[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] SMS Banking

To: "craig.wright@xxxxxxxxxxxxxxxxxxxxxxx" <craig.wright@xxxxxxxxxxxxxxxxxxxxxxx>, "'McGhee, Eddie'" <Eddie.McGhee@xxxxxxx>, "'full-disclosure'" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] SMS Banking
From: "Thor (Hammer of God)" <Thor@xxxxxxxxxxxxxxx>
Date: Thu, 11 Feb 2010 15:39:50 +0000

Proved?  Maybe not... But I've certainly illustrated beyond reasonable doubt.  
Given the circumstances, that seems like a term you are more than familiar 
with, so I'll use that.

AFAIC, this entire exchange has been worth it for a number of reasons - I'll 
highlight for those with a life, and I'll move on to engage in things that 
actually matter.  

1) You cannot predict the probability of exploitation because you cannot factor 
in human free will.  Period.
2) You cannot even define risk.  You have illustrated that you think that not 
only does risk="code vulnerabilities discovered" but that those figures somehow 
matter, and that you, or anyone else for that matter, can extrapolate 
meaningful conclusions from them.
3) You think that someone hacking into or not hacking into some individual 
system somewhere that you set up has anything whatsoever to do with a 
probability model.  
4) You think that a series of on-line degrees or certifications seems to mean 
you are actually "qualified" for anything, particularly when the qualifying 
body not only doesn't even bother offering the qualification anymore in 2010, 
but has to tell you they don't have time for your silly games and not to spam 
their advisory board.  
5) You think that you are a master at digital forensics, and of compliance, yet 
you either couldn't keep a simple email account from being hacked as you 
claimed in court, or that, in the light of the same qualifications, you 
couldn't do something simple like clean up after yourself.  Either way, which 
ever story you want to stick to, it shows incompetence.

And finally, and most importantly, the one thing you can now never escape:

6) You cannot be trusted.  This entire business is about trust.  Let's forget 
about the sidestepping of logic to protect your ego.  The documents referenced 
show filing by The Supreme Court of NSW that you willfully ignored court 
orders, that you lied under oath, and that you purposefully submitted false 
evidence to the court - well, in my opinion based on what I read - you're the 
one with the law degree here (though it doesn't seem to have done much good, 
eh?).  That in the wake of dozens of phone calls and uncounted emails, that you 
say were not made by you, and that someone else did it.  I'm hoping there was 
FAR more than $450 a month at stake to sell out your integrity.  But that's all 
the court filing references.  In the absence of honor, integrity, true 
qualification, and capability it now comes to light that you are not even 
trustworthy - not to me, anyway.  I'll leave it up to people like SANS and the 
other companies you work for to see if they are comfortable with ha
 ving a professional liar and self serving egoist on board.  But to me, nothing 
you ever say can be trusted.

I'll continue to contribute, however small or meaningless it may be to some, 
for free - because I actually CARE about what happens to other people.  I CARE 
about the security of my country, and the people in it.  Hell, I care about the 
security of other countries too.  That's why I spoke out against anyone who 
thinks they can deploy CIP systems on the back end of a calculator.   That's 
why I offered to debate openly, for free.  You wanted to get paid by the hour.  

I am done with you, sir.  I don't have to prove anything that has not already 
proved itself.  

Have a nice day, though.

T

P.S.  I have to ask - do you like fishsticks?




> -----Original Message-----
> From: Craig S Wright [mailto:craig.wright@xxxxxxxxxxxxxxxxxxxxxxx]
> Sent: Thursday, February 11, 2010 3:17 AM
> To: 'McGhee, Eddie'; Thor (Hammer of God); 'full-disclosure'
> Subject: RE: [Full-disclosure] SMS Banking
> 
> He proved nothing.
> 
> As for certs, I have Cisco, around 30 SANS ones, most of the others.
> 
> I also code in C, C++, ASM, Java and a few others.
> 
> You did not look too hard.
> 
> -----Original Message-----
> From: McGhee, Eddie [mailto:Eddie.McGhee@xxxxxxx]
> Sent: Thursday, 11 February 2010 9:46 PM
> To: Thor (Hammer of God); 'full-disclosure'
> Cc: craig.wright@xxxxxxxxxxxxxxxxxxxxxxx
> Subject: RE: [Full-disclosure] SMS Banking
> 
> Going by his resume he has some basic networking/it skills, no decent
> Cisco
> certs, cant code.. He may be able to do maths but everyone knows you
> cannot
> predict how a vuln is going to appear with some number crunching.. And
> with
> his skill set.. Secured over 1600 networks, no wonder financial
> institutes
> get pwned so much these days if people like this goon is working for
> them
> 
> I wouldn't waste any more time on this nub Thor, you have more than
> proved
> he is a douche.
> 
> 
> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Thor
> (Hammer
> of God)
> Sent: 11 February 2010 02:34
> To: Valdis.Kletnieks@xxxxxx; 'full-disclosure'
> Cc: craig.wright@xxxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: [Full-disclosure] SMS Banking
> 
> Actually Valdis, it seems like all of this may be for naught.  It has
> been
> brought to my attention that drafting a contract with Dr. Wright
> wouldn't be
> in my best interest.  Apparently, he's known for not keeping to the
> "spirit"
> of contracts when money is concerned.
> 
> Now, if I were an ass, I might be tempted to publish the information
> found
> at
> http://www.lawlink.nsw.gov.au/scjudgments/2004nswsc.nsf/000000000000000
> 00000
> 000000000000/1c0f375d3250297dca256ef300196460?OpenDocument
> 
> but fortunately for the parties involved, I'm not.  Entering into a
> contract
> where willful misconduct and lying under oath may ensue is not my idea
> of a
> smart business move.  I'm not saying Dr. Wright did any of those
> things,
> (even though others have), I'm just saying that if one can't define
> what
> "product" means, then I doubt one can successfully define what
> "probability
> of compromise" means either.  Good money is on letting this one die as
> it
> lies (no pun intended).  So I must regretfully rescind my challenge, or
> not
> accept his, or whatever it was at this point.
> 
> Now, if I were REALLY as ass, I would point out something like though
> Dr.
> Wright has a degree in law, between him and his attorney, the best they
> could come up with when emails were found on his system and phone calls
> were
> on his cell bill was the "it wasn't me" defense. But again, I won't
> point
> that out.  It would be just plain mean.
> 
> If I REALLY REALLY were an ass, I would further point out the irony of
> a
> master of digital forensics not being able to properly delete emails
> from
> his computer in the first place, or the rumor that AU has this thing
> call
> "krypshun," but I won't mention that either.  That would be both crass
> and
> insensitive of me.
> 
> 'twer I an ass cubed, I would take this opportunity to reference a
> Princess
> Bride joke in regard to the source of iocane powder (that one's for
> you,
> Laura) but again, I'll suffer internally to protect the innocent.
> 
> So I'll bow out.  Craig, you win buddy.  While I may never know what
> the
> Magic Number the Improbability Engine might have produced (now that
> Douglas
> has passed on) at least I know that criteria one must meet in order to
> be a
> Security Hero.
> 
> Thanks for playing everyone.  Good luck, and good night!
> 
> t
> 
> 
> 
> > -----Original Message-----
> > From: Valdis.Kletnieks@xxxxxx [mailto:Valdis.Kletnieks@xxxxxx]
> > Sent: Wednesday, February 10, 2010 1:17 PM
> > To: craig.wright@xxxxxxxxxxxxxxxxxxxxxxx
> > Cc: Thor (Hammer of God); 'full-disclosure'; pen-
> > test@xxxxxxxxxxxxxxxxx; security-basics@xxxxxxxxxxxxxxxxx
> > Subject: Re: [Full-disclosure] SMS Banking
> >
> > On Thu, 11 Feb 2010 07:02:43 +1100, "Craig S. Wright" said:
> > > " Plain and simple.  Produce the contract, here, publically.  I'll
> > > produce my $100,000 that you match, in escrow.  If the system gets
> > > breached, any way I choose,
> >
> > What happens if the system gets breached, but in a way not of your
> > choosing?
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] SMS Banking
  - From: sine onus
- [Full-disclosure] Risk measurements
  - From: Craig S. Wright

References:
- Re: [Full-disclosure] SMS Banking
  - From: Thor (Hammer of God)
- Re: [Full-disclosure] SMS Banking
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] SMS Banking
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] SMS Banking
  - From: Thor (Hammer of God)
- Re: [Full-disclosure] SMS Banking
  - From: McGhee, Eddie
- Re: [Full-disclosure] SMS Banking
  - From: Craig S Wright

Prev by Date: [Full-disclosure] [ MDVSA-2010:035 ] openoffice.org
Next by Date: Re: [Full-disclosure] [Onapsis Security Advisory 2010-004] SAP J2EE Authentication Phishing Vector
Previous by thread: Re: [Full-disclosure] SMS Banking
Next by thread: Re: [Full-disclosure] SMS Banking
Index(es):
- Date
- Thread