| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dcopley at eeye.com (Drew Copley) Subject: Re: Popular Net anonymity service back-doored > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > Florian Weimer > Sent: Thursday, August 21, 2003 11:39 AM > To: bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com > Cc: Thomas C. Greene > Subject: [Full-Disclosure] Re: Popular Net anonymity service > back-doored > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > "Thomas C. Greene " <thomas.greene@...register.co.uk> writes: <snip> > > However, perhaps the JAP team at TU Dresden hadn't much > choice. I haven't seen the court order, but I could imagine > that they weren't allowed to inform the users because it > would have harmed the criminal investigation. Following the > order while fighting it within the legal system is perhaps a > wiser choice than just resisting it (and thus breaking the > law yourself). But I agree that it takes them awfully long > to update their web site, now that some information is public. I would think, I would know, there would be a moral obligation to tell their users. Moral... A conscience obligation, an obligation of conscience. At the very least, they could have exposed this anonymously on the Usenet or someplace. (Indeed...) Regardless, it the German authorities who used the authority of the German State to do this. It is the German State which is culpable in this situation. Who cares if they watch their own wires? But, they have no right to put code on people's systems outside of Germany. If they do not have this right inside of Germany, I do not care. I do not care if this causes them a problem. There is no justification of the means to an end. They have absolutely no jurisdiction in the US. Are they saying they do not believe in boundaries anymore? Are we allowed to hack all of their pedophiles and Neo-Nazis as we wish? They are breaking the law and we have no authority to hack them. Are they giving us this authority? I think not. But, this is the message they have sent with this. As for the errors... Thomas Greene lost my trust last year when he started to lie about the entire security community and made obnoxious and pervasive comments about where security vulnerabilities come from... His misleading of the public has affected a great many of people to this very day. My trust with him is broken by his own gross violations. > > Finally, they could have avoided all the hassle if they > hadn't published the source code. Why did they publish? I > don't believe it's an accident. > > For BUGTRAQ readers: Symantec strips message headers. The original > To: and Cc: are: > > To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com > Cc: "Thomas C. Greene " <thomas.greene@...register.co.uk> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.3.2-cvs (GNU/Linux) > > iQEVAwUBP0URumOpx4pWo0FrAQLTXQf/aJLMGYtvLpzbB8BtYNFqdoHEQlu/QUmv > gzouWH76cIL6zVJLK7eAM6nNI29itfOm/mJRfAJvU5B7FVAbFfPyhwEuBr4bUCYj > wkIwdM0tQihu+SBdIEIKdrSlfpNbstGJiKkQkPPpa2EREqqVYLadGk95KughJ1AG > f9HJzUG5jbPS/FEXrEYSqudJeVQPVPGUdmXbl0ayq8y2+AtZnk9NCJIFbXlBXf9P > /zK+AoORdDl6t8fzKfUwi/qTu4qads/+eHklAbaKo2EyghjquKubTQdWpQodpt17 > 2CB/D25ULum2e8LWN6el2AW+PjkyaxeVBenKQV8Rw9Zv2JLenZsWrQ== > =sN0C > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists