Full Disclosure mailing list archives
Re: sans handler gives out n3td3v e-mail to public
From: n3td3v <xploitable () gmail com>
Date: Fri, 21 Mar 2008 15:45:46 +0000
On Fri, Mar 21, 2008 at 3:18 PM, Kern <timetrap () gmail com> wrote:
Well . . . worried DOES have a good point . . . I think SANS dropped the ball on that, BUT I don't know if this is going to be a "media event". I have had a little dealing with various handlers (the few I have talked to seemed nice enough). But this is common; an employee using a written policy to basically do something unethical. The "spirit" of the notice is to protect the identity of the submitter, the "letter" is regarding the use of the submission form. SANS has based its value on intelligence gathering. They unify an unwieldy field of study (Internet, and computer security). By trying to undermine SANS on IRC, worried created a hostile environment to resolve a perfectly legitimate problem. You have to use logic, not flame bait.
Its not just about the one line at http://isc.sans.org/contact.html that says "All submissions are kept confidential. Your submission will reach all ISC handlers. Your e-mail address will only be used to reply to your submission." There is a whole privacy document that's supposed to protect me at http://www.sans.org/privacy.php "This privacy statement applies to information collected by web addresses in the sans.org, sans.edu, giac.org, and other domains owned and operated by SANS, GIAC, and the Escal Institute, hereafter referred to collectively as SANS." His argument that I should have used the form when handlers () sans org is at the bottom of the http://isc.sans.org "(c) 2000-2008 The SANS™ Institute SANS Web Privacy Policy: www.sans.org/privacy.php - Web Contact: handlers () sans org report bugs please include debug info (opens new window) Policy On SANS Trademark Usage" I didn't bypass anything, the e-mail address I used is at the bottom of their internet storm center, so what he said was complete bullshit. My e-mails sent straight to handlers () sans org is still supposed to be covered by http://www.sans.org/privacy.php I will never send intelligence to them again, and I hope this goes out as a warning to any other underground folks that they don't take their privacy document seriously. How can they run a successful intelligence operation at sans if their informants can't trust them to respect their privacy? All the best with your intelligence operations sans, hope you are giving away more e-mails on irc soon!!! You have just fucked with a major player in the underground with the biggest google group around of over 4164 members and counting. The person in question who done this made fun of the wrong person, I don't take privacy violations likely. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- sans handler gives out n3td3v e-mail to public n3td3v (Mar 21)
- Re: sans handler gives out n3td3v e-mail to public Paul Schmehl (Mar 21)
- Re: sans handler gives out n3td3v e-mail to public Kurt Dillard (Mar 21)
- Message not available
- Re: sans handler gives out n3td3v e-mail to public Kern (Mar 21)
- Re: sans handler gives out n3td3v e-mail to public n3td3v (Mar 21)
- Re: sans handler gives out n3td3v e-mail to public scott (Mar 21)
- Re: sans handler gives out n3td3v e-mail to public Paul Schmehl (Mar 21)
- <Possible follow-ups>
- Re: sans handler gives out n3td3v e-mail to public atlas (Mar 22)
- Re: sans handler gives out n3td3v e-mail to public n3td3v (Mar 22)
- Re: sans handler gives out n3td3v e-mail to public taneja . security (Mar 23)
- Re: sans handler gives out n3td3v e-mail to public n3td3v (Mar 29)
- Re: sans handler gives out n3td3v e-mail to public Ureleet (Mar 29)
- Re: sans handler gives out n3td3v e-mail to public Valdis . Kletnieks (Mar 30)
- Re: sans handler gives out n3td3v e-mail to public Jason (Mar 31)
- Re: sans handler gives out n3td3v e-mail to public n3td3v (Mar 22)