Full Disclosure mailing list archives
Re: If internet goes down out of hours, we're screwed
From: "worried security" <worriedsecurity () googlemail com>
Date: Wed, 10 Oct 2007 19:29:03 +0100
Yahoo have have points of contact in their own yahoo chat community for years for the underground to contact yahoo security team off the record about vulnerabilities and intelligence about hackers, so all i was saying it would be nice if that was more wide spread with "other" vendors, and the government. dialog is what its all about, the government should stop the sneaking around gathering intelligence on people with devious undercover work when its not always needed to be as cunning. lots of people would welcome the government having representatives on the irc channels, because i talk from experience, if it worked on yahoo chat community, then there is no reason why hackers wouldn't volenteer intelligence to known nicknames belonging to the intelligence services or whoever is responsible for collecting information on the cyber security scene. and i know it would work because it worked on yahoo. if yahoo get a tip off, they will in some circumstances approach the username involved in hacking via yahoo instant messenger or yahoo chat and ask them about their behaviour, or the hack they've been handing out to script kids, and you would expect a rude response like "i'm not talking to a yahoo admin", but thats not what generally happens, what happens is these hackers are actually flattered they've been contacted via a real time communication, and are happy to help out with letting yahoo understand the hack in full. even the most anti social of folks i've seen on the yahoo scene have reacted in a friendly manner when approached by employees going into the hacker communities and asking for further information on hacks. its something i was impressed with and would like the government to take that approach in the wild wild irc channels than using undercover work to befriend when in reality, if the government just approached the folks and admitted they are there to find out information about a hack or individuals, they would find folks would be more than willing to share intelligence with them. cert, dhs, nsa whoever, get into these irc communities, admit who you are, where you work, and why you're there and you'll be surpised how friendly everyone is with you. not always needed is the sophisticated data mining software and devious undercover work. what i'm saying isn't just a fly idea, its actually what yahoo has been doing for a while. yahoo won't officially confirm this, but they do do what i said to get information when contacting an individual via e-mail isn't an option. they go into communities and announce who they are and why they are there and get lots of information passed to them with the frank honest approach than doing sneaky undercover work. its about time the authorities took a leaf out of yahoo's book when conducting their cyber security operations on collecting information thats needed for the mission critical. yes, "mission critical" is my favorite buzzword right now... and there are easy ways for the representative to validate they are cert, dhs, nsa whoever, and not just someone pretending. On 10/10/07, Dude VanWinkle <dudevanwinkle () gmail com > wrote:
I didn't read that book you sent in response to an offhanded remark, but I am impressed you learned about paragraphs! Now, lets focus on capital letters. -JP<who doesn't want to strain netdev with punctuation just yet, not to mention logic and brevity>
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- If internet goes down out of hours, we're screwed worried security (Oct 08)
- Re: If internet goes down out of hours, we're screwed Valdis . Kletnieks (Oct 08)
- Re: If internet goes down out of hours, we're screwed Steven Adair (Oct 08)
- Re: If internet goes down out of hours, we're screwed worried security (Oct 09)
- Re: If internet goes down out of hours, we're screwed Dude VanWinkle (Oct 09)
- Re: If internet goes down out of hours, we're screwed worried security (Oct 10)
- Re: If internet goes down out of hours, we're screwed Steven Adair (Oct 08)
- Re: If internet goes down out of hours, we're screwed Valdis . Kletnieks (Oct 08)