lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <200803211614.11815.atlas@r4780y.com>
Date: Fri, 21 Mar 2008 16:14:08 -0400
From: atlas <atlas@...80y.com>
To: full-disclosure@...ts.grok.org.uk
Cc: full-disclosure-request@...ts.grok.org.uk
Subject: Re: sans handler gives out n3td3v e-mail to public

On Friday 21 March 2008, full-disclosure-request@...ts.grok.org.uk wrote:
> Date: Fri, 21 Mar 2008 11:18:13 -0400
> From: Kern <timetrap@...il.com>
> Subject: Re: [Full-disclosure] sans handler gives out n3td3v e-mail to
>         public
> To: "Kurt Dillard" <kurtdillard@....com>
> Cc: full-disclosure@...ts.grok.org.uk
> Message-ID:
>         <fcdfb4eb0803210818m482d4a10y49dac66ef52af133@...l.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Well . . . worried DOES have a good point . . . I think SANS dropped the
> ball on that, BUT I don't know if this is going to be a "media event".
> I have had a little dealing with various handlers  (the few I have talked
> to seemed nice enough).  But this is common; an employee using a written
> policy to basically do something unethical.
> The "spirit" of the notice is to protect the identity of the submitter, the
> "letter" is regarding the use of the submission form.
>
> SANS has based its value on intelligence gathering.  They unify
> an unwieldy field of study (Internet, and computer security).  By trying to
> undermine SANS on IRC, worried created a hostile environment to resolve a
> perfectly legitimate problem.
>
> You have to use logic, not flame bait.

Hey Kern,

I like your level-headed approach, since my initial reaction is (and has been 
for some time) to string worried up with dental-floss until he reaches 
puberty.  Even though I disagree with you, I completely respect your approach 
and intelligent forethought.

Perhaps disagree is even a bit too strong... I agree with you in theory, but 
would submit that the lack of shroud between his "worried" and "n3td3v" 
identities would basically mitigate any cause for concern.  It's kind of like 
saying "Simple Nomad, even though you have been on CNN with you're real name 
I can't call you Mike." (or Mark?  CNN got it wrong ;)   sfirefinch was 
simply calling him by his other name as publicly listed here:

http://n3td3v.googlepages.com/home2

If you didn't know about that posting, reading a few of his FD shows me the 
link between identities.  

I am concerned that n3td3v, or worried, or xploitable, or whatever will get 
the impression that his self-gratifying tantrum makes an impact, furthering 
his abuse of people and lack of respect for others.  There is a problem to be 
addressed in this matter, but the majority of it must be placed on the 
adolescent with a chip on his shoulder.  

So I ask the question... did sfirefinch actually breach privacy?  or did 
worried?

Best Regards to you Kern,
@

-- 
INXW2ZJANZXSAZTVOJ2GQZLSFQQGM33SEBSGKYLUNAQGC53BNF2HGIDZN52SAYLMNQQHO2LUNAQG4YLTOR4SYIDCNFTSYIDQN5UW45DZEB2GKZLUNAFA====

Download attachment "signature.asc " of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ