The behavior Dan Tentler exhibited screams "troll" to me, and his intentions were clearly selfish: whether to surreptitiously obtain personal/private information for his own benefit, or to get personal satisfaction by riling the group. He claims to be a "security professional" but Dan Tentler's unprofessional actions demonstrate his *inexperience, immaturity, and dishonesty*. This kind of thing might have been fun in high school, but it is not the kind of thing I've come to expect from a 29-year old adult.
Had he been interested solely in educating the group or even individual members of the group, a real professional would have given prior notification, and maybe even asked permission. Dan Tentler did neither. His actions were trollish. Yes, we can all learn from his improper deeds, the same way we can learn from any terrorist attack or natural disaster. We don't have to be thankful, though, for his unethical methods. It would be like somebody breaking into your house (even if they went through an unlocked window, to make the analogy a little better), taking your checkbook and diary, and then, when you see him walking out of YOUR house, holding YOUR personal items, and challenging him, he gives them back and says, "Oh, it's OK, I'm a professional. I didn't really see anything, like your wife who is currently in the shower and is using the wrong shampoo. And I didn't read your diary, or at least I promise not to remember what I read, and I TOTALLY SWEAR that I didn't write down or copy any of your financial information. By the way, you're nearly 2 months late on your car insurance." "Plus, you really need to lock all your windows, because it was just that easy for me to get into your house. You're welcome." Dave said, of Chris and Roger, that "[...] they have the right to be upset about the potential serious loss of privacy." I disagree - this was not a *potential* loss. It was a *violation of privacy*, period. I don't know Dan Tentler, but had I been at that meeting, I might have called the police. Seriously. Anybody sitting in that cafe had a "reasonable expectation of privacy." Dan Tentler violated that privacy, and by being associated with the group, violated the trust of the members. I know of at least one person on this list whose life has been severely disrupted because their identity was stolen; I'm pretty sure that person would have called the police if they had been there. Further, his claim that Roger - or anybody - is merely on a witch hunt is ridiculous. "Witch hunt" implies that Rog is seeking to defame him within the group for other political or financial reasons. The group has no offices, officers, officials, leadership positions, appointments, elections, committees, boards, faculty, or any official hierarchical structure of any kind, so political motivations aren't even possible. There are no dues, fees, or charges of any kind to be a member or attend a meeting, so financial motivation is also out. So, I'm curious Dan, what would Roger's ulterior motive be? Loren ________________________________ From: David Kaiser <[email protected]> To: SoCal LUG Users List <[email protected]> Sent: Tuesday, December 30, 2008 1:05:31 PM Subject: Re: [LinuxUsers] Dan Tentler's script kiddie antics last night Hi Paul, Detecting sniffing is really difficult to do. It would be like two people talking in a room and you want to know if a 3rd person in the room is eavesdropping. That someone else is not an active participant, and without being able to see inside the head of that person or know what they are thinking, you don't know if they were listening in or not. As far as giving someone the benefit of the doubt - if you are still interested in my opinions, read the remainder of this e-mail. When the issue with Dan Tentler being dishonest and stealing people's passwords first arose on Saturday night, he had numerous chances to be honest, contrite, forthcoming, and at least try to explain himself properly - and he didn't. When Chris first asked who was running nessus, he just looked down and ignored the question - when he should have immediately responded and explained what he was doing. When the question was repeated he looked over in the direction of Chris Louden and myself as if to deflect some blame towards one of us. When Chris really found that he was the culprit, he passed it off as if it was some research project. When the issue of having intercepted gmail passwords and such came up - he made the comment that it was all harmless because he wasn't going to save the log of his capturing activity. Yet he didn't - he kept right on capturing other packets, and didn't actually demonstrate that he had cleared the captured log. So - let's revisit back to giving someone the benefit of the doubt - there were numerous chances during the conversation as it developed that evening, where he could have provided us with a reason to supply that benefit, where we would be generous with our opinions of him - but every time he chose the wrong course, with either denial or dishonesty. In further discussions about the issue Dan is still not coming clean or apologizing, but instead accusing people of being on a witch hunt and accusing people of starting a flame war. If you want to give him the benefit of the doubt, please do - but people that started off trying to give the benefit of the doubt were quickly convinced that he didn't deserve it based on his actions. I still don't have any proof that Chris's gmail password wasn't sent off to Chinese hackers or something by the time we got home that evening. None of us observed if Dan actually deleted his logs, or that he proved to anyone that he hadn't captured anything else of ours that evening. He has not provided any proof of deniable culpability - and when someone like him is observed doing the activities he was doing - proving to everyone that he was clean should have been the very first thing he did. All in all, it's a shameful act for someone who claims to be a security professional. Security professionals only do what's within their bounds, and don't shrug at legalities like Dan Tentler did. Security professionals don't infringe on people's privacy for sport like Dan Tentler did. Also on the topic of lending someone the benefit of the doubt - I think when it comes to a person's privacy (and each one of us has to evaluate this as it equates to our own personal information and how we choose to guard it) - people also need to give the benefit of the doubt to anyone who is guarding their personal info. I've been generous with giving that benefit to Chris and Roger as they were most affected by Dan Tentler's mischievous and borderline-illegal actions. Based on how they are handling things with a professional manner, and how Dan is not - I continue to give them the benefit of the doubt that they may have had something more serious than a gmail password be compromised, and they have the right to be upset about the potential serious loss of privacy. Thanks, DK ____________________________________________________ Insert your own stupid MSN Hotmail or Windows Vista ad here ____________________________________________________ On 12/30/2008, "Paul Saenz" <[email protected]> wrote: > >Interesting. I was wondering if maybe a few links to good tutorials about >ARP spoofing, and/or sniffing detection could be posted to the socallinux >webpage, with maybe a little intro as to why it's there for newcomers. > >It would be cool if the group was set up to detect sniffers. I think it would >be fun if we actually caught someone in the act who was outside the group, >and were actually able to identify the person in a public setting: Put a >little >fun in your White Hat :~). > >As for Dan Tentler, I usually like to give people the benefit of the doubt on >first offenses, but that's just me. > >Cheers > >_________________________________________________________________ >Life on your PC is safer, easier, and more enjoyable with Windows Vista®. >http://clk.atdmt.com/MRT/go/127032870/direct/01/ _______________________________________________ LinuxUsers mailing list [email protected] http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
