lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F4B5B2F.1050203@dbsinet.com>
From: hmason at dbsinet.com (henry j. mason)
Subject: CERT Employee Gets Owned

	i was going to reply off the list, to cut down the nonsense,
	but i'm going to address the issue of morality and it's
	relevance to computer security, and then i'm going to shut
	up. and, for the record, i think the original post *was* OT.

	pedophilia has NOTHING to do with security. it's a morality
	issue... what if the person accused was guilty of fraud,
	extortion, or tax evasion? we don't know if he was, but
	would that put his past work under suspicion?

	possibly.

	the fact is, it's almost impossible to know if someone is
	going to act in the best interests of others, which is what
	is necessary for good computer security. in this case we have
	a computer security professional whose responsibilites lay
	mostly in communication with the industry, accused of attempting
	to satisfy an apparent perversion - in a case that has very
	strong overtones of entrapment.

	i think the only thing that relates to computer security here
	is the issue of trust. the JAP people broke the trust of their
	user community by maintaining the appearance of complete
	security when in fact that security had been compromised. the
	CERT employee in question damaged the trust of his employer
	(and apparently those in the security community who are more
	concerned about his sexual preferences than his privacy) by
	*attempting* to engage in a morally questionable act.
	
	trust is VERY important to computer security. who can you trust?
	the goverment? the police? the people on this mailing list?

	trust is a complicated thing. i have a commitment to my clients
	that requires me to act in their best interests and keep their
	data secure. does this mean that my personal life is squeaky
	clean? i don't think so. but i have a moral obligation to
	ensure the safety and security of my clients, and i don't
	confuse that with the morality of my personal life. am i a good
	person? i'd like to think so, although any hardcore right-wing
	christian would be terrified of my ideals.

	the real question is: am i a good administrator?

	henry

	also: i'd *really* rather read about soap opera stuff on /.
	

Myers, Marvin wrote:
> As being one who was rightfully chastised by Kurt recently, I do believe
> that this could indeed have some relevance to the FD list. If by this
> mans actions, his past work could at all be suspect, then this is the
> proper venue to post it. If someone of his caliber, someone who should
> know the repercussions of any action taken using a computer as a tool,
> is used as an expert during trial, or their technical writings used as
> such, can we not realistically look at all of his past work as being
> suspect. If indeed he is a pedophile, he may have overlooked other
> pedophile activity in the course of his job. While I would never accuse
> someone whom I do not have personal proof of illegal activity, and after
> all he is innocent until proven guilty, I can understand why someone may
> want to analyze and or scrutinize his past work.
> 
> Just my 2cents worth. 
> 
> -----Original Message-----
> From: Kurt Seifried [mailto:listuser@...fried.org] 
> Sent: Monday, August 25, 2003 6:29 PM
> To: badpack3t@...urity-protocols.com; full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] CERT Employee Gets Owned
> 
> Please read the list charter and stop posting junk like this. Do we know
> post stories about any criminal charges brought against anyone in the
> security industry? Should we also cover parking tickets?
> 
> Kurt Seifried, kurt@...fried.org
> A15B BEE5 B391 B9AD B0EF
> AEB0 AD63 0B4E AD56 E574
> http://seifried.org/security/
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ