lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: kspett at spidynamics.com (Kevin Spett)
Subject: Cryptome Hacked!

Cryptome Hacked!I have been reading cryptome for years and your comments
strike me as rather uninformed.  How familiar are you with the kind of
content that gets posted to cryptome?

a) What do you mean by "leftist"?  I've never seen anything on cryptome that
promoted socialist ideals.
b) What do you mean by "anit-american"?  John Young's dedication to
distributing accurate, detailed and uncensored information about public
policy regarding intellectual property, privacy and international government
intelligence make him a much more patriotic than most people who just
plaster their minivans with 8.5"x11" American decals.  In all the time I've
been reading cryptome content, I have never seen opinions misrepresented as
facts.  Editorials are always framed as pieces of personal opinion and are
not off-the-wall Art Bell conspiracy theory.  They are structured as logical
arguments using real information.
c) What do you mean by "anti-government"? I've never seen any kind of
anarchist advocacy on cryptome.  Dissent does not make you
"anti-government".
d) For the most part, Cryptome distributes documents... like, in plaintext
format.  Occaisionally source code for something like DeCSS pops up, but
it's really not a software distribution site.
e) How is John Young an "extremist"?  Has he called for a violent uprising?
Does he use criminal methods to further his cause?  Are you trying to imply
that John Young is trojaning the software that his site (infrequently)
distributes?  DO you have any kind of proof whatsoever of this?  Where are
you getting these ideas from?

And finally to answer your question, I would suggest that you start by not
installing software that is distributed by site that you don't trust.  If
you're worried about file integrity, hash what you've downloaded and compare
with the original ditribution point's records.  Finally, you can review
source code yourself if you're worried.  But I don't see what the issue is
here at all, since cryptome really doesn't distribute software.



Kevin.
----- Original Message -----
From: Sung J. Choe
To: 'full-disclosure@...ts.netsys.com'
Sent: Wednesday, February 26, 2003 6:10 PM
Subject: [Full-Disclosure] Cryptome Hacked!


Cryptome.org, a site for privacy enthusiasts and leftists alike, was
apparently hacked today.  Their server is up but "all files were deleted".
Besides the usual anti-American/anti-government vitriol that is usually
found at Cryptome.org, they also distribute crypto software.  This brings up
the following question: What is the best method for ensuring the integrity
of software which require a high level of trust?  I am almost sure that any
crypto software distributed by such extremists as John Young (operator of
cryptome.org) has been tampered with in some way.  Does anybody else share
this opinion?


.--------------------------------------------------.
| Sung J. Choe <schoe[at]oicinc.com>, TICSA        |
| Systems Administrator, Facility Security Officer |
.--------------------------------------------------.----.
                    | Oceanic Imaging Consultants, Inc. |
                    | Phone #: (808) 539-3634 x3634     |
                    .-----------------------------------.
568D CAD6 53A0 92E6 4A2A  4E87 3BA0 5F90 37BB 8EE7

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ