(rant) What The Hell Was He Thinking?

[lyger <lyger () attrition org>]

http://attrition.org/security/rant/z/privacy.html

Fri Jul 20 17:40:29 EST 2007
Lyger and Jericho

For those who haven't heard, a recent data loss incident involving the 
Louisiana Board of Regents was recently disclosed to the media. In short, about 
80,000 Social Security numbers were inadvertently exposed over the internet, 
and the media seemed to be very quick in picking up on the story. An 
independent researcher by the name of Aaron Titus made this discovery, 
contacted a media source and made the disclosure. Fairly interesting.

Here's the problem: Aaron Titus made a mistake. He asked for advice regarding 
responsible disclosure of a known vulnerability (i.e. an exposure of personal 
information in a public location), and then proceeded to ignore almost every 
bit of rational advice given to him.

[..]

Note that we redacted Aaron's email address in the email above. It is worth 
mentioning that we also redacted his work telephone number from the same email. 
We would really hate to invade his personal privacy since he values it so much, 
but with that said, why would a "privacy advocate" ask for advice regarding 
responsible disclosure, email us at attrition.org, receive our advice, and then 
do this:

https://www.ssnbreach.org/

[...]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 213 million compromised records in 726 incidents over 7 years.