lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 14 Apr 2008 16:31:01 -0300
From: "Kurt Dillard" <kurtdillard@....com>
To: "'n3td3v'" <xploitable@...il.com>, <full-disclosure@...ts.grok.org.uk>,
	"'n3td3v'" <n3td3v@...glegroups.com>
Subject: Re: Fwd: n3td3v has a fan

Every new post further reveals the depth of your stunning intellect.

- Bad guys would never think to, you know, go to the campus and look around?
- Car tags are personally identifiable information and therefore should
remain private, right? Oh, except they are prominently displayed on your
car's bumpers and they better stay that way, according to the law.
- Yahoo 'failed' to take down the site because 'intelligence services' are
using the data? Did you forget your Thorazine again? Maybe they don't care?
Maybe they think the site provides value by embarrassing those who endanger
other employees by parking in fire lanes?

Eternally grateful and sincerely yours,

Kurt

P.S. Congratulations on figuring out how to post comments at CNET!!!

P.S.S. I recognize that I am now a marked man:( Well, assuming you
accurately parse this note:) C'est la vie. 

P.S.S.S. Does this mean you're going to dig up every paper, article, and
book I published in order to systematically tear apart my life's work? I
can't wait! 

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of n3td3v
Sent: Monday, April 14, 2008 4:05 PM
To: full-disclosure@...ts.grok.org.uk; n3td3v
Subject: Re: [Full-disclosure] Fwd: n3td3v has a fan

I have to contest, at Yahoo--- Mark Seiden and others said Sunnyvale
isn't MI5/MI6 and that people shouldn't be stopped on premises without
permission for taking photos.

And I was angry that Mark Seiden and others at Yahoo weren't going to
take my e-mail seriously, athough later on it turns out that Yahoo
non-cyber staff who patrol the grounds of Sunnyvale have stopped photo
taking without permission, this has to be a good thing.

The case of mine was highlighted by "ycantpark". of which flickr
photos were published of the parking lots of Yahoo of employees who
couldn't park, although that sent off triggers for me to send the
multiple e-mail to their cyber security e-mail address to stop this
happening.

There are many ways the parking setup could be used against Yahoo
adversaries, think car bomb, or truck bomb? It was hugely
irresponsible of Yahoo to allow such photos to be taken by on-the-fly
employees.

The photos ended up being a major publicity event on employee blogs
who thought it was funny to make fun and take photographs of the
carpark, and employees number plates of those cars without the
explicit permission of the owners of those cars or automobiles.

However---n3td3v had other ideas, n3td3v was straight on the e-mail to
Yahoo's cyber security team to make sure policy was changed in the
real world ground staff team, so that, cameras and mobile phone snaps
were taken more seriously as a threat towards the corporation of
Yahoo.

The identify of cars belonging to employees, partners and others
connected could be used against them, be followed off-site for thier
devices to be technically eavesdropped on, or company documentation to
be obtained, by stolen laptop, by breaking into car, by breaking into
personal home space of employee.

Mark Seiden thinks Yahoo campus known as Sunnyvale isn't MI5/6 but
that doesn't say such agencies wouldn't find that kind of photography
useful to plan and carry out surveillance operations to determine
what's going on, especially in times of big business deals between
Microsoft and Yahoo.

Through my protests of the Ycantpark, Yahoo has taken photography and
other suspicious activity more seriously, although they have failed to
rip down Ycantpark. This is probably because the intelligence services
and state enemies have probably obtained and capatured the
intelligence electronically and fed it back to their operation center,
so it would make no difference if the information is publically
available, although it _still_ offers insight to amateur hackers and
terrorists who stumble upon it through casual or purpose built
reconnaissance operations.

http://www.flickr.com/photos/ycantpark

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists