Hey guys,
I would like to formally address the "man in the middle" script kiddie
stuff that Dan Tentler was doing to the SoCal Linux group last night at
the coffee shop.
Personally, I take issue with Dan...
(a) Not formally and publicly disclosing that he was using Backtrack to
sniff other members' traffic.
(b) Not immediately getting rid of another member's gmail password once
he handed out a fake certificate and sniffed it with Ethereal.
(c) Doing what he was doing secretly, rather than for the edification of
the group
(d) Changing the of an otherwise friendly meeting.
I consider Dan's actions last night tantamount to pick pocketing fellow
members when we're having a discussion that's not about pick pocketing.
I also would argue that if we, as a group, are going to be cool with
other members (or, in this case, a friend of a member) secretly doing
this kind of thing to each other, then we have an obligation to inform
newbies in our group who do not know any better, particularly
unsuspecting friends, girlfriends, coworkers, or kids who sometimes
accompany us.
Our meetings are not mini Defcons or 2600 meetups, and it's not
reasonable for new people to come and expect this type of sophomoric
crap to take place. When one goes to Defcon, one can reasonably expect
to get messed with. It is the nature of the conference, and much of what
is done is often made public for everyone's edification (e.g. Wall of
Shame).
I like to think of SoCal Linux as a group of open source advocates who
work at places like Apple, Google, Microsoft, ESRI, etc. Kiddie
scripting is not, in my opinion, the tone of our group, and if we are
going to be cool with someone doing this sort of thing, then we should
should ask the person in question to formally disclose what s/he is
doing beforehand or perhaps make a public presentation about it, not do
it on the side secretly.
I would be curious to know what other people in the group think about
this. (Dan Tentler is cc'd on this, as well)
Rog
