lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 9 Sep 2007 20:18:42 +0100
From: Jibujibujibu <jibujibujibu@...il.com>
To: "worried security" <worriedsecurity@...glemail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: n3td3v denounces the actions of
	www.derangedsecurity.com

wot;dr

On 9/9/07, worried security <worriedsecurity@...glemail.com> wrote:
>
> this person has been sharing login information to the world wide web,
> opening up world governments up to terrorist cyber intrusions. this guy has
> not been sent to guantanamo bay yet why not? this reckless act of evil
> against western values is not good for the world. we should stop these
> individuals from posting government related informations which could harm
> the population of a country by allowing sensitive data to be accessed by
> terrorist cyber intrusion. all terrorists are linked up to the world wide
> web, making it likely the informations were accessable to them and not just
> responsible security professionals and law inforcement agencies. he said he
> was posting the informations to let all affected governments learn of the
> vulnerability to their government infrastructure as a collective of people
> as it would cause him too much time and money to contact each government
> network individually. however when there are more than government network
> employees learning of the informations, then it becomes a risk to national
> security. the protection of the population and the interests must become the
> governments first priorty. leaving this individual to make funny remarks of
> the governments in question by parading their network access informations in
> the public glare does more than alerting the proper authority to the cause
> of getting security tightened. derangedsecurity.com<http://www.derangedsecurity.com>should be held accountable for their actions infront of judge and jury. i as
> member of the public are fine with arguments and full disclosure of
> e-commerce vulnerability informations being post to the world wide web in
> the good nature of freedom of speech but the argument that exposing the
> network access information of world governments leaving the network open to
> terrorist cyber intrusion is unacceptable by any code of ethics that i can
> agree with. i as member of the public say "not in my name" can you release
> network access informations to the public for self satisfaction and delight
> that you have managed to breach the national security infrastructure of a
> government. i say you should be ashamed, and if you had just claimed you
> were just being an accessory and conspiracy to cause terrorist cyber
> intrustions then i wouldn't be writing to complain, but its the fact you use
> full disclosure of a responsible security professional as an excuse for your
> actions which makes me believe you should be stripped of your job title and
> held accountable to the governments you have left vulnerable to terrorist
> cyber intrusion. you are not a security professional, you are lower than
> that, you are working against the ethics of the basis of your career of
> security professional. responsible security professionals don't risk the
> national security interests of multiple world governments, leaving the
> population vulnerable in the process by making the government network weaker
> by offering access to the mass public, where ultimately cyber terrorists are
> lurking in wait to ambush the network access data to espionage on their
> operations. this information you post is what your risking to the world, is
> a greater feeling of instability throughout the affected countries and a
> general feeling of alarm and distress to the mass public. your informations
> were reported to the mass public media on the internet as well as chinese
> television stations, and other mediums of public broadcasting, this is
> unacceptable in the level of your full disclosure ethic has caused to the
> wider world. i believe your actions to be morally incorrect and that your
> actions should be illegal while our brave men are fighting the war on terror
> to protect your childrens future, this kind of anti government disclosure
> shouldn't come under the ordinary full disclosure ethics. you post on your
> website that you are angry your hosting company disapproved on your
> disclosure to the mass public, you said why bother terminating my website
> when informations are already been in the public domain? damage limtiation
> is the reason, and the fact the informations shouldn't have been there in
> the first place, i thought maybe this would be an indication that your code
> of conduct was actually immorally and maybe you would reconsider the
> legality of  what you put on your website, but you didn't, you kept the
> tempo high by relocating your website to a new server which was under the
> control of your irresponsible self, away from account terminations and away
> from becoming under the scrutiny of a hosting companys terms of service
> agreement. you then try and point blame to others, you blame the united
> states government for contacting your hosting provider to get you shutdown
> and you blame the governments for leaving their own population open to a
> national security breach. you in no way find yourself accountable for any
> wrong doing in light of the informations posted, and you find yourself
> innocent of any wrong doings. you abused and hi-jacked the full disclosure
> code of ethics to risk the saftey of government employees and the population
> of the affected nationals. weather any of the governments request your
> arrest due to the incident is not upto me, but i feel you should be in
> someway punished for your actions, since to this day you have no remorse for
> what you have done and you don't seem to realise the potential damage you
> could or may have caused. according to you, you said you hadn't accessed
> every network that you exposed on your website, so you drove blindly, and
> didn't even check what operational informations would be available to cyber
> terrorists, if they decided to act on the network access information you
> provided to the mass public. i ask the government to act swiftly to make
> this style of full disclosure illegal if its not already illegal, we
> shouldn't have this information spread all over the internet, this act of
> terrorism should be flagged as such, instead of branding him a responsible
> security professional following the full disclosure code of ethics, we
> should be denouncing this style of actions. full disclosure is fine for
> e-commerce and lower level government network vulnerabilities, but to
> blatantly give the network address and passwords of world governments
> without prior warning needs to be exempt from the ordinary of what is normal
> ethics of full dislcosure proceedure.
>
> n3td3v
> http://n3td3v.googlepages.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ