[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Re: Re: Who Do I Contact?

john kalergis wrote:

>>   So, let's see.... Washington... Virginia.... Ohio.... Illinois....
>> Missouri....
>>
>>   You're in Kansas, right?


> wow....everybody here is more than impressed
>

  Well, I don't suppose *everybody* has had a sense of humour bypass.  And 
there's a valid point I was making about how information can leak in 
unexpected ways; they guy doesn't want to give away anything that could 
reveal the .edu in question, but the combination of his geo location from 
his posting IP and the fact that he's revealed that his own ssn is on the 
list and hence it's his own school and hence can be assumed to be 
geographically local to him allow us to deduce something that we couldn't 
have known from his words alone and allow any potential attacker to 
massively reduce the search space.

  IOW I was illustrating the point that if you want to discuss something 
openly but really, really, *really* want to keep the lid on any information 
that could identify it, you need to post through a proxy.  And how's that - 
a legitimate use for posting through anonymous proxies!

  So there :-P~~~


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/