lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: schoe at oicinc.com (Sung J. Choe)
Subject: Cryptome Hacked!

> How familiar are you with the kind of content that gets posted to
cryptome?
I am as familiar as you are.

> a) What do you mean by "leftist"?
By scrutinizing some of the occasional statements made by persons posting at
cryptome, one can assume that the politics of the site operators leans
towards the left.  Read the message traffic generated by "The practical
reason the US is starting a war." and you will understand.

> b) What do you mean by "anti-American" (sic)?
I would personally define anti-American as being in a state of mind where
every action taken by the US government is represented as being against
American interests.  Therefore, my definitions of anti-American and
anti-government are essentially identical.

> They are structured as logical arguments using real information.
Just because somebody can formulate an argument based on one, two, or three
documents does not mean that they grasp the full meaning of the subject in
question.  Yet, that's how most of the "opinions" and "arguments" are
presented; with one or two sources.  And besides, what is "real
information"?  Ever hear of "public diplomacy"?

> I've never seen any kind of anarchist advocacy on
> cryptome.  Dissent does not make you "anti-government".
Responsible dissent is indeed a duty of US citizens.  How you define
responsible is up to you.

> d) For the most part, Cryptome distributes documents... like, 
> in plaintext format.
True, but they also present snippits of those docs along with a headline.
The sections that they choose to snip fascinates me in terms of the content
which they feel is important.

> e) How is John Young an "extremist"?
Would you describe him as being conservative, or moderate in his approach?
If not, he is an extremist in my eyes.

> Are you trying to imply that John Young is trojaning
> the software that his site (infrequently) distributes? 
Not at all.  I believe that Mr. Young wishes to provide his community access
to good crypto software.  I also believe that he is committed to his cause.
However, I do think that those who work for/with No Such Agency would like
that.

> But I don't see what the issue is here at all,
> since cryptome really doesn't distribute software.
Cryptome (note Crypt) does indeed distribute and advocate the use of PGP and
other encryption and/or privacy enhancing software.  Given the
more-paranoid-than-normal state of most of the cryptome visitors (myself
included), I would think that quite a high percentage of them download and
use the software for their own reasons.

In conclusion, for you to attempt to describe cryptome as if it was C-SPAN,
or the Library of Congress is incredible.  If you believe that the operators
of cryptome have good intentions towards the US government, than you are
also naive.

.--------------------------------------------------.
| Sung J. Choe <schoe[at]oicinc.com>, TICSA        |
| Systems Administrator, Facility Security Officer |
.--------------------------------------------------.----.
                    | Oceanic Imaging Consultants, Inc. |
                    | Phone #: (808) 539-3634 x3634     |
                    .-----------------------------------.

568D CAD6 53A0 92E6 4A2A  4E87 3BA0 5F90 37BB 8EE7

> -----Original Message-----
> From: Kevin Spett [mailto:kspett@...dynamics.com]
> Sent: Wednesday, February 26, 2003 2:14 PM
> To: Sung J. Choe; full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Cryptome Hacked!
> 
> 
> Cryptome Hacked!I have been reading cryptome for years and 
> your comments
> strike me as rather uninformed.  How familiar are you with the kind of
> content that gets posted to cryptome?
> 
> a) What do you mean by "leftist"?  I've never seen anything 
> on cryptome that
> promoted socialist ideals.
> b) What do you mean by "anit-american"?  John Young's dedication to
> distributing accurate, detailed and uncensored information 
> about public
> policy regarding intellectual property, privacy and 
> international government
> intelligence make him a much more patriotic than most people who just
> plaster their minivans with 8.5"x11" American decals.  In all 
> the time I've
> been reading cryptome content, I have never seen opinions 
> misrepresented as
> facts.  Editorials are always framed as pieces of personal 
> opinion and are
> not off-the-wall Art Bell conspiracy theory.  They are 
> structured as logical
> arguments using real information.
> c) What do you mean by "anti-government"? I've never seen any kind of
> anarchist advocacy on cryptome.  Dissent does not make you
> "anti-government".
> d) For the most part, Cryptome distributes documents... like, 
> in plaintext
> format.  Occaisionally source code for something like DeCSS 
> pops up, but
> it's really not a software distribution site.
> e) How is John Young an "extremist"?  Has he called for a 
> violent uprising?
> Does he use criminal methods to further his cause?  Are you 
> trying to imply
> that John Young is trojaning the software that his site (infrequently)
> distributes?  DO you have any kind of proof whatsoever of 
> this?  Where are
> you getting these ideas from?
> 
> And finally to answer your question, I would suggest that you 
> start by not
> installing software that is distributed by site that you 
> don't trust.  If
> you're worried about file integrity, hash what you've 
> downloaded and compare
> with the original ditribution point's records.  Finally, you 
> can review
> source code yourself if you're worried.  But I don't see what 
> the issue is
> here at all, since cryptome really doesn't distribute software.
> 
> 
> 
> Kevin.
> ----- Original Message -----
> From: Sung J. Choe
> To: 'full-disclosure@...ts.netsys.com'
> Sent: Wednesday, February 26, 2003 6:10 PM
> Subject: [Full-Disclosure] Cryptome Hacked!
> 
> 
> Cryptome.org, a site for privacy enthusiasts and leftists alike, was
> apparently hacked today.  Their server is up but "all files 
> were deleted".
> Besides the usual anti-American/anti-government vitriol that 
> is usually
> found at Cryptome.org, they also distribute crypto software.  
> This brings up
> the following question: What is the best method for ensuring 
> the integrity
> of software which require a high level of trust?  I am almost 
> sure that any
> crypto software distributed by such extremists as John Young 
> (operator of
> cryptome.org) has been tampered with in some way.  Does 
> anybody else share
> this opinion?
> 
> 
> .--------------------------------------------------.
> | Sung J. Choe <schoe[at]oicinc.com>, TICSA        |
> | Systems Administrator, Facility Security Officer |
> .--------------------------------------------------.----.
>                     | Oceanic Imaging Consultants, Inc. |
>                     | Phone #: (808) 539-3634 x3634     |
>                     .-----------------------------------.
> 568D CAD6 53A0 92E6 4A2A  4E87 3BA0 5F90 37BB 8EE7
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030226/44f7cd05/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: schoe.vcf
Type: application/octet-stream
Size: 284 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030226/44f7cd05/schoe.obj

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ