Re: [Full-disclosure] n3td3v group calls on RSA to clarify their stance

["Scott T. Cameron" <scameron@xxxxxxxxxxxxx>]

On Sat, Apr 01, 2006 at 05:34:20AM +0100, n3td3v wrote:
> No one actually knows how RSA are carrying out their database attacks yet,
> hence the reason I called for clarity on the issue. But I really am suspect
> about the exact technical setup of the attacks that the RSA are carrying out
> against fake logins and their databases. Theres no way however they could
> carry out world wide attacks on hundreds of fake login targets, without the
> use of more than one ip host. And whats the definition of a bot network,
> isn't it more than one computer used to send data? In which case you would
> need to define the RSA as using a bot network to send their fake raw data to
> fake world wide phishing targets. And if they are, is it ok for everyone
> else to join in. No I didn't say I had a botnet, and I didn't say I was
> attacking anything, all I asked was for RSA to clarify their stance, to make
> it clear that its ok or not ok for everyone to join in the attacks they
> recommended via the Cnet news article as  a good method to beat phishers.

You realize ARIN assigns blocks of IPs, right?  In various parts of North 
America?  Then you have RIPE for your precious UK.

I would be completely overwhelmed if RSA had more than a /30 from their 
provider.  That is unfathomable.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/