spoken up and risked jail. How can you so deceive people otherwise?


Patriotism or the cause has nothing to do with it. If the government
wants to hack their criminals, let them find their own security holes.
If they want to tap their own wires, let them work this out with their
own people. But, if they want to trojanize software secretly, software
which has an international userbase... This is illegal outside of their
own nation.

German police have no jurisdiction in the US, for instance, just as the
US police have no jurisdiction in Germany -- apart from whatever
agreement Germany has made with the US regarding post-WWII treaties or
whatever. 

Still, I do not think anyone would be pleased if it was found that the
NSA backdoored a US product. How much moreso of a problem would this be
if local police backdoored a system such as this anonymity system?

This kind of crime sends a message to would be hackers. It says that it
is okay to hack if the end is justified. Hackers, you may not have
jurisdiction in Germany, but if you are hacking pedophiles or Neo-Nazis,
they are law breakers, so your means must be okay. Do people really want
this? Can anyone really be trusted with this? Wouldn't they hit the
wrong people and make all sorts of bad mistakes for which they would not
be held accountable for?


> -----Original Message-----
> From: Andreas Kuntzagk [mailto:andreas.kuntzagk@...-berlin.de] 
> Sent: Thursday, August 21, 2003 9:42 AM
> To: bugtraq@...urityfocus.com
> Subject: Re: Popular Net anonymity service back-doored
> 
> 
> Am Don, 2003-08-21 um 06.56 schrieb Thomas C. Greene :
> > Popular Net anonymity service back-doored
> > Fed-up Feds get court order 
> > http://theregister.co.uk/content/55/32450.html
> ...
> 
> Please see the news release of the AN.ON project: 
> http://www.datenschutzzentrum.de/material/them> en/presse/anonip_e.htm
> 
> "... Since it is not permissive to release information about 
> current proceedings according to German law, the project 
> partners did not inform the public at first. Based on the 
> fact that the developed software has been released in the 
> source code since the beginning of the Open Source Project, 
> also the implemented recording function was of course released. ..."
> 
> Andreas
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ