Full Disclosure mailing list archives
RE: Re: Popular Net anonymity service back-doored
From: "Drew Copley" <dcopley () eeye com>
Date: Thu, 21 Aug 2003 12:31:37 -0700
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Florian Weimer Sent: Thursday, August 21, 2003 11:39 AM To: bugtraq () securityfocus com; full-disclosure () lists netsys com Cc: Thomas C. Greene Subject: [Full-disclosure] Re: Popular Net anonymity service back-doored -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Thomas C. Greene " <thomas.greene () theregister co uk> writes:
<snip>
However, perhaps the JAP team at TU Dresden hadn't much choice. I haven't seen the court order, but I could imagine that they weren't allowed to inform the users because it would have harmed the criminal investigation. Following the order while fighting it within the legal system is perhaps a wiser choice than just resisting it (and thus breaking the law yourself). But I agree that it takes them awfully long to update their web site, now that some information is public.
I would think, I would know, there would be a moral obligation to tell their users. Moral... A conscience obligation, an obligation of conscience. At the very least, they could have exposed this anonymously on the Usenet or someplace. (Indeed...) Regardless, it the German authorities who used the authority of the German State to do this. It is the German State which is culpable in this situation. Who cares if they watch their own wires? But, they have no right to put code on people's systems outside of Germany. If they do not have this right inside of Germany, I do not care. I do not care if this causes them a problem. There is no justification of the means to an end. They have absolutely no jurisdiction in the US. Are they saying they do not believe in boundaries anymore? Are we allowed to hack all of their pedophiles and Neo-Nazis as we wish? They are breaking the law and we have no authority to hack them. Are they giving us this authority? I think not. But, this is the message they have sent with this. As for the errors... Thomas Greene lost my trust last year when he started to lie about the entire security community and made obnoxious and pervasive comments about where security vulnerabilities come from... His misleading of the public has affected a great many of people to this very day. My trust with him is broken by his own gross violations.
Finally, they could have avoided all the hassle if they hadn't published the source code. Why did they publish? I don't believe it's an accident. For BUGTRAQ readers: Symantec strips message headers. The original To: and Cc: are: To: bugtraq () securityfocus com, full-disclosure () lists netsys com Cc: "Thomas C. Greene " <thomas.greene () theregister co uk> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.2-cvs (GNU/Linux) iQEVAwUBP0URumOpx4pWo0FrAQLTXQf/aJLMGYtvLpzbB8BtYNFqdoHEQlu/QUmv gzouWH76cIL6zVJLK7eAM6nNI29itfOm/mJRfAJvU5B7FVAbFfPyhwEuBr4bUCYj wkIwdM0tQihu+SBdIEIKdrSlfpNbstGJiKkQkPPpa2EREqqVYLadGk95KughJ1AG f9HJzUG5jbPS/FEXrEYSqudJeVQPVPGUdmXbl0ayq8y2+AtZnk9NCJIFbXlBXf9P /zK+AoORdDl6t8fzKfUwi/qTu4qads/+eHklAbaKo2EyghjquKubTQdWpQodpt17 2CB/D25ULum2e8LWN6el2AW+PjkyaxeVBenKQV8Rw9Zv2JLenZsWrQ== =sN0C -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Popular Net anonymity service back-doored Florian Weimer (Aug 21)
- RE: Re: Popular Net anonymity service back-doored Drew Copley (Aug 21)
- Re: Re: Popular Net anonymity service back-doored Florian Weimer (Aug 21)
- Re: Popular Net anonymity service back-doored Thomas C. Greene (Aug 21)
- Re: Popular Net anonymity service back-doored Aron Nimzovitch (Aug 21)
- Re: Popular Net anonymity service back-doored Barney Wolff (Aug 21)
- RE: Popular Net anonymity service back-doored David Schwartz (Aug 21)
- RE: Popular Net anonymity service back-doored Drew Copley (Aug 22)
- Re: RE: Popular Net anonymity service back-doored felix . roennebeck (Aug 22)
- Re: Popular Net anonymity service back-doored Bernhard Kuemel (Aug 24)
- Re: Re: Popular Net anonymity service back-doored Dave Howe (Aug 27)
- Re: Popular Net anonymity service back-doored Aron Nimzovitch (Aug 21)
- RE: Re: Popular Net anonymity service back-doored Drew Copley (Aug 21)
- Re: Popular Net anonymity service back-doored Alex Russell (Aug 21)