Full Disclosure mailing list archives
Re: Security Researcher Not Particularly Humiliated
From: <neal.krawetz () mac hush com>
Date: Sun, 08 Apr 2007 18:51:20 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HAHA! I KNEW IT! .... and I am only attracted to women, thank you very much. Let's leave the dog fucking to you and your kind. No need to make this a personal flamewar. - - neal On Sun, 08 Apr 2007 18:31:44 -0500 George Ou <george_ou () lanarchitect net> wrote:
Neal, go find yourself a dog for a date. Wait, I feel sorry for the dog, never mind. Where do we find these retards like Neal on this board. -----Original Message----- From: neal.krawetz () mac hush com [mailto:neal.krawetz () mac hush com] Sent: Sunday, April 08, 2007 4:27 PM To: raven () oneeyedcrow net; full-disclosure () lists grok org uk; george_ou () lanarchitect net Subject: Re: [Full-disclosure] Security Researcher Not Particularly Humiliated -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aren't you the guy that is dating Kevin Mitnick? - - neal On Sun, 08 Apr 2007 11:07:14 -0500 George Ou <george_ou () lanarchitect net> wrote:Yeah that's a stupid accusation against you Raven. He was suggesting somehow that if you get your machine owned then you can't be protecting other people's computers or something and that was really retarded. Yes he WAS a troll. As for Apple going to the press to humiliate you, that's very typical of their PR operation. After the SecureWorks incident and after I spoke with their PR, I know them all too well. But even I'm shocked that they would bring your boyfriend in to this. Thanks for taking the tough questions from the audience. Don't mind this jerk and don't mind Apple. You have nothing to be ashamed of. Keep up the good work. George Ou -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Raven Alder Sent: Sunday, April 08, 2007 2:00 AM To: full-disclosure () lists grok org uk Subject: [Full-disclosure] Security Researcher Not Particularly Humiliated Hiya --Security conference staff needs to do a better job of screening their audiences to prevent this sort of harassment during presentations. I must admit that I am afraid to present atfutureconferences if there is the possibility of being humiliatedlikethis during my talks.As the researcher in question, I didn't feel particularly humiliated. Sure, I thought the guy was a troll, but I figured that he was just being a jerk to me because he had some chip on his shoulder and couldn't find anything to complain about in my talk. But really, his big tac-nuke against me was that there was some undisclosed buginApple's code? That's hardly my fault. I don't write their OS, and the thing was fully patched, firewalled, hardened, and still got popped. Shit happens. I didn't go public with it because I wanted a smoking gun first. Security is very much a "show me" industry, and I didn't want to make claims that I couldn't substantiate. I did approach Apple, and they pretty much blew me off. I sent them a detailed event report, offered up my system for forensic analysis, and offered to help in anywayI could. They went to the press, gave a reporter my name (I hadnotgone to the press), and dished some crap about how I let my boyfriend use my computer and he probably did something to disable my firewall and cause it to auto-own itself or something. Dude. My boyfriend does not have admin permissions on my machine, for starters. Way to help, Apple. After realizing that Apple were not my friends and were more interested in their PR spin than they were in finding and fixing the problem, I stopped talking to them. I had several OS X geekshavea look at the system, and none of them were able to find anything more conclusive than I did. Forensics geeks, same thing. So, Idumpedthe filesystem for posterity, vowed that no OS X box was going on a hostile network again, and reformatted the thing. Sorry, folks, but I'm not going to share my filesystem dump with people that I do not already know and trust. Don't even ask. Not even if you're Apple. You leak my name to the press when I'm trying to help you find your flaw, you get no more help from me. All of this is pretty irrelevant to the talk I gave. Still, I don't feel that audience screening is the way to solve theproblem-- I don't want to quash honest questions and interest in the projects I'm working on, and I think any screening that wouldn't be trivially defeated by lying-fu would be draconian enough to be detrimental to free and open discourse. There are always going to be trolls. Ithinkthe audience and convention response was about as good as it could have been -- the troll got told off by several people, two of them with the mike, but it was pretty clear that most people were more interested in the technical content of the talk than they were in his effort to get my goat. The conference organizers offered sympathy, and that was kind of them; I believe the guy got pitched out of the con for going ontoharass a few other folks too. Charming gent. So, really, I don't think I have anything to be ashamed of, and I certainly don't feel humiliated. I can see why getting ad hominem questions might make getting up on stage more intimidating for future speakers, but I don't intend to let that shut me up. [grin] Cheers, Raven -- @ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkYZegEACgkQDpFP8dW5K4Y54QP+J0hS8Cfp+doUz2tZ6kzOtQl3KXE 4 dUm+CRPAXimtXS8v6qcXbeQWoHDh/yk6XKbIiiRCQ2ECd40n+59yIRZuA1IjSOluNcB S Zicq/9Ea9Yo0nO4Ujn3RqniSz9aOgNoXeWSXjfIkRQQ/pSvTDPOoZomIscBVg9WBb0a l Y6ee0oA= =/QfY -----END PGP SIGNATURE----- -- Click for home mortgage, fast & free, no lender fee, approval today http://tagline.hushmail.com/fc/CAaCXv1QbtbEtbvrbbAMfC9ZTw5neO18/
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkYZf5oACgkQDpFP8dW5K4batwP/Q+c7M2nFtM1ufi4BWf9vbhwSUAf3 N0XsLXGxfEtCmgMRQ1LKr3B7mEp7dr8GL5DTSk8v7o1cd96oxONtJP9gwSa3XfsD10vc UatQdhwc7m6nPsrBkWX2R91tnv0NvFzt9AM2P0gmY+DdkEw7ExRJ9I9SMNHg52pALtgP 07prcO4= =ZFYz -----END PGP SIGNATURE----- -- Click to get 125% of your home's value, super fast, no lender fees http://tagline.hushmail.com/fc/CAaCXv1QaKz7D5HBvDGc3BXAU36vaKaE/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Security Researcher Not Particularly Humiliated neal.krawetz (Apr 08)
- Re: Security Researcher Not Particularly Humiliated George Ou (Apr 08)
- <Possible follow-ups>
- Re: Security Researcher Not Particularly Humiliated neal.krawetz (Apr 08)
- Re: Security Researcher Not Particularly Humiliated George Ou (Apr 08)