On October 9, 2015 7:30:28 PM Mirimir <[email protected]> wrote:
On 10/09/2015 07:21 PM, Shelley wrote: > On October 9, 2015 6:16:10 PM Mirimir <[email protected]> wrote: > >> Maybe because Mike _published_ the fucking logs, just because JYA was >> doing the mirror shades thing about whether the archive was or was not >> genuine? I mean, JYA can be a very funny man. For sure. But does that >> justify publishing Cryptome access logs? >> > > When the logs have been distributed by Cryptome via USB and torrents as > part of the archive for over a year? Yeah, it's fair game. If that's true, JYA was being either unimaginably stupid, or unimaginably weird. Still, there was no need to publish the logs just to make a point. Redacted excerpts and hashes of the files would have been enough, no?
He did post a redacted version. Then JYA accused him of everything from faking the data to being a spy.
When we post about vulns on FD/ wherever, we follow the process of notifying and following up before posting publicly - which we only do when devs or corps refuse to acknowledge or outright deny. Right? That's exactly how he went about it, and then was attacked in a most nonsensical manner (we didn't even get a notorious JYA poetic diatribe!)
In addition, as previously mentioned, these datasets have been in the wild for > 1yr. As someone who may have found my own data in the access logs, I still say he did the right thing.
> Note that he removed those files once JY finally gave an explanation. True. But publishing them was still unwarranted.
