RE: Cryptome Hacked!

["Sung J. Choe" <schoe () oicinc com>]

> Third, the best method of ensuring the integrity of software right now
> is signed crypographic checksums from someone you trust.
What would you use to generate that checksum?  Can you trust the software
used to generate the checksum?  How can you trust that software?  Please
do not give some simple-minded answer like "cryptographic checksums" since
that does not answer my specific question.  As for your other comments,
refer
to my reply to the original post.


.--------------------------------------------------.
| Sung J. Choe <schoe[at]oicinc.com>, TICSA        |
| Systems Administrator, Facility Security Officer |
.--------------------------------------------------.----.
                    | Oceanic Imaging Consultants, Inc. |
                    | Phone #: (808) 539-3634 x3634     |
                    .-----------------------------------.

568D CAD6 53A0 92E6 4A2A  4E87 3BA0 5F90 37BB 8EE7

> -----Original Message-----
> From: batz [mailto:batsy () vapour net]
> Sent: Wednesday, February 26, 2003 2:30 PM
> To: Sung J. Choe
> Cc: 'full-disclosure () lists netsys com'
> Subject: Re: [Full-disclosure] Cryptome Hacked!
>
>
> On Wed, 26 Feb 2003, Sung J. Choe wrote:
>
> :Cryptome.org, a site for privacy enthusiasts and leftists alike, was
> :apparently hacked today.  Their server is up but "all files 
> were deleted".
> :Besides the usual anti-American/anti-government vitriol that 
> is usually
> :found at Cryptome.org, they also distribute crypto software. 
>  This brings up
> :the following question: What is the best method for ensuring 
> the integrity
> :of software which require a high level of trust?  I am 
> almost sure that any
> :crypto software distributed by such extremists as John Young 
> (operator of
> :cryptome.org) has been tampered with in some way.  Does 
> anybody else share
> :this opinion? 
>
>
> First, I should state that the paradox of following up flamebait with 
> a message calling it flamebait is not lost on me. 
>
> Second, It is not accurate or useful to call people who 
> contribute to cryptome anti-American, though anti-Stupid-American
> might not be far from the truth. 
>
> Third, the best method of ensuring the integrity of software right now
> is signed crypographic checksums from someone you trust. While we're
> on the topic of stupid, how did you find out about this list without
> considering this? 
>
> Fourth, I hope for your sake that you come to appreciate the irony of 
> making shrill and frothing accusations of extremism in public forums. 
>
> That's a shame about cryptome, but who would have the motive? 
> The NSA? Aliens? Geographers? Maybe Hallmark has a sympathy 
> card we can send to people who get 0wned. 
>
> Get well soon cryptome! 
>
>
> -- 
> batz

Attachment: schoe.vcf
Description: