Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Politech mailing list archives

FC: French site Kitetoa.com fined for expose of security hole
From: Declan McCullagh <declan () well com>
Date: Wed, 27 Feb 2002 21:29:11 -0500
Here's an article about Kitetoa.com's expose of Doubleclick:
http://www.ecommercetimes.com/perl/story/8505.html
This is another good reason to publish sensitive information untraceably. Establish a persistent pseudonymous identity -- standard procedure would be to generate a private-public keypair and sign your reports with it. You can also received messages encrypted to your public key (so only you can decipher them) and dropped in a public place such as a Usenet newsgroup or popular mailing list. Eventually, if the legal threat disappears, you can reveal your truename and receive credit for your earlier work.
Naturally it'll be difficult for you to get paid under this scenario, but doesn't everyone do this for the love of the craft? :) 

-Declan

---

Date: Thu, 28 Feb 2002 02:43:06 +0100
From: Solveig <solveig () transfert net>
Organization: transfert
To: declan () well com
CC: "Kitetoa at Kitetoa . com" <kitetoa () kitetoa com>
Subject: Kitetoa in danger

Hello declan,

Sorry for my bad English, but I think this story should be told...
Sadly, there's only French links until now. But American media have
already written some articles about Kitetoa, who disclosed some
security flaws in DoubleClick last year, and recently, in Choicepoint...
The webmaster of Kitetoa, a French group of security enthusiasts with a passion for 
showing how badly protected our personal data is, has been sentenced
by a French court to a 1000 euros fine. Using nothing more than
Netscape Navigator's features, he could access to Tati's (a
clothes' discounter)file directory, and then to all consumers
profiles. He had warned the webmaster of Tati one year before about
the problem, but no
effort was made to secure the server. So he disclosed the breach of
security in an article on
www.kitetoa.com. Tati did nothing until the news was republished by an
offline mag called Newbiz - too much publicity for Tati, let's sue
those disturbers. Notice that Newbiz wasn't targeted, only the small
investigative website. Although the judge couldn't identify precisely
the nature of the "computer fraud" Kitetoa was fined for, this
sentence creates a dangerous precedent. It is likely to lead to some
more lawsuits. Kitetoa will probably have to stop its activities.

It reminds us, in France, of the story of Altern, an independent and
non-profit Internet provider who hosted 40 000 websites. Altern had
to close because it was held responsible for a nude picture of a
top-model, was fined, and then was subject to a true rain
of legal procedures coming from all the people who don't like free
speech on the Web.

Now, full disclosure is in danger.

Kitetoa's file about Kitetoa vs Tati
  http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Tativersus_Kitetoa/index.shtml

Some articles in French
http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Tati_versus_Kitetoa/papiers.txt

About Choicepoint in English :
http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin7/choicepoint-suite-english.shtml

About DoubleClick in English :
http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick-english.shtml
http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick-round2-english.shtml
http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick-round3-english.shtml
http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick-round4-english.shtml
http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick-round5-english.shtml

--
Best regards,
 Solveig Godeluck                         mailto:solveig () transfert net




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
  • FC: French site Kitetoa.com fined for expose of security hole Declan McCullagh (Feb 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]