lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 15 Dec 2010 13:08:09 +0100
From: Christian Sciberras <uuf6429@...il.com>
To: "Fabio Pietrosanti (naif)" <lists@...osecurity.ch>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: An idea of leaking alternative to wikileaks

> Not to criticitze you but it seems to me that you have not understood
> which are the differences.

No problem with that. That's part of the point of discussion.

I did understand the differences. The main issue is that "dangerous"
material may be published anonymously without verification or indeed, any
peer review.

Keep in mind that you can easily set off people by telling them a UFO
crashed in the centre of New York, and there are actually those that would
believe it.

Just consider the kind of laymen running blogs and how they react over
anything that stirs the slightest "news".

If it failed when the internet outreach was quite small, it will fail faster
with today's media.

Unless, you're trying to target twits and faceless faces as your peers.

Anyhow, let's move away from my little rant. Each type of leak - actually,
each different leak, is different in itself.
One shouldn't make a policy out of leaking - unlike Wikileaks, where
full-disclosure (and grab all the media attention) is what drove them.

This is the same reason peer review is important. But given size of leaks
like those cables, what guarantee do you have that someone doesn't defect in
favour of personal fame?


Chris.



On Wed, Dec 15, 2010 at 12:34 PM, Fabio Pietrosanti (naif) <
lists@...osecurity.ch> wrote:

> On 15/12/10 12.24, Christian Sciberras wrote:
> > > Which kind of trouble you refer to? It's nice to ear about
> understanding
> > > and risks analysis on that stuff.
> >
> > Libel, fraud, sharing of illegal material.
> >
> > Hey, if you're really intent on going along with this, be my guest.
> > I'll be watching
> > the drama fold from afar. Same kind of stuff that happened with/to
> > Wikileaks.
> > A momentary hit/fad/hype and the next it's laughed of until it's
> > forgotten...
>
> Not to criticitze you but it seems to me that you have not understood
> which are the differences.
>
> Wikileaks does editing and publishing and that was his main source of
> responsibility.
>
> Upcoming leaking methods doesn't do, like this openleak concept and the
> http://openleaks.org that daniel berg (ex-wikileaks) is setting up.
>
> http://blogs.forbes.com/andygreenberg/2010/12/09/how-openleaks-the-first-wikileaks-spinoff-will-work/
>
> We'll probably see a lot of different approaches to leak management,
> from the easier and dirty one to the most complex one.
>
> It's precious raw material for media, doesn't expect that it will not
> get a value.
>
> Cheers
>
> -naif
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ