lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 18 Feb 2011 20:56:49 +0000
From: Chris M <chris@...lroute.net>
To: ck <c.kernstock@...glemail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: HBGary Mirrors?

Some thoughts..

Whether they did or not is probably way past irrelevant now. I'd probably
wager the site owners were just pissed off with the massive
bandwidth-consumption from all the scandal. Its not beyond the stretch of
the imagination that private companies were hired to "make these go away" -
if we've learned anything from the disclosed information its that conspiracy
is very real.

As they were distributed via torrent, everyone and their mother (not to
mention every company with HBGary as a client) has a copy, if not for the
chuckles, then to assess their own exposure given the data that was leaked -
which should have been main priority for everyone involved in the breach.
Client confidentiality explosion. PINs, passwords, bags of personnel data
which could be leveraged in a social engineering attack.

Given the timescale and hopefully the proper education of all parties
identified and involved in the disclosures, you would think the data
enclosed is almost useless now to an attacker - but unlikely.


On Fri, Feb 18, 2011 at 4:24 PM, ck <c.kernstock@...glemail.com> wrote:

> So, the FEDs shut down all mirrors of the HBGary files - or didn't they?
>
> ck
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
 I’m a hot-wired, heat seeking, warm-hearted cool customer, voice activated
and bio-degradable. I interface with my database, my database is in
cyberspace, so I’m interactive, I’m hyperactive and from time to time I’m
radioactive.

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ