He does seem very eager to send you a T shirt. Maybe its just some insulting slogan on the shirt (I hacked Yahoo and all I got was this lousy Tshirt) or something.
Funny I'm from the Edinburgh (well around you know how it is) area and wonder if I know you.... whats your phone number? :) He looks a bit scary in that pic too. Ouch. Aye man cool like. On 4/15/05, KF (lists) <[EMAIL PROTECTED]> wrote: > I want a T-Shirt too! > Heh. > -KF > > > n3td3v wrote: > > >---------- Forwarded message ---------- > >From: n3td3v <[EMAIL PROTECTED]> > >Date: Apr 3, 2005 11:00 PM > >Subject: Social engineering alert on Yahoo IM > >To: Yahoo Security Contact <[EMAIL PROTECTED]> > > > > > >markiseiden (21:18:41): hi > >markiseiden (21:18:42): i seem to be one of your 4 "friends" on y360 > >n3td3v (21:19:10): I took everyone off > >markiseiden (21:20:05): i sent you some queries last week about > >sending you a t shirt which you might want, but i need to know a size > >and postal addr > >n3td3v (21:20:29): I don't feel good about giving out my home address > >over the net > >markiseiden (21:20:43): don't you have any postal address which you > >consider safe enough to give out > >n3td3v (21:20:55): Not reall > >markiseiden (21:20:55): whereby something will get to you? > >n3td3v (21:21:07): I don't work > >markiseiden (21:21:25): got any friends who work, or are they all slackers? > >n3td3v (21:21:59): I keep my internet life sperate from my friends > >markiseiden (21:22:23): wow, i'm impressed. i haven't been able to do > >that for more than 20 years. > >n3td3v (21:22:59): I don't smell of roses though > >markiseiden (21:23:11): do you, in fact live in edinburgh? > >markiseiden (21:23:31): just curious, nice place (last time i was there) > >n3td3v (21:24:16): I don't want to state my *exact* location > >n3td3v (21:24:52): edinburgh is the nearest place people know > >n3td3v (21:25:04): who live out of UK > >n3td3v (21:25:15): so I say edinburgh > >markiseiden (21:25:33): but you live someplace rural rather than urban) > >markiseiden (21:26:16): i was in kyoto a few weeks ago, visiting a > >friend who lives in a house with rice paper walls and outdoor plumbing > >(both bath and toilet) ... > >markiseiden (21:26:29): but he had a fiber connection. > >n3td3v (21:26:35): I've been to kyoto > >n3td3v (21:26:51): Thats in Japan right? > >n3td3v (21:27:00): I backpacked Japan years ago > >markiseiden (21:27:21): yes. > >n3td3v (21:27:43): Random people walk upto you because they don't see > >many westerners > >n3td3v (21:27:50): and shake your hand > >n3td3v (21:27:56): Its surreal > >markiseiden (21:27:59): when backpacking, yes. > >markiseiden (21:29:26): or bicycling, particularly in the country. > >(but in japanese cities, there are western tourists everywhere). > >n3td3v (21:30:00): Yeah that was the case in toyko > >markiseiden (21:31:23): well, if you can think of someone who is > >willing to accept a t shirt and get it to you, get in touch. it will > >come from an anonymous sender in sunnyvale. > >n3td3v (21:31:51): Do you work at Yahoo or something? > >markiseiden (21:32:12): yes > >n3td3v (21:32:59): Why should I surrender my info, if you want to send > >it as anonymous sender. Thats not very fair is it. Plus I don't know > >you yet,a dn how do I know this isn't just a neat trick to get my > >address > >n3td3v (21:33:09): I'm not that gullible > >markiseiden (21:33:11): you could google me for bona fides > >markiseiden (21:33:22): honestly, i don't think anyone is out to get you. > >n3td3v (21:33:28): That proves nothing > >markiseiden (21:33:36): well, nothing proves anything. > >markiseiden (21:33:53): if you don't want a t shirt, fine. > >markiseiden (21:34:01): if you do, also, fine. > >markiseiden (21:34:06): just tell me how to get it to you. > >n3td3v (21:34:16): You can have a great Google query, and still want > >my home address or location for some reason, thats not in my best > >interest > >markiseiden (21:34:38): look, if you google me you will see i have a > >reputation for some things, and you could read my postings over the > >last n years. > >n3td3v (21:34:57): Even if I set up a POBOX, someone could still sit > >outside and follow me back to my home or whatever > >markiseiden (21:35:32): yeah, if you're a terrorist or major criminal > >someone might do that. > >n3td3v (21:36:08): Or some insane guy with a grudge who wants to harm you, > >even > >n3td3v (21:36:21): I have online enemies > >n3td3v (21:36:28): I don't know you yet > >markiseiden (21:36:34): you mistake me for someone who gives a damn. > >n3td3v (21:36:39): I don't know how sincere your intentions are > >markiseiden (21:37:13): well, google me and get back if you get a > >better feeling. i don't know how else to reassure you. > >markiseiden (21:37:22): oh, did you go to ccc in berlin earlier this year? > >markiseiden (21:37:29): over xmas, i mean > >n3td3v (21:37:32): Whats ccc? > >markiseiden (21:37:43): chaos computer club/communication conference > >markiseiden (21:38:00): i guess you only hack yahoo and not in general > >in europe) > >n3td3v (21:38:14): Nah, I live my life on a shoe string. I don't have > >the money to travel around. > >n3td3v (21:38:19): I don't hack Yahoo > >n3td3v (21:39:36): Your being pretty forceful before I even know you > >n3td3v (21:39:58): What team at Yahoo are you at? > >n3td3v (21:40:04): security? > >markiseiden (21:40:13): you can if you have a high speed connection > >see a talk i gave with barry wels at ccc > >n3td3v (21:40:55): Are you at home right now or on a corporate computer? > >n3td3v (21:41:06): See, I can ask wierd uncomfortable questions as well > >markiseiden (21:41:07): home > >n3td3v (21:41:20): Whats your home address? > >markiseiden (21:41:24): where would i be on sunday morning > >n3td3v (21:41:42): I want to send you a t-shirt > >markiseiden (21:41:50): i have 2 of them but i have a po box and a work > >address > >markiseiden (21:42:14): both of which provide a bit of personal separation. > >n3td3v (21:42:21): I'd rather have your home address, unless your a > >terrorist or online criminal > >markiseiden (21:42:34): i said i don't care what address i send it to. > >markiseiden (21:43:20): do you have a fast enough connection to > >download a big media file? let me see if i can find our online ccc > >talk... > >n3td3v (21:43:34): I use a DUN connection > >markiseiden (21:44:18): yikes, well that would never do, it's 500MB. > >n3td3v (21:45:11): What team at Yahoo are you with > >n3td3v (21:45:16): security? > >markiseiden (21:45:54): it's not called that. > >n3td3v (21:46:09): Whats it called > >n3td3v (21:46:21): incident response? > >markiseiden (21:47:10): here's a bio. you can click on the events > >link and see the slides. > >http://www.ccc.de/congress/2004/fahrplan/speaker/162.en.html > >n3td3v (21:47:44): side dodging a simple question about where you > >work. you obviously have a hidden agenda > >markiseiden (21:48:08): i'm a consultant, i work for several places > >n3td3v (21:48:19): I asked about Yahoo > >n3td3v (21:48:31): Security advisor for Yahoo? > >markiseiden (21:48:52): i consult on such things, yeah. > >n3td3v (21:49:04): So you thought you should become my buddy > >markiseiden (21:49:38): no, i don't want to be your buddy. i just > >want to send you a bloody t shirt, because you seem to be an > >entertaining irritant, but even that is impossible. > >markiseiden (21:49:50): actually, it's a clean and new t shirt. > >n3td3v (21:49:54): If you/Yahoo really want my home address. You have > >my ISP on your server logs. Contact them with a police reference > >number, and I'm sure my ISp will release such info > >markiseiden (21:50:03): too much trouble. > >markiseiden (21:50:18): we don't really want your home address. > >n3td3v (21:50:25): No, you mean. I haven't done anything > >n3td3v (21:50:41): I don't hack Yahoo > >n3td3v (21:51:42): irritant? > >n3td3v (21:52:01): What have I done thats annonyed you so much > >n3td3v (21:52:15): I just help Yahoo when I hear of someone with an exploit > >n3td3v (21:52:20): and report it > >n3td3v (21:52:23): thats all > >markiseiden (21:52:28): in the sense that a grain of sand irritates > >the oyster into making a pearl. > >markiseiden (21:53:15): yes, that's my impression also. your reports > >are appreciated, when they're clear enough to understand. > >markiseiden (21:53:24): (particularly) > >n3td3v (21:55:24): I'm sorry > >n3td3v (21:55:31): I'm a good guy > >markiseiden (21:55:35): some of us just thought a t shirt would be a > >nice thing to do. apparently not. sorry for the intrusion. > >n3td3v (21:55:41): I don't mean to annoy anyone from Yahoo > >n3td3v (21:57:42): I just wish you would be friendly.. instead of this > >hostile approach since your first IM > >markiseiden (21:58:06): look, we've all been doing this for a very > >long time. i've worked on the defenses of dozens of people accused of > >computer crime, and a few prosecutions, too. > >n3td3v (21:58:26): I'm not a criminal > >markiseiden (21:58:28): it's impossible to be friendly with you, since > >you're so suspicious. it must be a hidden agenda. > >n3td3v (21:58:52): I don't have a criminal record > >n3td3v (21:59:10): I've never hacked anything online ever > >markiseiden (21:59:14): what i was trying to convey, is that i > >understand why people hack, having done it myself since the 60s. > >n3td3v (21:59:27): I don't hack > >markiseiden (21:59:53): okay, okay. but i do, in the noncriminal > >sense of the word. > >n3td3v (22:00:09): I don't in any sense of the word > >n3td3v (22:00:34): I see people talking about exploits and I report it > >n3td3v (22:00:38): Thats it > >n3td3v (22:02:04): Like I say on my website. I study hacker trends and > >techniques > >n3td3v (22:02:11): also, I read news articles > >n3td3v (22:02:14): Thats it > >n3td3v (22:02:36): I ethically probably know how to hack, but i've never > >done it > >markiseiden (22:03:04): well, thanks. > >n3td3v (22:03:33): You don't need to be a terrorist or online criminal > >to not want to give out your location/home address > >n3td3v (22:03:39): over the net > >n3td3v (22:03:46): Its a pretty average thing > >markiseiden (22:04:21): look at what i referred you to and get back to > >me if you change your mind. if you google me you'll see my email > >address has been the same as my surname since 1989. > >n3td3v (22:04:37): Not online don't I know you, but Yahoo Messenger > >net isn't exactly immune from packet siffing bots > >n3td3v (22:04:45): not only* > >n3td3v (22:04:55): sniffing > >n3td3v (22:05:31): Be serious. The t-shirt is just a tactic to get > >some info about me > >markiseiden (22:05:39): not at all. > >n3td3v (22:05:56): I wasn't born yesterday. I was born 24 years ago > >markiseiden (22:06:25): too young to be so paranoid. > >markiseiden (22:07:43): if anyone really wanted to find you, they > >would offer you something of enough value that you would bite at it. > >n3td3v (22:07:52): No. > >n3td3v (22:07:58): I wouldn't bite period > >n3td3v (22:09:49): What do Yahoo have me labelled as to merit this > >n3td3v (22:10:14): A random employee contacts me out of the blue > >trying to know where I live > >markiseiden (22:10:25): i am not an employee. > >markiseiden (22:10:33): i don't care where you live. > >n3td3v (22:10:42): You said you worked for Yahoo > >markiseiden (22:10:45): i just want to send you a t shirt as a token. > >markiseiden (22:10:51): i am a consultant, not an employee. > >n3td3v (22:11:01): a token for what? being an irritant? > >n3td3v (22:11:25): Usually friends send gifts. Yet you don't even want > >to be my friend > >markiseiden (22:11:27): what you do has value and is appreciated. > >n3td3v (22:11:37): What do I do? > >markiseiden (22:11:44): reporting bugs and other problems. > >markiseiden (22:12:21): but if you can't find a way of accepting a > >token gift, so be it. > >markiseiden (22:12:29): i can't say anything more on this subject. > >n3td3v (22:13:52): Your social skills aren't that great are they > >n3td3v (22:14:29): I already speak to an employee of Yahoo on IM. He > >is alot more friendly, and not as rude > >markiseiden (22:14:31): nobody has accused me of having social skills. > > but you can look up that i have friends in orkut, friendster, linked > >in, or the like. > >markiseiden (22:14:56): i'm not trying to be rude. > >n3td3v (22:15:19): You've accused me of hacking Yahoo > >n3td3v (22:15:34): You work for Yahoo security team and want my home address > >markiseiden (22:15:47): i have not accused you of anything. > >n3td3v (22:15:48): Those are the facts I know about you so far > >n3td3v (22:16:04): This is a surreal IM > >markiseiden (22:16:14): and i don't want your home address. > >n3td3v (22:16:26): You did until you realised I wasn't falling for it > >markiseiden (22:16:40): any postal address whatsoever is what i asked for. > >markiseiden (22:17:05): that will result in your receiving a physical object. > >n3td3v (22:17:06): I can't do that. I would still be trackable to any > >malicious stalker > >markiseiden (22:17:21): why cannot be sent over the net, given current > >technology. > >markiseiden (22:17:35): right, a malicious stalker will go after your > >auntie jane. > >n3td3v (22:17:43): POBOX's don't offer anonymity. Its the same as > >using an open proxy. > >markiseiden (22:18:43): sorry, i have other things to do today, like > >geeking chickens and talking with my kid about her college plans. > >n3td3v (22:19:09): Thats why you shouldn't mix your work with your home life > >markiseiden (22:19:36): to quote yoda, "when you my age are, then you > >can give me advice" > >n3td3v (22:19:57): Don't be smart. Age has nothing to do with it > >n3td3v (22:20:24): A 13 year old could have more skills than a 30 year old > >n3td3v (22:20:31): With regards to hacking > >n3td3v (22:20:50): Same for parental issues > >markiseiden (22:21:11): but with regards to how to conduct one's life, > >people are entitled to make their own choices. > >markiseiden (22:21:17): so i've got to go. > >n3td3v (22:21:21): Thats true > >markiseiden's status is now "out running errands" (03/04/05 22:21) > >n3td3v (22:21:49): Come back when you don't bring yourself across as a > >grade A weirdo > >markiseiden (22:21:50): out running errands > >markiseiden (22:22:13): sorry, as a weirdo i'm a lifer. ask my friends. > >n3td3v (22:22:35): I'll show this IM to some people I know, and let them > >decide. > >markiseiden (22:23:47): as you like. i hope no trouble will come of it. > >n3td3v (22:24:05): You might lose your job actually. > >n3td3v (22:24:19): You never know > >markiseiden (22:24:20): hah, very funny. > >n3td3v (22:24:52): Yeah.. I don't have much infulence at Yahoo Inc do I > >n3td3v (22:25:02): I'm just seen as some kid > >n3td3v (22:25:06): Thats cool > >n3td3v (22:28:13): I would love to be able to help you improve > >security at Yahoo, but you just want my home address. > >markiseiden (22:28:32): look, before i go, tell me the size of the > >shirt (unless it's medium) > >markiseiden (22:28:47): cuz last time we ran out of small and xxl > >n3td3v (22:29:35): geocities.com/n3td3v/profile.html > >n3td3v (22:29:55): Thats the only personal info i give out > >markiseiden (22:30:00): (or not) > >markiseiden (22:30:24): i have never spent an hour and ten minutes > >trying to get someone a t shirt before. you hit my limit. > >n3td3v (22:30:38): I don't want a t-shirt > >n3td3v (22:30:43): no offence > >markiseiden (22:30:51): no offense intended. > >markiseiden (22:31:04): (or taken, i mean) > >markiseiden (22:31:19): bye. > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
