lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 14 Apr 2008 20:04:37 +0100
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk, n3td3v <n3td3v@...glegroups.com>
Subject: Re: Fwd: n3td3v has a fan

On Mon, Apr 14, 2008 at 6:54 PM, G. D. Fuego <gdfuego@...il.com> wrote:
> On Mon, Apr 14, 2008 at 12:56 PM, n3td3v <xploitable@...il.com> wrote:
>
> >
> > Security Threater: reader comment from n3td3v
> >
> > Posted on: April 10, 2008, 9:17 AM PDT
> > Story: Bruce Schneier's new view on Security Theater
> >
> > Security threater is good because it scares potential terrorists from
> > being caught. It keeps the terrorists on their toes and worrying all
> > the time. You've got to have security threater in place to deter
> > terrorists or people thinking about it, or in the middle of plotting
> > it.
> >
>
> Do you understand the point of terrorism?  The end goal is not to kill
> people.  There are plenty of more effective methods to kill people than
> they've been using.  No, the end goal is to cause TERROR.  They want us to
> be afraid to live our lives.
>
> Security Theater does more to cause terror in the minds of the people than
> it does to deter terrorists from committing these crimes.  People in the US
> are starting to believe its reasonable to prevent tourists from taking
> pictures from a moving train.  As though taking these photos are somehow
> going to threaten our lives.
>
> How does this help?
>

I have to contest, at Yahoo--- Mark Seiden and others said Sunnyvale
isn't MI5/MI6 and that people shouldn't be stopped on premises without
permission for taking photos.

And I was angry that Mark Seiden and others at Yahoo weren't going to
take my e-mail seriously, athough later on it turns out that Yahoo
non-cyber staff who patrol the grounds of Sunnyvale have stopped photo
taking without permission, this has to be a good thing.

The case of mine was highlighted by "ycantpark". of which flickr
photos were published of the parking lots of Yahoo of employees who
couldn't park, although that sent off triggers for me to send the
multiple e-mail to their cyber security e-mail address to stop this
happening.

There are many ways the parking setup could be used against Yahoo
adversaries, think car bomb, or truck bomb? It was hugely
irresponsible of Yahoo to allow such photos to be taken by on-the-fly
employees.

The photos ended up being a major publicity event on employee blogs
who thought it was funny to make fun and take photographs of the
carpark, and employees number plates of those cars without the
explicit permission of the owners of those cars or automobiles.

However---n3td3v had other ideas, n3td3v was straight on the e-mail to
Yahoo's cyber security team to make sure policy was changed in the
real world ground staff team, so that, cameras and mobile phone snaps
were taken more seriously as a threat towards the corporation of
Yahoo.

The identify of cars belonging to employees, partners and others
connected could be used against them, be followed off-site for thier
devices to be technically eavesdropped on, or company documentation to
be obtained, by stolen laptop, by breaking into car, by breaking into
personal home space of employee.

Mark Seiden thinks Yahoo campus known as Sunnyvale isn't MI5/6 but
that doesn't say such agencies wouldn't find that kind of photography
useful to plan and carry out surveillance operations to determine
what's going on, especially in times of big business deals between
Microsoft and Yahoo.

Through my protests of the Ycantpark, Yahoo has taken photography and
other suspicious activity more seriously, although they have failed to
rip down Ycantpark. This is probably because the intelligence services
and state enemies have probably obtained and capatured the
intelligence electronically and fed it back to their operation center,
so it would make no difference if the information is publically
available, although it _still_ offers insight to amateur hackers and
terrorists who stumble upon it through casual or purpose built
reconnaissance operations.

http://www.flickr.com/photos/ycantpark

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ