lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <47E48D57.1010108@nc.rr.com>
Date: Sat, 22 Mar 2008 00:38:47 -0400
From: scott <redhowlingwolves@...rr.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: sans handler gives out n3td3v e-mail to public

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

n3td3v wrote:
> On Fri, Mar 21, 2008 at 3:18 PM, Kern <timetrap@...il.com> wrote:
>> Well . . . worried DOES have a good point . . . I think SANS dropped the
>> ball on that, BUT I don't know if this is going to be a "media event".
>>
>> I have had a little dealing with various handlers  (the few I have talked to
>> seemed nice enough).  But this is common; an employee using a written policy
>> to basically do something unethical.
>>
>> The "spirit" of the notice is to protect the identity of the submitter, the
>> "letter" is regarding the use of the submission form.
>>
>> SANS has based its value on intelligence gathering.  They unify an unwieldy
>> field of study (Internet, and computer security).  By trying to undermine
>> SANS on IRC, worried created a hostile environment to resolve a perfectly
>> legitimate problem.
>>
>> You have to use logic, not flame bait.
> 
> Its not just about the one line at http://isc.sans.org/contact.html
> that says "All submissions are kept confidential. Your submission will
> reach all ISC handlers. Your e-mail address will only be used to reply
> to your submission."
> 
> There is a whole privacy document that's supposed to protect me at
> http://www.sans.org/privacy.php
> 
> "This privacy statement applies to information collected by web
> addresses in the sans.org, sans.edu, giac.org, and other domains owned
> and operated by SANS, GIAC, and the Escal Institute, hereafter
> referred to collectively as SANS."
> 
> His argument that I should have used the form when handlers@...s.org
> is at the bottom of the http://isc.sans.org
> 
> "(c) 2000-2008 The SANS™ Institute
> SANS Web Privacy Policy: www.sans.org/privacy.php - Web Contact:
> handlers@...s.org
> report bugs please include debug info (opens new window)
> Policy On SANS Trademark Usage"
> 
> I didn't bypass anything, the e-mail address I used is at the bottom
> of their internet storm center, so what he said was complete bullshit.
> 
> My e-mails sent straight to handlers@...s.org is still supposed to be
> covered by http://www.sans.org/privacy.php
> 
> I will never send intelligence to them again, and I hope this goes out
> as a warning to any other underground folks that they don't take their
> privacy document seriously.
> 
> How can they run a successful intelligence operation at sans if their
> informants can't trust them to respect their privacy?
> 
> All the best with your intelligence operations sans, hope you are
> giving away more e-mails on irc soon!!!
> 
> You have just fucked with a major player in the underground with the
> biggest google group around of over 4164 members and counting.
> 
> The person in question who done this made fun of the wrong person, I
> don't take privacy violations likely.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 
Yea, 4164 spambots. Ok, maybe 4100 spambots, the rest are there for the
'Jerry Springer Effect'.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH5I1Xs+9h2X0fCGcRArrkAKCaMbF5t+3D++16RG92NBSX3pKH3ACfeW/8
zFK632asWco9ghBSZ3aKK5I=
=aYhk
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ