mailing list archives
Re: sans handler gives out n3td3v e-mail to public
From: atlas <atlas () r4780y com>
Date: Fri, 21 Mar 2008 16:14:08 -0400
On Friday 21 March 2008, full-disclosure-request () lists grok org uk wrote:
Date: Fri, 21 Mar 2008 11:18:13 -0400
From: Kern <timetrap () gmail com>
Subject: Re: [Full-disclosure] sans handler gives out n3td3v e-mail to
To: "Kurt Dillard" <kurtdillard () msn com>
Cc: full-disclosure () lists grok org uk
<fcdfb4eb0803210818m482d4a10y49dac66ef52af133 () mail gmail com>
Content-Type: text/plain; charset="utf-8"
Well . . . worried DOES have a good point . . . I think SANS dropped the
ball on that, BUT I don't know if this is going to be a "media event".
I have had a little dealing with various handlers (the few I have talked
to seemed nice enough). But this is common; an employee using a written
policy to basically do something unethical.
The "spirit" of the notice is to protect the identity of the submitter, the
"letter" is regarding the use of the submission form.
SANS has based its value on intelligence gathering. They unify
an unwieldy field of study (Internet, and computer security). By trying to
undermine SANS on IRC, worried created a hostile environment to resolve a
perfectly legitimate problem.
You have to use logic, not flame bait.
I like your level-headed approach, since my initial reaction is (and has been
for some time) to string worried up with dental-floss until he reaches
puberty. Even though I disagree with you, I completely respect your approach
and intelligent forethought.
Perhaps disagree is even a bit too strong... I agree with you in theory, but
would submit that the lack of shroud between his "worried" and "n3td3v"
identities would basically mitigate any cause for concern. It's kind of like
saying "Simple Nomad, even though you have been on CNN with you're real name
I can't call you Mike." (or Mark? CNN got it wrong ;) sfirefinch was
simply calling him by his other name as publicly listed here:
If you didn't know about that posting, reading a few of his FD shows me the
link between identities.
I am concerned that n3td3v, or worried, or xploitable, or whatever will get
the impression that his self-gratifying tantrum makes an impact, furthering
his abuse of people and lack of respect for others. There is a problem to be
addressed in this matter, but the majority of it must be placed on the
adolescent with a chip on his shoulder.
So I ask the question... did sfirefinch actually breach privacy? or did
Best Regards to you Kern,
Description: This is a digitally signed message part.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: sans handler gives out n3td3v e-mail to public DUDE DUDERINO (Mar 21)
Re: sans handler gives out n3td3v e-mail to public phunkbrother (Mar 22)
- <Possible follow-ups>
- Re: sans handler gives out n3td3v e-mail to public atlas (Mar 22)