[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Re: Popular Net anonymity service back-doored
- To: thomas.greene@theregister.co.uk
- Subject: [Full-Disclosure] Re: Popular Net anonymity service back-doored
- From: Aron Nimzovitch <crypto@clouddancer.com>
- Date: Thu, 21 Aug 2003 14:41:33 -0700 (PDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
From: "Thomas C. Greene " <thomas.greene@theregister.co.uk>
Organization: The Register
Leaving a hint in the source and waiting for someone to call them on it may be
a legal strategem, but it's not a good way of maintaining user
trust.
Only a fool would blindly depend on someone else's software to gain
anonymity without examining the code. If you need anonymity, then you
should easily be willing to invest sweat equity, or have a contractual
arrangement when the threat is only financial. For more serious
threats requiring anonymity, not reviewing the source when it is
available seems beyond stupid. I could unserstand your ire if you
were one of our clients, but this was a free service wasn't it?
FAR
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html