| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Jul 2007 11:20:27 +1200 From: Nick FitzGerald <nick@...us-l.demon.co.uk> To: full-disclosure@...ts.grok.org.uk Subject: Re: Hash shadown wrote: > Just some hashed for the record. > > CA eTrust (vulnpack): > md5:919a7645a07aafb388af00e9b39d21bf > sha-1:b21f31892fff9de9bd6933850a66587786896fa1 > SHA-256:66fd618e17bfe7db223f9547df15763d8246a49bbd6bbd7aee01964f2537bf86 Cool -- thanks for that info... > -- > Sergio Alvarez > Security, Research & Development > IT Security Consultant > email: shadown@...il.com > > This message is confidential. ... Yet you wilfully and knowingly posted it to a public-access mailing list with tens of thousands of subscribers and that is well-known to be archived in many places across the net? You must be a prize moron... > ... It may also contain information that is > privileged or otherwise legally exempt from disclosure. ... ...who can't afford a lawyer with half a clue, and will now never be able to meaningfully defend any kind of accidental Email-borne "disclosure" of anything, as you've just admitted, on the public record, that you are too stupid to tell if something is privileged or legally exempt from disclosure, THUS your only legally defensible position regarding such material in future is to ensure that you never handle any of it, but as (by your own admission) you cannot tell what that it is, you must cut yourself off from all information, a clearly impossible task. In short, you've put yourself in the paradoxical position of being both knowingly and negligently responsible for any and all "improper" disclosures of any and all "sensitive" material you should ever happen across in future. Good luck ever getting hired again -- it would take a seriously stupid employer to take on such a liability as you! > ... If you have > received it by mistake ... As you say it _is_ confidential and I have NO existing relevant "relationship" with you, I MUST have received this by mistake.... > ... please let us know by e-mail ... ...and I have a good faith belief that the mailing list software will deliver this is to you by Email, so I've fulfilled that part of the "deal". But what about the rest of the F-D subscribers? You'll get a _LOT_ of Email... > ...immediately ... Although I wrote this as quickly as I could and sent it "immediately" thereafter, I didn't read your message till several hours after receiving it -- I hope that doesn't mean I didn't do it "immediately"... > ... and > delete it from your system; ... No. Why should I? Because _YOU_ are a moron and made a stupid mistake? In case it's not already nice and clear, I'll try to make it even clearer why this kind of "Email AUP" is _THOROUGHLY_ bogus. Imagine that I totally accidentally ran you over with my car BUT THEN told you that the terms and conditions of my having run you over are that you have to accept that I'm incompetent to judge whether I should drive or not [that's the earlier stuff], that you are to forget it ever happened [above]... > ... should also not copy the message nor > disclose its contents to anyone. Many thanks. ...and that you are never to tell anyone anything about the accident. Do you think that would "protect" me in court if you actually had the temerity to sue me for damages or some such? Would any lawyer with at least two good brain cells (yes -- a very rare breed) sensibly take _my_ case? Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists