lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 10 Sep 2007 14:58:18 +0000
From: b.hines@...cast.net
To: yiri <yirimyah@...il.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: n3td3v denounces the actions of
	www.derangedsecurity.com

Actually this fellow is shit dipped.

-------------- Original message -------------- 
From: yiri <yirimyah@...il.com> 
i can't believe that you posted that to full-disclosure.

dipshit.


On 9/10/07, worried security < worriedsecurity@...glemail.com> wrote:
this person has been sharing login information to the world wide web, opening up world governments up to terrorist cyber intrusions. this guy has not been sent to guantanamo bay yet why not? this reckless act of evil against western values is not good for the world. we should stop these individuals from posting government related informations which could harm the population of a country by allowing sensitive data to be accessed by terrorist cyber intrusion. all terrorists are linked up to the world wide web, making it likely the informations were accessable to them and not just responsible security professionals and law inforcement agencies. he said he was posting the informations to let all affected governments learn of the vulnerability to their government infrastructure as a collective of people as it would cause him too much time and money to contact each government network individually. however when there are more than government network employees learning of the informa
 tions,
 then it becomes a risk to national security. the protection of the population and the interests must become the governments first priorty. leaving this individual to make funny remarks of the governments in question by parading their network access informations in the public glare does more than alerting the proper authority to the cause of getting security tightened. derangedsecurity.com should be held accountable for their actions infront of judge and jury. i as member of the public are fine with arguments and full disclosure of e-commerce vulnerability informations being post to the world wide web in the good nature of freedom of speech but the argument that exposing the network access information of world governments leaving the network open to terrorist cyber intrusion is unacceptable by any code of ethics that i can agree with. i as member of the public say "not in my name" can you release network access informations to the public for self satisfaction and delight that
  you h
ave managed to breach the national security infrastructure of a government. i say you should be ashamed, and if you had just claimed you were just being an accessory and conspiracy to cause terrorist cyber intrustions then i wouldn't be writing to complain, but its the fact you use full disclosure of a responsible security professional as an excuse for your actions which makes me believe you should be stripped of your job title and held accountable to the governments you have left vulnerable to terrorist cyber intrusion. you are not a security professional, you are lower than that, you are working against the ethics of the basis of your career of security professional. responsible security professionals don't risk the national security interests of multiple world governments, leaving the population vulnerable in the process by making the government network weaker by offering access to the mass public, where ultimately cyber terrorists are lurking in wait to ambush the network
  acces
s data to espionage on their operations. this information you post is what your risking to the world, is a greater feeling of instability throughout the affected countries and a general feeling of alarm and distress to the mass public. your informations were reported to the mass public media on the internet as well as chinese television stations, and other mediums of public broadcasting, this is unacceptable in the level of your full disclosure ethic has caused to the wider world. i believe your actions to be morally incorrect and that your actions should be illegal while our brave men are fighting the war on terror to protect your childrens future, this kind of anti government disclosure shouldn't come under the ordinary full disclosure ethics. you post on your website that you are angry your hosting company disapproved on your disclosure to the mass public, you said why bother terminating my website when informations are already been in the public domain? damage limtiation 
 is the
 reason, and the fact the informations shouldn't have been there in the first place, i thought maybe this would be an indication that your code of conduct was actually immorally and maybe you would reconsider the legality of  what you put on your website, but you didn't, you kept the tempo high by relocating your website to a new server which was under the control of your irresponsible self, away from account terminations and away from becoming under the scrutiny of a hosting companys terms of service agreement. you then try and point blame to others, you blame the united states government for contacting your hosting provider to get you shutdown and you blame the governments for leaving their own population open to a national security breach. you in no way find yourself accountable for any wrong doing in light of the informations posted, and you find yourself innocent of any wrong doings. you abused and hi-jacked the full disclosure code of ethics to risk the saftey of govern
 ment e
mployees and the population of the affected nationals. weather any of the governments request your arrest due to the incident is not upto me, but i feel you should be in someway punished for your actions, since to this day you have no remorse for what you have done and you don't seem to realise the potential damage you could or may have caused. according to you, you said you hadn't accessed every network that you exposed on your website, so you drove blindly, and didn't even check what operational informations would be available to cyber terrorists, if they decided to act on the network access information you provided to the mass public. i ask the government to act swiftly to make this style of full disclosure illegal if its not already illegal, we shouldn't have this information spread all over the internet, this act of terrorism should be flagged as such, instead of branding him a responsible security professional following the full disclosure code of ethics, we should be d
 enounc
ing this style of actions. full disclosure is fine for e-commerce and lower level government network vulnerabilities, but to blatantly give the network address and passwords of world governments without prior warning needs to be exempt from the ordinary of what is normal ethics of full dislcosure proceedure. 

n3td3v
http://n3td3v.googlepages.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Content of type "text/html" skipped

Content of type "message/rfc822" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ