Full Disclosure mailing list archives
sans handler gives out n3td3v e-mail to public
From: n3td3v <xploitable () gmail com>
Date: Fri, 21 Mar 2008 12:00:07 +0000
[15:49] * Now talking in ##security [15:55] <worried> someone wants my attention [15:55] <njan> worried, best way to make them go away: Don't give it to them. [15:56] <worried> njan, query me their IP address [15:57] <njan> worried, sorry, we don't hand out that sort of information. [15:57] <sfirefinch> you fail [15:58] <worried> where there is a will there is a way [15:58] <worried> i don't need your help ;) [15:58] <sfirefinch> heh, good luck [15:58] <worried> sfire, thanks [15:59] <worried> ex gov employee [15:59] <sfirefinch> oh yeah? [16:00] <worried> did you fall or did you get pushed? [16:01] <lunaphyte_> just because you're paranoid doesn't mean they're not out to get you. [16:01] <sfirefinch> and just because you are paranoid doesn't mean someone is listening to you [16:01] <lunaphyte_> right. [16:01] <worried> thats good [16:02] <worried> how is sans institute coming along? [16:02] <sfirefinch> quite well i am sure. [16:03] * naxx|nothere is now known as naxxatoe [16:03] <worried> i'm sure [16:03] <worried> you didn't know much about iframe attacks for about a whole weekend [16:04] <worried> it was funny [16:04] <sfirefinch> no. [16:04] <sfirefinch> we didn't publish anything [16:04] <sfirefinch> there is a difference [16:04] <worried> you were crying out for info from random members of the public to e-mail you [16:04] <worried> and you thought there were two iframe attacks [16:04] <sfirefinch> doesn't mean we didn't know, we wanted more info [16:05] <iamnowonmai> http://www.linuxworld.com/news/2008/031908-red-hat-open-sources-security.html [16:08] <worried> as i said in e-mail, you exposed a break/weakness in your intelligence gathering chain. [16:09] * riotz is now known as riotz_ [16:09] <sfirefinch> and that is? [16:09] <worried> you don't have strong links with non-professional circuit [16:10] <sfirefinch> oh, how you are so colorfully wrong. [16:10] <worried> to know whats going on, when you need to know, when the pro scene dont come up with answers [16:10] * riotz_ is now known as riotz [16:11] <worried> when your rely on shirt and tie to e-mail you info 100% of the time then you're going toe ventually trip up and thats what the iframe weekend showed folks like me [16:11] <sfirefinch> well, the folks like you are more wrong then you reali= ze. [16:11] <sfirefinch> the beauty part about it is, you will never know. [16:12] <worried> i know you didn't have intelligence on the iframe weekend, so i know what type of sources you have [16:13] <worried> you needed underground links for that, and you obviously didn't have any [16:13] <sfirefinch> please read my previous statement where I say "you are wrong" in more ways than one? [16:13] <sfirefinch> you ASSUME we didn't know anything [16:13] <worried> good folks know the ppl behind the attack and would be in their hideout. [16:13] <sfirefinch> and are therefore wrong [16:14] <worried> nevermind [16:14] <worried> i dont want to continue this [16:15] <worried> let's move on [16:15] <sfirefinch> good, because you were going in an endless loop. [16:15] <worried> your blog just exposed more than it should of that you probably didn't realise you were giving away [16:15] <rexy__> where was the writeup about iframe posted on sans ? [16:16] <worried> the smallest of indications gives away clues to the enemy [16:16] <sfirefinch> we were quite aware, thank you. [16:17] <worried> you guys are all sitting on gmail addresses [16:17] <rexy__> because i cant seem to find it [16:17] <sfirefinch> you guys? [16:17] <worried> contact.html [16:18] <sfirefinch> that's the submission page [16:18] <worried> are you willing to give your real name [16:19] <sfirefinch> you should know it [16:19] <echelon_> why is there a security conference in spain? what've they contributed? [16:19] <sfirefinch> lol [16:20] <worried> echelon: its a few tents in the middle of a field with wireless a campfire and beer [16:20] <worried> i spoke to the guy already [16:20] <echelon_> france would be a better location [16:21] <worried> he is looking for english speaking people to talk about security, cos its all spanish so far [16:22] <worried> i'm not an enemy of sans im just an ethical enemy [16:22] <worried> dont worry [16:22] <rexy__> http://isc.sans.org/diary.html?storyid=4144&rss is that the one you were talking about sfirefinch ? [16:23] * naxxatoe is now known as naxx|nothere [16:23] <worried> its not obvious to me how to fix the problem!!lolol [16:23] <sfirefinch> rexy__: i think it would be more accurate to ask if that's the one that worried was talking about. [16:23] <worried> its a simple input valdiation flaw [16:24] <rexy__> sfirefinch: probably :P [16:24] <worried> they exploited [16:24] <worried> which i e-mailed them to tell them [16:24] <worried> lol [16:24] <echelon_> what do you guys think of tunneling through a nat-traversed connection? [16:25] <sfirefinch> "its times like this that proves one thing to me that you dicks dont [16:25] <sfirefinch> have good intelligence links with the underground, you're too busy [16:25] <sfirefinch> show boating with your depaertment of homeland security and cia type [16:25] <sfirefinch> boffins, that you haven't got good underground contacts, which prove [16:25] <sfirefinch> invaluable at times like these when the professional scene has no idea [16:25] <sfirefinch> what's going on." [16:25] <worried> they rely on http based intelligence at sans [16:25] <sfirefinch> yeah, real polite. [16:26] <rexy__> so what writeuup were you reffering to worried [16:26] <worried> do you jsut know you broke your privacy agreement and i'm lodging a complaint right now [16:26] <worried> im serious [16:27] <worried> want to give out any other info while you're breaking your privacy agreement? [16:27] <worried> this is going on FD dude [16:27] <worried> and i hope you get taken off the sans handlers [16:27] <sfirefinch> you say you are not an enemy [16:27] <sfirefinch> yet you shout publically [16:27] <njan> worried, I did warn you before that if you started publishing things from ##security to FD or elsewhere, that you'd be removed from the channel. [16:27] <sfirefinch> you call names and are rude [16:28] <sfirefinch> not a good way to get respect nor to get people to listen [16:28] <sfirefinch> I think what you did was selfish and rude [16:28] <sfirefinch> I don't respect that [16:28] <sfirefinch> n3td3v, I am sure you have something to contribute to the community [16:28] <sfirefinch> and Id like you to do so [16:28] <sfirefinch> however, at this point all you are doing is making people made and not trust you [16:28] <worried> you jsut pasted a private e-mail to the world wide web [16:29] <morning_wood> kill it! [16:29] <sfirefinch> no, i posted an email to irc [16:29] <sfirefinch> and i only posted a part of it [16:29] <sfirefinch> and not even the worst part [16:29] <sfirefinch> the privacy agreement applies if you agree to it [16:29] <sfirefinch> which you never have [16:29] * morning_wood throws the towles used to clean up TubGirl at Worried [16:30] <sfirefinch> worried: seriously dude, do you want me to help you? I will. [16:30] <sfirefinch> I'm through trying to degrade you, i'll help you and be nice [16:30] <sfirefinch> but you have to be nice to the community in return [16:30] <njan> sfirefinch++ [16:30] <sfirefinch> and you have years of doing the exact opposite. [16:31] <sfirefinch> I am SERIOUSLY laying down the olive branch [16:31] <worried> "Note: All information submitted via this form will be sent to all ISC handlers. The information will be kept confidential within this group. We will only publish your information with your consent. " [16:31] <sfirefinch> yes, SUBMITTED THIS FORM [16:31] <sfirefinch> you don't submit via the form [16:31] <sfirefinch> you bypass everything you are SUPPOSED TO DO [16:31] <sfirefinch> and email us directly [16:31] <sfirefinch> therefore you violate the agreement [16:32] <sfirefinch> again [16:32] <sfirefinch> olive branch [16:32] <sfirefinch> http://en.wikipedia.org/wiki/Olive_branch [16:32] <rexy__> thanx i was just about to look that up [16:32] <sfirefinch> In Western culture, the olive branch, apart from its literal meaning as a branch of an olive tree, symbolizes peace or goodwill [16:33] <sfirefinch> I'll be nice to you, if are nice to us [16:33] <worried> you mean you dont want me tell people what you've jsut done [16:33] <sfirefinch> it's that simple. [16:33] <samson--> worried: someone posted another security conference on full-disclosure, you should warn them that the fedz are gonna raid it [16:33] <sfirefinch> if I was scared that you were going to tell people what I've just done, i would have said that [16:33] <sfirefinch> i'm pretty black and white dude. [16:34] <sfirefinch> want me to help you? I will. [16:34] <sfirefinch> want people to take you seriously, I will. [16:34] <sfirefinch> but you have to be nice in return [16:34] <sfirefinch> and you don't do that [16:34] <sfirefinch> for years. [16:34] <rexy__> never knew worried was famous [16:35] <samson--> sfirefinch: it is impossible to take him seriously, all he does is lays down FUD after FUD [16:35] <samson--> it helps noone [16:35] <samson--> it doesnt even spread awareness properly [16:35] <sfirefinch> okay, well at least me [16:35] <sfirefinch> rexy__: worried = n3td3v [16:36] <rexy__> familiar nick, not ringing bells [16:36] <sfirefinch> he has a group on google groups and posts to FD all the time [16:37] <sfirefinch> currently he's off writing an email to FD about how sans sucks. [16:37] <rexy__> ah [16:37] <morning_wood> like ppl care lol [16:37] <rexy__> postings any good? [16:37] <sfirefinch> and how i clearly violated the privacy agreement that he does not adhere to. [16:37] <rexy__> n3td3v (leetspeak for net-dev) is a person or persons who has had a history of posting some fairly obnoxious stuff on Full Disclosure [16:37] <sfirefinch> rexy__: depends on your perspective [16:38] <sfirefinch> is there merit in what he says? sometimes yes [16:38] <sfirefinch> but the way he says it is so rude and brash it's not well received or respected. [16:38] <samson--> sfirefinch: the group he has consists of one person, which he has publicly admitted [16:38] <sfirefinch> I think he has some descent things to say sometimes, he shoots for the moon [16:39] <sfirefinch> samson--: well, it has a bunch of members, lets say that. [16:39] <iamnowonmai> hey morning_wood long time no see. [16:39] <morning_wood> hey0 [16:40] <sfirefinch> he has some unfounded paranoia [16:40] <samson--> only "some"? [16:40] <sfirefinch> no, some of what he says is correct. [16:40] <sfirefinch> he just says it so wildly and rudely that no one listens. [16:41] <samson--> the kid is borderline paranoid schizophrenia [16:41] <sfirefinch> well i am not making a medical diagnosis [16:42] <samson--> i'm not a doctor either, but i did stay at a holiday inn express last night [16:43] <sfirefinch> heh [16:43] <iamnowonmai> sfirefinch++ for being the peacemaker. [16:44] <sfirefinch> i'm tryig to do the right thing [16:44] <sChaaa> hola [16:45] <worried> say sorry for pasting a message sent to handlers () sans org [16:45] <sfirefinch> okay, i apologize for pasting a message. Now, you say you are sorry for being rude. [16:46] <worried> rude about what? there are so many things [16:46] <sfirefinch> just the general statement [16:47] <worried> you statement you pasted? [16:47] <sfirefinch> you are just rude in general, and i ask you to be nicer and apologize for it [16:48] <worried> its true that you showboat about your cia and dhs contacts. [16:48] <sfirefinch> um, no. [16:48] <worried> and help the cia push out disinformation about power cuts carried out by hackers [16:48] <sfirefinch> that's not what i asked you to say [16:48] <worried> via the sans con [16:49] <sfirefinch> i had nothing to do with it, and again, not what i asked you to say [16:49] <morning_wood> oh phear [16:50] * naxx|nothere is now known as naxxatoe [16:53] <worried> i'm sorry for calling you dicks, thats the only part i can say sorry for. [16:54] <worried> a private e-mail shouldn't be disucssed in this fashion via a public channel of communication [16:54] <worried> this is highly unacceptable on any level of thinking [16:54] <morning_wood> you could apoligize for being a total idiot [16:55] <sfirefinch> worried: okay, fair enough, i apologized for it already. But why do you post IRC conversations to the web? [16:55] <sfirefinch> err [16:55] <sfirefinch> email [16:55] <worried> an irc conversation is already on the web [16:55] <njan> effectively to the web, given how much FD is archived. [16:55] <njan> worried, not here, it isn't. [16:55] <morning_wood> last one he posted on FD was him talking to himself [16:56] <njan> worried, this channel explicitly doesn't log publicly, and freenode explicitly bans people doing that without channel consent. [16:56] <morning_wood> then he follows it up with a post from "n3td3v" lol [16:56] <njan> worried, anyone who logs this channel to the web does so in the knowledge they're breaking the channel and network guidelines, and they can be banned or klined for it. [16:56] <morning_wood> responding to his own troll food [16:56] <sfirefinch> and neither one has an expectation of privacy [16:56] <sfirefinch> i am just asking a question [16:57] <worried> njan, are you saying thats what you're going to do? [16:58] <njan> worried, I've told you in the past if you log the channel to the web, you'll be removed from the channel at the very least. [16:58] * morning_wood ant figure out why he hasnt been klined yet... [16:58] <njan> worried, and for persistent offences in instances where people know they're not supposed to publicly log without channel consent, freenode can and does intervene where appropriate. [16:58] <sfirefinch> i am going to go eat pizza [16:58] <njan> worried, http://blog.freenode.net/?p=62 <= for instance. [16:59] <worried> my google group isn't public [16:59] <morning_wood> who gives a fuck [17:00] <sfirefinch> it is if you can sign up for it for free. [17:00] <iamnowonmai> sfirefinch: mushroom pizza++ [17:00] <sfirefinch> i am suprised you aren't more paranoid about google [17:01] <worried> im not paranoid [17:02] <njan> worried, for the purposes of this conversation, yes, it is. [17:02] <samson--> what what what? [17:02] <worried> tell me what i'm paranoid about [17:02] <sfirefinch> the government for one. [17:03] <samson--> RBN caring enough to send someone out to UK to take care of you [17:03] <worried> why would i be paranoid about them [17:03] <Renski_> *cough* russian hackers *cough* [17:03] <njan> worried, CCTV? ;) [17:03] <samson--> if you arent paranoid, you are delusional [17:03] <sfirefinch> i think you give them more credit then they are worth [17:03] * sfirefinch is away for pizza [17:03] <worried> i dont break laws [17:03] <worried> so why would the gov phase me [17:04] <worried> if anything its them who are paranoid if they are tracking me, cos there is nothing to uncover [17:04] <worried> its a waste of their time trying [17:04] <njan> worried, http://en.wikipedia.org/wiki/First_they_came [17:05] <njan> worried, I think that's a pretty powerful response to the notion that anyone who isn't doing anything wrong doesn't have anything to fear from their own government. [17:05] <worried> what would the government do to someone who hasn't broke a law? [17:06] <rexy__> information [17:06] <Renski_> worried: where were you during history? [17:06] <worried> i haven't broke a law and im not a poltical threat to the national interest [17:06] <njan> Who was it that said that the price of freedom was perpetual vigilence? [17:07] <transzorp> eternal vigilence is the usual phrasing [17:07] <njan> Ah.. Jefferson. [17:07] <worried> there is no useful intelligence on my gmail accounts, there is simply copy&pasted public news articles, everything sent from my gmails goes straight to a mailing lsit where it can be read by anyone, so the wiretap would be pointless [17:07] <transzorp> yup [17:08] <njan> or Wendell Phillips, according to wikipedia. hmm. [17:08] <njan> <3 stolen quotes. :) [17:08] <worried> i dont send e-mail to private ppl [17:08] <iamnowonmai> njan: I would have guessed someone else. [17:08] <transzorp> so since I'm lazy and don't want to read scroll back who's wire taping who? [17:08] <samson--> worried: you just sent an email to sans [17:08] <worried> thats a list, its not a one on one e-mail [17:08] <samson--> with the expectation that it was private [17:08] <worried> no i dodnt think it was private [17:09] <samson--> then what did you pitch a fit for? [17:09] <worried> ethics [17:09] <iamnowonmai> transzorp: worried has hurt feelings about his note to the ISC being partially pasted here. [17:09] <worried> no i dont have hurt feelings [17:09] <worried> i jsut stated the person broke sans policy [17:10] <Renski_> worried: stop whining alreadly [17:10] <Renski_> he said sorry, and you havnt done the same. [17:10] <worried> yes, i wasnt the one who brought it up again [17:11] <worried> i did say sorry [17:11] <worried> i said sorry for calling them dicks [17:11] <transzorp> ok [17:11] <worried> im not discussing a closed e-mail with this channel, its unacceptable that this conversation is even possible [17:12] <iamnowonmai> But you are discussing it. [17:12] <worried> not now [17:12] <worried> no, you brought it up [17:12] <worried> i responded [17:12] <iamnowonmai> That counts - you still are. [17:12] <worried> you brought it up [17:12] <Renski_> worried: the internet is a giant copying machine, get over it. [17:12] <transzorp> so since I don't really care about emails etc. what else is going on? [17:13] <iamnowonmai> transzorp: not much. I'm still trying to glean more information about the Hannaford breach. [17:13] <worried> renski: no its not actually, there are rules and regulations for professionals [17:13] <iamnowonmai> Now they are blaming misconfiguration. [17:13] <worried> im finished discussing this [17:13] <transzorp> iamnowonmai: I haven't heard about the hannaford breach [17:13] <Renski_> worried: really? [17:14] * Renski_ doesnt recall signing anything [17:14] <iamnowonmai> http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1306289,00.html [17:14] <iamnowonmai> disable javascript and you bypass the registration crap [17:15] <iamnowonmai> also here - http://securosis.com/2008/03/18/picking-apart-the-hannaford-breach-what-might-have-happened/ [17:31] <worried> sweet, thats the transcript saved [17:31] * Disconnected ---------- Forwarded message ---------- From: n3td3v <xploitable () gmail com> Date: Thu, Mar 20, 2008 at 5:43 PM Subject: breach in sans policy about to go public To: handlers () sans org one of your sans handlers post one of the e-mails i sent to this e-mail address to a ##security on freenode, this event has just happened. i'm posting the full transcript unedited onto full-disclosure let's see how many media outlets pick this up :) he said because the e-mail was sent to handlers () sans org and not via the form then "All submissions are kept confidential. Your submission will reach all ISC handlers. Your e-mail address will only be used to reply to your submission." doesn't count. we'll see what the public has to say eh? this is a major news event thats about to unfold... the name of the offender will remain undisclosed until i decide if i go public with this or not and what the strategy will be.... the next few hours the transcript will be post to full-disclosure or n3td3v list. maybe both. this is a window of opportunity for dialog if you want to have it to stop the transcript from being made public and for the person to owe up to sans and the other handlers that this incident has just taken place. an e-mail i sent to handlers () sans org was in the last hour post to ##security freenode, which led to the e-mail being publically discussed with all the channel members, much to my embarassment. i dont buy his excuse that because it wasn't sent via the form then the e-mail was allowed to be copy& pasted to a public channel and be discussed publically, the person then told me to apologise for what i sent to sans infront of everyone. it is a big public channel, this is completely unacceptable. ---------- Forwarded message ---------- From: n3td3v <xploitable () gmail com> Date: Thu, Mar 20, 2008 at 8:17 PM Subject: Re: sans handler gives out n3td3v e-mail to public To: Johannes Ullrich <jullrich () euclidian com>, handlers () sans org On Thu, Mar 20, 2008 at 7:08 PM, Johannes Ullrich <jullrich () euclidian com> wrote:
n3td3v: thanks for letting us know. We will deal with this breach internally.
n3td3v please don't make this public, please please.
Please refrain from sending any additional e-mail either regarding this incident or additional incidents to handlers () sans org or other aliases used by this group or its individuals.
we're begging you, please!!!
Thanks.
its too late for thanks, prepare for a PR crisis. [10:28] <PhilKC> Hi. [10:31] <worried> hi [10:32] <PhilKC> Hiya, fancy filling me in on all the details of your issue? :) [10:32] <worried> a sans.org handler post an e-mail i sent to handlers () sans org to ##security [10:33] <worried> this goes against their privacy agreement [10:33] <worried> and the handler made fun of me and made me say sorry about the e-mail [10:33] <worried> which should never of been copy&pasted to the channel [10:33] <worried> and then i said i want to post the channel log to a mailing list and njan said he would k-line me if i did [10:34] <PhilKC> Ah [10:35] <worried> njan says he will ban me from security channel and k-line me if i post proof of the sans violation to a public mailing list [10:35] <worried> this is unfair [10:35] <worried> my rights to privacy were violated and i was made fun of in a public freenode channel [10:35] <PhilKC> Every channel has its own rules on public logging (Wikipedia for example prohibits all public logging), breaking these rules can result in you being banned from the channel/project, but, from what you have told me, I don't see why a kline would be applied. [10:36] <PhilKC> (njan is a channel op on ##security and as such can enforce said rules about logging) [10:36] <worried> so tell njan that, so i can proceed to press send on this e-mail [10:36] <worried> njan is just being a dick to protect his friend [10:37] <worried> he is trying to stop me posting to a mailing list through a technicality [10:37] <worried> of a freenode rule [10:37] <PhilKC> There's nothing to stop you sending the email, *but* if it breaches the channel policy on public logging then you may be banned from that channel. [10:37] <worried> njan says k-line too [10:38] <worried> he is trying his best to scare me [10:39] <PhilKC> Hows about, before you send the mail, I have a chat with njan and we'll see if we can sort this out? [10:39] <worried> deal [10:39] <PhilKC> :) [10:39] <worried> are u a senior staff? [10:40] <PhilKC> I'm staff, not senior though. :) [10:40] <PhilKC> Will you be around for a couple of hours whilst I try and summon njan? [10:40] <worried> yes [10:40] <PhilKC> Great, I shall poke you as soon as he's about. :) [10:41] <PhilKC> And, thank you for coming to us to talk about the issue, it is appreciated :) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- sans handler gives out n3td3v e-mail to public n3td3v (Mar 21)
- Re: sans handler gives out n3td3v e-mail to public Paul Schmehl (Mar 21)
- Re: sans handler gives out n3td3v e-mail to public Kurt Dillard (Mar 21)
- Message not available
- Re: sans handler gives out n3td3v e-mail to public Kern (Mar 21)
- Re: sans handler gives out n3td3v e-mail to public n3td3v (Mar 21)
- Re: sans handler gives out n3td3v e-mail to public scott (Mar 21)
- Re: sans handler gives out n3td3v e-mail to public Paul Schmehl (Mar 21)
- <Possible follow-ups>
- Re: sans handler gives out n3td3v e-mail to public atlas (Mar 22)
- Re: sans handler gives out n3td3v e-mail to public n3td3v (Mar 22)
- Re: sans handler gives out n3td3v e-mail to public taneja . security (Mar 23)
- Re: sans handler gives out n3td3v e-mail to public n3td3v (Mar 29)
- Re: sans handler gives out n3td3v e-mail to public n3td3v (Mar 22)