lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 9 Sep 2007 18:19:50 +0100
From: "worried security" <worriedsecurity@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: n3td3v denounces the actions of
	www.derangedsecurity.com

this person has been sharing login information to the world wide web,
opening up world governments up to terrorist cyber intrusions. this guy has
not been sent to guantanamo bay yet why not? this reckless act of evil
against western values is not good for the world. we should stop these
individuals from posting government related informations which could harm
the population of a country by allowing sensitive data to be accessed by
terrorist cyber intrusion. all terrorists are linked up to the world wide
web, making it likely the informations were accessable to them and not just
responsible security professionals and law inforcement agencies. he said he
was posting the informations to let all affected governments learn of the
vulnerability to their government infrastructure as a collective of people
as it would cause him too much time and money to contact each government
network individually. however when there are more than government network
employees learning of the informations, then it becomes a risk to national
security. the protection of the population and the interests must become the
governments first priorty. leaving this individual to make funny remarks of
the governments in question by parading their network access informations in
the public glare does more than alerting the proper authority to the cause
of getting security tightened.
derangedsecurity.com<http://www.derangedsecurity.com>should be held
accountable for their actions infront of judge and jury. i as
member of the public are fine with arguments and full disclosure of
e-commerce vulnerability informations being post to the world wide web in
the good nature of freedom of speech but the argument that exposing the
network access information of world governments leaving the network open to
terrorist cyber intrusion is unacceptable by any code of ethics that i can
agree with. i as member of the public say "not in my name" can you release
network access informations to the public for self satisfaction and delight
that you have managed to breach the national security infrastructure of a
government. i say you should be ashamed, and if you had just claimed you
were just being an accessory and conspiracy to cause terrorist cyber
intrustions then i wouldn't be writing to complain, but its the fact you use
full disclosure of a responsible security professional as an excuse for your
actions which makes me believe you should be stripped of your job title and
held accountable to the governments you have left vulnerable to terrorist
cyber intrusion. you are not a security professional, you are lower than
that, you are working against the ethics of the basis of your career of
security professional. responsible security professionals don't risk the
national security interests of multiple world governments, leaving the
population vulnerable in the process by making the government network weaker
by offering access to the mass public, where ultimately cyber terrorists are
lurking in wait to ambush the network access data to espionage on their
operations. this information you post is what your risking to the world, is
a greater feeling of instability throughout the affected countries and a
general feeling of alarm and distress to the mass public. your informations
were reported to the mass public media on the internet as well as chinese
television stations, and other mediums of public broadcasting, this is
unacceptable in the level of your full disclosure ethic has caused to the
wider world. i believe your actions to be morally incorrect and that your
actions should be illegal while our brave men are fighting the war on terror
to protect your childrens future, this kind of anti government disclosure
shouldn't come under the ordinary full disclosure ethics. you post on your
website that you are angry your hosting company disapproved on your
disclosure to the mass public, you said why bother terminating my website
when informations are already been in the public domain? damage limtiation
is the reason, and the fact the informations shouldn't have been there in
the first place, i thought maybe this would be an indication that your code
of conduct was actually immorally and maybe you would reconsider the
legality of  what you put on your website, but you didn't, you kept the
tempo high by relocating your website to a new server which was under the
control of your irresponsible self, away from account terminations and away
from becoming under the scrutiny of a hosting companys terms of service
agreement. you then try and point blame to others, you blame the united
states government for contacting your hosting provider to get you shutdown
and you blame the governments for leaving their own population open to a
national security breach. you in no way find yourself accountable for any
wrong doing in light of the informations posted, and you find yourself
innocent of any wrong doings. you abused and hi-jacked the full disclosure
code of ethics to risk the saftey of government employees and the population
of the affected nationals. weather any of the governments request your
arrest due to the incident is not upto me, but i feel you should be in
someway punished for your actions, since to this day you have no remorse for
what you have done and you don't seem to realise the potential damage you
could or may have caused. according to you, you said you hadn't accessed
every network that you exposed on your website, so you drove blindly, and
didn't even check what operational informations would be available to cyber
terrorists, if they decided to act on the network access information you
provided to the mass public. i ask the government to act swiftly to make
this style of full disclosure illegal if its not already illegal, we
shouldn't have this information spread all over the internet, this act of
terrorism should be flagged as such, instead of branding him a responsible
security professional following the full disclosure code of ethics, we
should be denouncing this style of actions. full disclosure is fine for
e-commerce and lower level government network vulnerabilities, but to
blatantly give the network address and passwords of world governments
without prior warning needs to be exempt from the ordinary of what is normal
ethics of full dislcosure proceedure.

n3td3v
http://n3td3v.googlepages.com

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ