Full Disclosure mailing list archives

Re: CERT Employee Gets Owned

From: "henry j. mason" <hmason () dbsinet com>
Date: Tue, 26 Aug 2003 09:05:51 -0400

        i was going to reply off the list, to cut down the nonsense,
        but i'm going to address the issue of morality and it's
        relevance to computer security, and then i'm going to shut
        up. and, for the record, i think the original post *was* OT.

        pedophilia has NOTHING to do with security. it's a morality
        issue... what if the person accused was guilty of fraud,
        extortion, or tax evasion? we don't know if he was, but
        would that put his past work under suspicion?

        possibly.

        the fact is, it's almost impossible to know if someone is
        going to act in the best interests of others, which is what
        is necessary for good computer security. in this case we have
        a computer security professional whose responsibilites lay
        mostly in communication with the industry, accused of attempting
        to satisfy an apparent perversion - in a case that has very
        strong overtones of entrapment.

        i think the only thing that relates to computer security here
        is the issue of trust. the JAP people broke the trust of their
        user community by maintaining the appearance of complete
        security when in fact that security had been compromised. the
        CERT employee in question damaged the trust of his employer
        (and apparently those in the security community who are more
        concerned about his sexual preferences than his privacy) by
        *attempting* to engage in a morally questionable act.
        
        trust is VERY important to computer security. who can you trust?
        the goverment? the police? the people on this mailing list?

        trust is a complicated thing. i have a commitment to my clients
        that requires me to act in their best interests and keep their
        data secure. does this mean that my personal life is squeaky
        clean? i don't think so. but i have a moral obligation to
        ensure the safety and security of my clients, and i don't
        confuse that with the morality of my personal life. am i a good
        person? i'd like to think so, although any hardcore right-wing
        christian would be terrified of my ideals.

        the real question is: am i a good administrator?

        henry

        also: i'd *really* rather read about soap opera stuff on /.
        

Myers, Marvin wrote:

As being one who was rightfully chastised by Kurt recently, I do believe
that this could indeed have some relevance to the FD list. If by this
mans actions, his past work could at all be suspect, then this is the
proper venue to post it. If someone of his caliber, someone who should
know the repercussions of any action taken using a computer as a tool,
is used as an expert during trial, or their technical writings used as
such, can we not realistically look at all of his past work as being
suspect. If indeed he is a pedophile, he may have overlooked other
pedophile activity in the course of his job. While I would never accuse
someone whom I do not have personal proof of illegal activity, and after
all he is innocent until proven guilty, I can understand why someone may
want to analyze and or scrutinize his past work.

Just my 2cents worth.

-----Original Message-----

From: Kurt Seifried [mailto:listuser () seifried org]Sent: Monday, August 25, 2003 6:29 PM

To: badpack3t () security-protocols com; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] CERT Employee Gets Owned

Please read the list charter and stop posting junk like this. Do we know
post stories about any criminal charges brought against anyone in the
security industry? Should we also cover parking tickets?

Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

CERT Employee Gets Owned badpack3t (Aug 25)
- Re: CERT Employee Gets Owned Kurt Seifried (Aug 25)
  - RE: CERT Employee Gets Owned gml (Aug 25)
    - Re: CERT Employee Gets Owned - OFFTOPIC Kurt Seifried (Aug 25)
    - Re: CERT Employee Gets Owned - ONTOPIC badpack3t (Aug 25)
    - Re: CERT Employee Gets Owned - ONTOPIC Ron DuFresne (Aug 25)
    - Re: CERT Employee Gets Owned - OFFTOPIC Jeremiah Cornelius (Aug 25)
    - Re: CERT Employee Gets Owned Peter van den Heuvel (Aug 26)
- <Possible follow-ups>
- RE: CERT Employee Gets Owned Myers, Marvin (Aug 26)
  - Re: CERT Employee Gets Owned henry j. mason (Aug 26)
    - RE: CERT Employee Gets Owned Nelson (Aug 26)
    - Re: CERT Employee Gets Owned Elvedin (Aug 26)
    - Re: CERT Employee Gets Owned Shanphen Dawa (Aug 26)
    - RE: CERT Employee Gets Owned Timo Sirainen (Aug 26)
    - RE: CERT Employee Gets Owned Justin Shin (Aug 26)
    - RE: CERT Employee Gets Something! ( Explective Deleted ) Aditya (Aug 27)
  - Re: CERT Employee Gets Owned Peter van den Heuvel (Aug 26)
- RE: CERT Employee Gets Owned Schmehl, Paul L (Aug 26)
- RE: CERT Employee Gets Owned Myers, Marvin (Aug 26)
- RE: CERT Employee Gets Owned Brad Bemis (Aug 26)

(Thread continues...)