| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 22 Mar 2008 00:38:47 -0400 From: scott <redhowlingwolves@...rr.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: sans handler gives out n3td3v e-mail to public -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 n3td3v wrote: > On Fri, Mar 21, 2008 at 3:18 PM, Kern <timetrap@...il.com> wrote: >> Well . . . worried DOES have a good point . . . I think SANS dropped the >> ball on that, BUT I don't know if this is going to be a "media event". >> >> I have had a little dealing with various handlers (the few I have talked to >> seemed nice enough). But this is common; an employee using a written policy >> to basically do something unethical. >> >> The "spirit" of the notice is to protect the identity of the submitter, the >> "letter" is regarding the use of the submission form. >> >> SANS has based its value on intelligence gathering. They unify an unwieldy >> field of study (Internet, and computer security). By trying to undermine >> SANS on IRC, worried created a hostile environment to resolve a perfectly >> legitimate problem. >> >> You have to use logic, not flame bait. > > Its not just about the one line at http://isc.sans.org/contact.html > that says "All submissions are kept confidential. Your submission will > reach all ISC handlers. Your e-mail address will only be used to reply > to your submission." > > There is a whole privacy document that's supposed to protect me at > http://www.sans.org/privacy.php > > "This privacy statement applies to information collected by web > addresses in the sans.org, sans.edu, giac.org, and other domains owned > and operated by SANS, GIAC, and the Escal Institute, hereafter > referred to collectively as SANS." > > His argument that I should have used the form when handlers@...s.org > is at the bottom of the http://isc.sans.org > > "(c) 2000-2008 The SANS™ Institute > SANS Web Privacy Policy: www.sans.org/privacy.php - Web Contact: > handlers@...s.org > report bugs please include debug info (opens new window) > Policy On SANS Trademark Usage" > > I didn't bypass anything, the e-mail address I used is at the bottom > of their internet storm center, so what he said was complete bullshit. > > My e-mails sent straight to handlers@...s.org is still supposed to be > covered by http://www.sans.org/privacy.php > > I will never send intelligence to them again, and I hope this goes out > as a warning to any other underground folks that they don't take their > privacy document seriously. > > How can they run a successful intelligence operation at sans if their > informants can't trust them to respect their privacy? > > All the best with your intelligence operations sans, hope you are > giving away more e-mails on irc soon!!! > > You have just fucked with a major player in the underground with the > biggest google group around of over 4164 members and counting. > > The person in question who done this made fun of the wrong person, I > don't take privacy violations likely. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > Yea, 4164 spambots. Ok, maybe 4100 spambots, the rest are there for the 'Jerry Springer Effect'. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH5I1Xs+9h2X0fCGcRArrkAKCaMbF5t+3D++16RG92NBSX3pKH3ACfeW/8 zFK632asWco9ghBSZ3aKK5I= =aYhk -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists