[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] sans handler gives out n3td3v e-mail to public
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] sans handler gives out n3td3v e-mail to public
- From: scott <redhowlingwolves@xxxxxxxxx>
- Date: Sat, 22 Mar 2008 00:38:47 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
n3td3v wrote:
> On Fri, Mar 21, 2008 at 3:18 PM, Kern <timetrap@xxxxxxxxx> wrote:
>> Well . . . worried DOES have a good point . . . I think SANS dropped the
>> ball on that, BUT I don't know if this is going to be a "media event".
>>
>> I have had a little dealing with various handlers (the few I have talked to
>> seemed nice enough). But this is common; an employee using a written policy
>> to basically do something unethical.
>>
>> The "spirit" of the notice is to protect the identity of the submitter, the
>> "letter" is regarding the use of the submission form.
>>
>> SANS has based its value on intelligence gathering. They unify an unwieldy
>> field of study (Internet, and computer security). By trying to undermine
>> SANS on IRC, worried created a hostile environment to resolve a perfectly
>> legitimate problem.
>>
>> You have to use logic, not flame bait.
>
> Its not just about the one line at http://isc.sans.org/contact.html
> that says "All submissions are kept confidential. Your submission will
> reach all ISC handlers. Your e-mail address will only be used to reply
> to your submission."
>
> There is a whole privacy document that's supposed to protect me at
> http://www.sans.org/privacy.php
>
> "This privacy statement applies to information collected by web
> addresses in the sans.org, sans.edu, giac.org, and other domains owned
> and operated by SANS, GIAC, and the Escal Institute, hereafter
> referred to collectively as SANS."
>
> His argument that I should have used the form when handlers@xxxxxxxx
> is at the bottom of the http://isc.sans.org
>
> "(c) 2000-2008 The SANS™ Institute
> SANS Web Privacy Policy: www.sans.org/privacy.php - Web Contact:
> handlers@xxxxxxxx
> report bugs please include debug info (opens new window)
> Policy On SANS Trademark Usage"
>
> I didn't bypass anything, the e-mail address I used is at the bottom
> of their internet storm center, so what he said was complete bullshit.
>
> My e-mails sent straight to handlers@xxxxxxxx is still supposed to be
> covered by http://www.sans.org/privacy.php
>
> I will never send intelligence to them again, and I hope this goes out
> as a warning to any other underground folks that they don't take their
> privacy document seriously.
>
> How can they run a successful intelligence operation at sans if their
> informants can't trust them to respect their privacy?
>
> All the best with your intelligence operations sans, hope you are
> giving away more e-mails on irc soon!!!
>
> You have just fucked with a major player in the underground with the
> biggest google group around of over 4164 members and counting.
>
> The person in question who done this made fun of the wrong person, I
> don't take privacy violations likely.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Yea, 4164 spambots. Ok, maybe 4100 spambots, the rest are there for the
'Jerry Springer Effect'.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFH5I1Xs+9h2X0fCGcRArrkAKCaMbF5t+3D++16RG92NBSX3pKH3ACfeW/8
zFK632asWco9ghBSZ3aKK5I=
=aYhk
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/