-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 n3td3v wrote: > On Fri, Mar 21, 2008 at 3:18 PM, Kern <[EMAIL PROTECTED]> wrote: >> Well . . . worried DOES have a good point . . . I think SANS dropped the >> ball on that, BUT I don't know if this is going to be a "media event". >> >> I have had a little dealing with various handlers (the few I have talked to >> seemed nice enough). But this is common; an employee using a written policy >> to basically do something unethical. >> >> The "spirit" of the notice is to protect the identity of the submitter, the >> "letter" is regarding the use of the submission form. >> >> SANS has based its value on intelligence gathering. They unify an unwieldy >> field of study (Internet, and computer security). By trying to undermine >> SANS on IRC, worried created a hostile environment to resolve a perfectly >> legitimate problem. >> >> You have to use logic, not flame bait. > > Its not just about the one line at http://isc.sans.org/contact.html > that says "All submissions are kept confidential. Your submission will > reach all ISC handlers. Your e-mail address will only be used to reply > to your submission." > > There is a whole privacy document that's supposed to protect me at > http://www.sans.org/privacy.php > > "This privacy statement applies to information collected by web > addresses in the sans.org, sans.edu, giac.org, and other domains owned > and operated by SANS, GIAC, and the Escal Institute, hereafter > referred to collectively as SANS." > > His argument that I should have used the form when [EMAIL PROTECTED] > is at the bottom of the http://isc.sans.org > > "(c) 2000-2008 The SANS™ Institute > SANS Web Privacy Policy: www.sans.org/privacy.php - Web Contact: > [EMAIL PROTECTED] > report bugs please include debug info (opens new window) > Policy On SANS Trademark Usage" > > I didn't bypass anything, the e-mail address I used is at the bottom > of their internet storm center, so what he said was complete bullshit. > > My e-mails sent straight to [EMAIL PROTECTED] is still supposed to be > covered by http://www.sans.org/privacy.php > > I will never send intelligence to them again, and I hope this goes out > as a warning to any other underground folks that they don't take their > privacy document seriously. > > How can they run a successful intelligence operation at sans if their > informants can't trust them to respect their privacy? > > All the best with your intelligence operations sans, hope you are > giving away more e-mails on irc soon!!! > > You have just fucked with a major player in the underground with the > biggest google group around of over 4164 members and counting. > > The person in question who done this made fun of the wrong person, I > don't take privacy violations likely. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > Yea, 4164 spambots. Ok, maybe 4100 spambots, the rest are there for the 'Jerry Springer Effect'. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFH5I1Xs+9h2X0fCGcRArrkAKCaMbF5t+3D++16RG92NBSX3pKH3ACfeW/8 zFK632asWco9ghBSZ3aKK5I= =aYhk -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
