lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 7 Jan 2010 11:52:09 -0500
From: Jeffrey Walton <noloader@...il.com>
To: Robin Sage <robin.sage@...ketmail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: iiscan

Hi Robin,

Suppose that acquiring the code requires you to agree to unfavorable
terms of service hidden somewhere on the site, including agreeing to
future (and possibly unwanted) scans, agreeing to allow the company to
plant malware, and indemnification.

IMHO, I think auto454357 raised some valid concerns. As for the auto
generated email, he/she used hushmail (instead of
yahoo/hotmail/gmail), which tells me the person might not fit your
classification.

Jeff

On Thu, Jan 7, 2010 at 11:16 AM, Robin Sage <robin.sage@...ketmail.com> wrote:
> This definitely sounds like a clueless federal agent.
> Especially since he uses an autogenerated email address.
> Get with the program........the internet is wide open for people to scan.
>
> ________________________________
> From: Cody Robertson <cody@...khost.com>
> To: full-disclosure@...ts.grok.org.uk
> Sent: Thu, January 7, 2010 10:51:14 AM
> Subject: Re: [Full-disclosure] iiscan
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 1/7/10 10:18 AM, auto454357@...hmail.com wrote:
>> So let me see if I got this the right way.
>>
>> You guys are allowing an unknown company to scan for your webapps,
>> being those apps business critical or not. On top of that, the
>> unknown company is based on a country where government supports
>> acts of electronic espionage against other nations, mainly those
>> where you guys are based.
>>
>> Is this correct? or am I missing something?
>>
>> [SNIP]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ