To members of the "linuxusers" list... I feel obligated to explain the e-mail that I am replying to. Several of you were in attendance at the SRCLE meeting on December 27, 2008, and witnessed first-hand the events which transpired. Most of you read the discussion that started on December 28, 2008 where nearly all of us participated in an open discussion about the legality and ethics of someone who had attended that meeting. We are now being accused of libel for because of statements made in these discussions on that e-mail thread.
Our discussion on the mailing list starting December 28, 2008 has already helped many of our members understand the issues around MITM attacks, and I know several of you have talked to me at LUG meetings about things related to DNS security, and also many of you at SCALE this year went through the process of understanding SSL certificates and how they work. We encourage each of you to continue to ask questions about matters related to security and to continue to keep our forum and mailing list open and transparent as we have since we started. If you have questions related to this matter, please feel free to discuss or ask Roger or I. Thanks, David --- Original Message --- Date: 7/20/2009 From: "Roger E. Rustad, Jr." <[email protected]> Subject: Re: SocalLinux.org public forum messages Dan, On 7/13/09, you accused David and me of libel and threatened legal action if we did not remove specific verbiage from the email thread "Dan Tentler's script kiddie antics last night" beginning 12/27/08. In response to your email, David and I would like to confirm the following set of events and remind you of what went on on the evening of 12/27/08 at It's a Grind coffee shop in Murrieta, CA. On 12/27/08, --you attended a SoCal Linux user group ("LUG") meeting at It's a Grind Coffee in Murrieta, CA. --you interfered with the regular and expected usage of the wireless router provided by It's A Grind Coffee with full knowledge that LUG members (and other It's A Grind patrons who were not LUG members) were connected to and using the wireless router. --you issued false ARP update statements, for the purpose of spoofing all users of the router to use your Macbook as the router, and you did not disclose to the users of the wireless network that you were doing this spoofing --since your Macbook was the proverbial "man in the middle" of all communications at that point, you used a program, such as ettercap plus additional tools, to capture TCP packets which were passing through the spoofed network, and you did not disclose to the users of the wireless network that you were capturing their information contained in the TCP packets. --you ran a program, such as ettercap plus additional tools which were designed to intercept connections on the spoofed network and interfered with the operation of secure socket layer (SSL) communications by issuing fake SSL certificates to the requester, and you did not inform the users of the wireless network that you were issuing fake SSL certificates to them. --you used these software programs and tools to issue a LUG member a fake SSL certificate for talk.google.com, and you did not inform this LUG member that you were responsible for issuing a false SSL certificate for talk.google.com. --by impersonating the secure site 'talk.google.com' (by issuing a false SSL certificate for talk.google.com), you obtained and stored information, including a password from a person whose system was signing on to talk.google.com, and you did not immediately disclose to this person that you had intercepted his personal information --you ran a program, Nessus, which is designed to find exploitable openings in a remote system, and targeted this Nessus program against customers in It's A Grind coffee shop, including LUG members, and you did not inform anyone that you were running Nessus scans against their laptops. --From 12/28/08 until 7/13/09 (the date you emailed David Kaiser and me and threatened legal action), you did not publicly address the LUG's collective concerns about capturing members' (and possibly nonmembers') private and personal information. Please be advised that... --we discuss many issues publicly on the Socallinux.org listserv. This is typical for a LUG to do, as one of the purposes of a LUG is to provide educational value for its members, and to communicate with openness and transparency. --listserv discussions may be searchable via search engines, such as Google, as we do not block search engines with robots.txt --discussions regarding security are often done online. LUG members use the listserv to exchange information and learn about all issues regarding their computers, including discussions in areas of security. --SoCal Linux has freely discussed the events which happened when you visited It's A Grind Coffee on the night of 12/27/08. --SoCal Linux has freely discussed the ethics of your actions on the night of 12/27/08. --SoCal Linux members, in general, have not considered your actions on the night of 12/27/08 a joke. Once again, we invite you to respond publicly to what several of us consider (at best) rude and (at worst) illegal. You are, in your words, a security expert, and as a security expert, we fully expect openness and transparency when dealing with our group (something many of us do not feel that you did on the evening of 12/27/08). You claim that we have committed libel, yet you have failed to demonstrate the untruthfulness of our claims or explain how you are justified to seize someone else's password without their permission and not expect us to talk about it openly. Talking openly about this, we believe, helps others in our group understand the mechanics of your MITM attack (as what you did was not for the edification of the group), as well as the legal and ethical implications of performing this procedure without the express permission of your target. Regards, Roger and David On Mon, Jul 13, 2009 at 12:54 PM, Dan Tentler <[email protected]> wrote: > Hi David, Roger, > > It's been 3 days and I haven't heard from you at all. > > I wanted to inform you that portions of whats posted on > socallinux.orglegally qualify as libel: > > Rogers comments: > > (a) Not formally and publicly disclosing that he was using Backtrack to > sniff other members' traffic. > (b) Not immediately getting rid of another member's gmail password once > he handed out a fake certificate and sniffed it with Ethereal. > (c) Doing what he was doing secretly, rather than for the edification of > the group > > > > And your comments: > > When Dan set out to steal people's passwords... > > > Both of these blocks of text contain statements made by yourself and Roger > which are both untrue, and at best are speculation. > This libel has come up in my day-to-day business. It has already cost me > one client. > > As such I am giving you one week from today to remove the libel from your > site. > > If after one week I am still able to access these threads publically I'll > be coming back with with an attourney and taking this as far as the law will > let me. > > If this matter is not resolved by 7/20, my next communication will be to > the both of you, via registered mail. > > -Dan Tentler > CEO, AtenLabs > >
