Re: Gustav, domain name reportage

[n3td3v <xploitable () gmail com>]

On Sun, Aug 31, 2008 at 2:57 AM, n3td3v <xploitable () gmail com> wrote:
> http://linuxbox.org/pipermail/funsec/2008-August/018318.html
> http://isc.sans.org/diary.html?storyid=4954
>
> Hi,
>
> I think its wrong for you to name and shame these domain names, and
> specify places people live (funsec), seeing as these folks have done
> nothing wrong.
>
> Guilty until proven innocent, is that how it works in cyber security land?
>
> Completely out of order...
>
> All the best,
>
> n3td3v
>
> --
> computer security protection news alert system, keep messages short
> for cellular devices.
> https://groups.google.com/group/n3td3v

 * Now talking in #n3td3v
[03:11] <cybersecure> [Full-disclosure] Gustav, domain name reportage
[03:11] <cybersecure>
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064132.html
[03:15] <ChrisAM> I don't get your post.
[03:16] <ChrisAM> the past disasters demonstrate the abuse of domains like this.
[03:16] <cybersecure> yet those domains are only parked domains just now
[03:16] <cybersecure> no law broken
[03:17] <ChrisAM> dshield is just being proactive.
[03:17] <cybersecure> it could even be the government or a security
company etc buying the domains so they can't be bought
[03:17] <ChrisAM> that's what I suggested earlier to do.
[03:18] <cybersecure> so why name and shame and then the funsec post
starts posting where people live
[03:18] <cybersecure> completely outragous when technically nothing
has been done wrong (yet)
[03:18] <ChrisAM> they just put cities.. not people's names.
[03:19] <cybersecure> its bad enough
[03:19] <ChrisAM> the scumbags are just waiting for the storm to hit.
[03:19] <cybersecure> even you're calling them scumbags before you
even know the reason for the domains
[03:19] <ChrisAM> What other reason would there be?
[03:19] <cybersecure> technically you shouldn't do it until something
has been commited
[03:20] <ChrisAM> Innocent until proven guilty only applies in
law/courts. I can call them whatever I want.
[03:20] <cybersecure> and then i call you a twat
[03:20] <cybersecure> sorry
[03:20] <cybersecure> its not very professional
[03:21] <cybersecure> to name and shame before an fofence has been commited
[03:21] <ChrisAM> You actually think these will be legitimate sites?
[03:21] <cybersecure> offence*
[03:21] <cybersecure> its not for me or anyone else to judge until
something actually happens, and certainly not put on a high profile
sans diary
[03:22] <cybersecure> maybe on backchannels and in private
[03:22] <cybersecure> but not so publically
[03:22] <cybersecure> until an offence is commited
[03:22] <cybersecure> once an offence is commited, shout to the hills about it
[03:23] <ChrisAM> by then 5 million spam mails are already sitting in
people's inboxes.
[03:23] <cybersecure> so you're saying these domains should be cancelled?
[03:23] <ChrisAM> no.
[03:23] <cybersecure> what the fuck!
[03:23] <ChrisAM> I'm saying they should be closely watched.
[03:24] <cybersecure> but not talked about on a sans diary or
published on funsec until something happens
[03:24] <ChrisAM> This is the information gathering phase. It's too
late to start that after the storm hits.
[03:25] <cybersecure> information gather in private until someone does
something wrong
[03:27] <cybersecure> can i put this transcript on f-d?
[03:28] <ChrisAM> ok
[03:28] <ChrisAM> What value will it add there?
[03:28] <cybersecure> you don't care?
[03:30] <cybersecure> brb, i'm going to post...
[03:30] <ChrisAM> no
[03:30] <cybersecure> your nickname will come up on google
[03:30] <ChrisAM> ok
[03:31] <cybersecure> brb then... i'm going to post

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/