Dragos Ruiu wrote:
On Thursday 19 April 2007 18:25, Simon Lyall wrote:
If you are a random person who comes across a security hole in a website
or commercial product then the best thing to do is tell nobody, refrain
from any further investigation and if possible remove all evidence you
ever
On Thursday 19 April 2007 18:25, Simon Lyall wrote:
If you are a random person who comes across a security hole in a website
or commercial product then the best thing to do is tell nobody, refrain
from any further investigation and if possible remove all evidence you
ever did anything.
I think if you are referring to public disclosure, yes, I think
there's
little point of doing this, unless you are seeking attention. Of
course,
reporting a problem to vendor privately always makes sense.
Public disclosure of the existence of a vulnerability and whatever
information is
Gadi Evron wrote:
On Thu, 19 Apr 2007, Will Hargrave wrote:
Gadi Evron wrote:
A 21-year-old college student in London had his internet service
terminated and was threatened with legal action after publishing details
of a critical vulnerability that can compromise the security of the
On Fri, 20 Apr 2007, Simon Lyall wrote:
On Thu, 19 Apr 2007, Gadi Evron wrote:
Looking at the lack of security response and seriousness from this ISP, I
personally, in hindsight (although it was impossible to see back
then) would not waste time with reporting issues to them, now.
[EMAIL PROTECTED] wrote:
I'm not sure if Simon's comment was tongue-in-cheek.
I think if you are referring to public disclosure, yes, I think there's
little point of doing this, unless you are seeking attention. Of course,
reporting a problem to vendor privately always makes sense.
I'm not
On Fri, 20 Apr 2007, Gadi Evron wrote:
On Fri, 20 Apr 2007, Simon Lyall wrote:
On Thu, 19 Apr 2007, Gadi Evron wrote:
Looking at the lack of security response and seriousness from this
ISP, I personally, in hindsight (although it was impossible to see
back then) would not waste
On Thu, Apr 19, 2007 at 06:10:06PM -0500, Gadi Evron wrote:
On Thu, 19 Apr 2007, Will Hargrave wrote:
Gadi Evron wrote:
A 21-year-old college student in London had his internet service
terminated and was threatened with legal action after publishing details
of a critical
It *is* a criminal offence under extensions to the original CMA1990 in the
Police and Justice Act 2006. The maximum penalty was also increased to two
years imprisonment.
I don't think this particular incident is enough to attract a custodial
sentence, but he will almost certainly end up with a
On Fri, 20 Apr 2007 15:51:20 BST, Stephen Wilcox said:
what other examples are there as you suggest a trend in hushing security
vulns?
Skylarov ended up in jail for a while for daring to point out that a certain
foolish vendor had used ROT-13 as their encryption scheme.
Raven Adler had her
On Fri, 20 Apr 2007 [EMAIL PROTECTED] wrote:
On Fri, 20 Apr 2007, Gadi Evron wrote:
Now, that is off-topic to NANOG.
Just because you disagree with someone's opinion, doesn't make it
offtopic.
snip
I'm not sure the debate on public disclosure vs private falls under NANOG
AUP.
Do you
On Fri, 20 Apr 2007, Stephen Wilcox wrote:
On Thu, Apr 19, 2007 at 06:10:06PM -0500, Gadi Evron wrote:
I am generally worried about the trend that is emerging of reporting
security issues resulting in legal threats.
well in this case i dont know the nature of the threat but asking the
On Fri, 20 Apr 2007, J. Oquendo wrote:
[EMAIL PROTECTED] wrote:
I'm not sure if Simon's comment was tongue-in-cheek.
I think if you are referring to public disclosure, yes, I think
there's little point of doing this, unless you are seeking attention.
Of course, reporting a problem
On Fri, 20 Apr 2007 12:33:26 EDT, [EMAIL PROTECTED] said:
How would you feel if you used a product a company KNOWS lacks
fundamental security controls and does little to fix it. How would you
feel if AFTER the fact someone leveraged a method to affect you. How
would you feel AFTER the
In article [EMAIL PROTECTED], Peter Corlett
[EMAIL PROTECTED] writes
In his blog post [1] he did admit to accessing other routers of Be's
customers using the backdoor password; this is probably [2] a criminal
offence in the UK. I'm not sure I have as much sympathy for him as you do.
[2]
well-deserved criminal record for his stupidity. Where is the
criminal record for the idiot who allowed remote access with a
single username and password to every single cable modem? That's
pretty damned stupid.
Honetly- when did we all become such vindictive assholes? Had the
guy
: Re: UK ISP threatens security researcher
well-deserved criminal record for his stupidity. Where is the
criminal record for the idiot who allowed remote access with a
single username and password to every single cable modem? That's
pretty damned stupid.
Honetly- when did we all become
On Friday 20 April 2007 10:51, Stephen Wilcox wrote:
On Thu, Apr 19, 2007 at 06:10:06PM -0500, Gadi Evron wrote:
On Thu, 19 Apr 2007, Will Hargrave wrote:
Gadi Evron wrote:
A 21-year-old college student in London had his internet service
terminated and was threatened with legal
In my personal opinion, ISPs, vendors, and such should legally be held
responsible for their product's security and unconditionally be made to
repair any security holes. -- if a vendor or ISP maintains good security
practices, there will be nothing for them to fear from this.
What's really
The discussion started out regarding an IP-over-cable ISP. Please
point me at places where there is significant *real* competition (i.e.
addresses that have more than one copper cable-TV line running into the
consumer residence).
There are a number of cable overbuilders out there.
On Fri, 20 Apr 2007 14:56:06 EDT, Kradorex Xeron said:
In my personal opinion, ISPs, vendors, and such should legally be held
responsible for their product's security and unconditionally be made to
repair any security holes. -- if a vendor or ISP maintains good security
practices, there
On Friday 20 April 2007 16:16, [EMAIL PROTECTED] wrote:
On Fri, 20 Apr 2007 14:56:06 EDT, Kradorex Xeron said:
In my personal opinion, ISPs, vendors, and such should legally be held
responsible for their product's security and unconditionally be made to
repair any security holes. -- if a
At 18:30 -0500 4/17/07, Gadi Evron wrote:
http://www.theregister.com/2007/04/17/hackers_service_terminated/
A 21-year-old college student in London had his internet service
terminated and was threatened with legal action after publishing details
of a critical vulnerability that can compromise
At 11:32 -0700 4/19/07, Owen DeLong wrote:
Being that I know nothing more than what is in the article, I will go
along with the assessment that the ISP could have done a better job
in running their network. But I don't think that their reaction is
uncalled for (given again that the article
On Thu, 19 Apr 2007, Will Hargrave wrote:
Gadi Evron wrote:
A 21-year-old college student in London had his internet service
terminated and was threatened with legal action after publishing details
of a critical vulnerability that can compromise the security of the ISP's
subscribers.
On Thu, 19 Apr 2007, Edward Lewis wrote:
At 18:30 -0500 4/17/07, Gadi Evron wrote:
http://www.theregister.com/2007/04/17/hackers_service_terminated/
A 21-year-old college student in London had his internet service
terminated and was threatened with legal action after publishing details
of
On Thu, 19 Apr 2007, Gadi Evron wrote:
Looking at the lack of security response and seriousness from this ISP, I
personally, in hindsight (although it was impossible to see back
then) would not waste time with reporting issues to them, now.
These days there is almost never any reason to
have considered releasing the information
publicly.
My $0.02,
Adam Stasiniewicz
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Simon Lyall
Sent: Thursday, April 19, 2007 8:26 PM
To: nanog@merit.edu
Subject: Re: UK ISP threatens security researcher
28 matches
Mail list logo