Caps and paragraphs would be nice also. ;-) Richard
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gadi Evron Sent: Tuesday, September 11, 2007 8:20 PM To: n3td3v Cc: [email protected] Subject: Re: [funsec] n3td3v denounces the actions of derangedsecurity Please keep this kind of stuff off-list. You are now not allowed to open discussions for the period of three months, only to participate in them. On Tue, 11 Sep 2007, n3td3v wrote: > this person has been sharing login information to the world wide web, > opening up world governments up to terrorist cyber intrusions. this guy has > not been sent to guantanamo bay yet why not? this reckless act of evil > against western values is not good for the world. we should stop these > individuals from posting government related informations which could harm > the population of a country by allowing sensitive data to be accessed by > terrorist cyber intrusion. all terrorists are linked up to the world wide > web, making it likely the informations were accessable to them and not just > responsible security professionals and law inforcement agencies. he said he > was posting the informations to let all affected governments learn of the > vulnerability to their government infrastructure as a collective of people > as it would cause him too much time and money to contact each government > network individually. however when there are more than government network > employees learning of the informations, then it becomes a risk to national > security. the protection of the population and the interests must become the > governments first priorty. leaving this individual to make funny remarks of > the governments in question by parading their network access informations in > the public glare does more than alerting the proper authority to the cause > of getting security tightened. > derangedsecurity.com<http://www.derangedsecurity.com>should be held > accountable for their actions infront of judge and jury. i as > member of the public are fine with arguments and full disclosure of > e-commerce vulnerability informations being post to the world wide web in > the good nature of freedom of speech but the argument that exposing the > network access information of world governments leaving the network open to > terrorist cyber intrusion is unacceptable by any code of ethics that i can > agree with. i as member of the public say "not in my name" can you release > network access informations to the public for self satisfaction and delight > that you have managed to breach the national security infrastructure of a > government. i say you should be ashamed, and if you had just claimed you > were just being an accessory and conspiracy to cause terrorist cyber > intrustions then i wouldn't be writing to complain, but its the fact you use > full disclosure of a responsible security professional as an excuse for your > actions which makes me believe you should be stripped of your job title and > held accountable to the governments you have left vulnerable to terrorist > cyber intrusion. you are not a security professional, you are lower than > that, you are working against the ethics of the basis of your career of > security professional. responsible security professionals don't risk the > national security interests of multiple world governments, leaving the > population vulnerable in the process by making the government network weaker > by offering access to the mass public, where ultimately cyber terrorists are > lurking in wait to ambush the network access data to espionage on their > operations. this information you post is what your risking to the world, is > a greater feeling of instability throughout the affected countries and a > general feeling of alarm and distress to the mass public. your informations > were reported to the mass public media on the internet as well as chinese > television stations, and other mediums of public broadcasting, this is > unacceptable in the level of your full disclosure ethic has caused to the > wider world. i believe your actions to be morally incorrect and that your > actions should be illegal while our brave men are fighting the war on terror > to protect your childrens future, this kind of anti government disclosure > shouldn't come under the ordinary full disclosure ethics. you post on your > website that you are angry your hosting company disapproved on your > disclosure to the mass public, you said why bother terminating my website > when informations are already been in the public domain? damage limtiation > is the reason, and the fact the informations shouldn't have been there in > the first place, i thought maybe this would be an indication that your code > of conduct was actually immorally and maybe you would reconsider the > legality of what you put on your website, but you didn't, you kept the > tempo high by relocating your website to a new server which was under the > control of your irresponsible self, away from account terminations and away > from becoming under the scrutiny of a hosting companys terms of service > agreement. you then try and point blame to others, you blame the united > states government for contacting your hosting provider to get you shutdown > and you blame the governments for leaving their own population open to a > national security breach. you in no way find yourself accountable for any > wrong doing in light of the informations posted, and you find yourself > innocent of any wrong doings. you abused and hi-jacked the full disclosure > code of ethics to risk the saftey of government employees and the population > of the affected nationals. weather any of the governments request your > arrest due to the incident is not upto me, but i feel you should be in > someway punished for your actions, since to this day you have no remorse for > what you have done and you don't seem to realise the potential damage you > could or may have caused. according to you, you said you hadn't accessed > every network that you exposed on your website, so you drove blindly, and > didn't even check what operational informations would be available to cyber > terrorists, if they decided to act on the network access information you > provided to the mass public. i ask the government to act swiftly to make > this style of full disclosure illegal if its not already illegal, we > shouldn't have this information spread all over the internet, this act of > terrorism should be flagged as such, instead of branding him a responsible > security professional following the full disclosure code of ethics, we > should be denouncing this style of actions. full disclosure is fine for > e-commerce and lower level government network vulnerabilities, but to > blatantly give the network address and passwords of world governments > without prior warning needs to be exempt from the ordinary of what is normal > ethics of full dislcosure proceedure. > http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065674.htm l > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
