Dan, since you cc'd the group in your exchange with me, then I will
assume that it's okay to continue cc'ing them in this email exchange
back to you.
I personally consider your actions inappropriate, and I have asked
others here in a public forum on what they think. I don't expect others
to necessarily concur, and I am asking for their input.
As I told you in a previous email this morning, if this sort of activity
is "okay" to you, then I and several others will likely start working
with other people in the tech community in protecting them from these
sorts of antics when you are around.
In the words of The Dude in the Big Lebowsky, "This aggression will not
stand!"
Dan Tentler wrote:
Wow, thanks for totally scolding me like a little child Rog, I'm glad to
know that you look up to me like a respectable member of the community.
Sounds to me like the beginning of a witch hunt. Sounds like you're
trying to 'rally everyone to your cause'.
Sort of funny you think doing a MITM attack is 'script kiddie' level
though, it just illustrates to me your depth of knowledge with security.
As I have no intention of 'feeding the troll', as it were - I'll not
address your points - it's just going to start a flame war.
Just picture me shaking my head and saying : "You get butthurt too easy".
I didnt 'steal' anything, I didn't log anybodys information, nothing was
stateful, and no damage was done.
And the app I used was called "Ettercap" - and it doesn't log by default.
-Viss
Roger E. Rustad, Jr. wrote:
Hey guys,
I would like to formally address the "man in the middle" script kiddie
stuff that Dan Tentler was doing to the SoCal Linux group last night
at the coffee shop.
Personally, I take issue with Dan...
(a) Not formally and publicly disclosing that he was using Backtrack
to sniff other members' traffic.
(b) Not immediately getting rid of another member's gmail password
once he handed out a fake certificate and sniffed it with Ethereal.
(c) Doing what he was doing secretly, rather than for the edification
of the group
(d) Changing the of an otherwise friendly meeting.
I consider Dan's actions last night tantamount to pick pocketing
fellow members when we're having a discussion that's not about pick
pocketing.
I also would argue that if we, as a group, are going to be cool with
other members (or, in this case, a friend of a member) secretly doing
this kind of thing to each other, then we have an obligation to inform
newbies in our group who do not know any better, particularly
unsuspecting friends, girlfriends, coworkers, or kids who sometimes
accompany us.
Our meetings are not mini Defcons or 2600 meetups, and it's not
reasonable for new people to come and expect this type of sophomoric
crap to take place. When one goes to Defcon, one can reasonably expect
to get messed with. It is the nature of the conference, and much of
what is done is often made public for everyone's edification (e.g.
Wall of Shame).
I like to think of SoCal Linux as a group of open source advocates who
work at places like Apple, Google, Microsoft, ESRI, etc. Kiddie
scripting is not, in my opinion, the tone of our group, and if we are
going to be cool with someone doing this sort of thing, then we should
should ask the person in question to formally disclose what s/he is
doing beforehand or perhaps make a public presentation about it, not
do it on the side secretly.
I would be curious to know what other people in the group think about
this. (Dan Tentler is cc'd on this, as well)
Rog
