Full Disclosure mailing list archives
Re: CERT Employee Gets Owned
From: "henry j. mason" <hmason () dbsinet com>
Date: Tue, 26 Aug 2003 09:05:51 -0400
i was going to reply off the list, to cut down the nonsense, but i'm going to address the issue of morality and it's relevance to computer security, and then i'm going to shut up. and, for the record, i think the original post *was* OT. pedophilia has NOTHING to do with security. it's a morality issue... what if the person accused was guilty of fraud, extortion, or tax evasion? we don't know if he was, but would that put his past work under suspicion? possibly. the fact is, it's almost impossible to know if someone is going to act in the best interests of others, which is what is necessary for good computer security. in this case we have a computer security professional whose responsibilites lay mostly in communication with the industry, accused of attempting to satisfy an apparent perversion - in a case that has very strong overtones of entrapment. i think the only thing that relates to computer security here is the issue of trust. the JAP people broke the trust of their user community by maintaining the appearance of complete security when in fact that security had been compromised. the CERT employee in question damaged the trust of his employer (and apparently those in the security community who are more concerned about his sexual preferences than his privacy) by *attempting* to engage in a morally questionable act. trust is VERY important to computer security. who can you trust? the goverment? the police? the people on this mailing list? trust is a complicated thing. i have a commitment to my clients that requires me to act in their best interests and keep their data secure. does this mean that my personal life is squeaky clean? i don't think so. but i have a moral obligation to ensure the safety and security of my clients, and i don't confuse that with the morality of my personal life. am i a good person? i'd like to think so, although any hardcore right-wing christian would be terrified of my ideals. the real question is: am i a good administrator? henry also: i'd *really* rather read about soap opera stuff on /. Myers, Marvin wrote:
As being one who was rightfully chastised by Kurt recently, I do believe that this could indeed have some relevance to the FD list. If by this mans actions, his past work could at all be suspect, then this is the proper venue to post it. If someone of his caliber, someone who should know the repercussions of any action taken using a computer as a tool, is used as an expert during trial, or their technical writings used as such, can we not realistically look at all of his past work as being suspect. If indeed he is a pedophile, he may have overlooked other pedophile activity in the course of his job. While I would never accuse someone whom I do not have personal proof of illegal activity, and after all he is innocent until proven guilty, I can understand why someone may want to analyze and or scrutinize his past work.Just my 2cents worth.-----Original Message-----From: Kurt Seifried [mailto:listuser () seifried org] Sent: Monday, August 25, 2003 6:29 PMTo: badpack3t () security-protocols com; full-disclosure () lists netsys com Subject: Re: [Full-disclosure] CERT Employee Gets Owned Please read the list charter and stop posting junk like this. Do we know post stories about any criminal charges brought against anyone in the security industry? Should we also cover parking tickets? Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- CERT Employee Gets Owned badpack3t (Aug 25)
- Re: CERT Employee Gets Owned Kurt Seifried (Aug 25)
- RE: CERT Employee Gets Owned gml (Aug 25)
- Re: CERT Employee Gets Owned - OFFTOPIC Kurt Seifried (Aug 25)
- Re: CERT Employee Gets Owned - ONTOPIC badpack3t (Aug 25)
- Re: CERT Employee Gets Owned - ONTOPIC Ron DuFresne (Aug 25)
- Re: CERT Employee Gets Owned - OFFTOPIC Jeremiah Cornelius (Aug 25)
- RE: CERT Employee Gets Owned gml (Aug 25)
- Re: CERT Employee Gets Owned Peter van den Heuvel (Aug 26)
- Re: CERT Employee Gets Owned Kurt Seifried (Aug 25)
- <Possible follow-ups>
- RE: CERT Employee Gets Owned Myers, Marvin (Aug 26)
- Re: CERT Employee Gets Owned henry j. mason (Aug 26)
- RE: CERT Employee Gets Owned Nelson (Aug 26)
- Re: CERT Employee Gets Owned Elvedin (Aug 26)
- Re: CERT Employee Gets Owned Shanphen Dawa (Aug 26)
- RE: CERT Employee Gets Owned Timo Sirainen (Aug 26)
- RE: CERT Employee Gets Owned Justin Shin (Aug 26)
- Re: CERT Employee Gets Owned henry j. mason (Aug 26)
- RE: CERT Employee Gets Something! ( Explective Deleted ) Aditya (Aug 27)