Re: Social flaws / vulnerabilities in 'Last account activity' on Gmail

[n3td3v <xploitable () gmail com>]

On Sun, Sep 21, 2008 at 4:01 AM,  <Valdis.Kletnieks () vt edu> wrote:
> On Sat, 20 Sep 2008 21:47:55 BST, AaRoNg11 said:
>
> > If the job was that sensitive of a job, do you really think they'd be using
> > gmail to send important information?
>
> Remember - n3td3v is in the British Isles, where clusterfuck IT is rampant in
> the government sector.  You know, like "Let's lose the financial details of
> *EVERY SINGLE FRIKKING FAMILY IN THE COUNTRY on an UNENCRYPTED DISK".
>
> Oh, why was the disk unencrypted? Because the policy on how to securely
> transfer the data was deemed so sensitive that it was only accessible to
> upper management - the people *doing* the work didn't have access to the
> policy of how to do it right.

Maybe we can take this over to cyber-politics () lists grok org uk or
whatever name he gives the new mailing list when John Cartwright
finally gets the finger out.

We need a non-technical, unbiased, unmoderated version of
full-disclosure where people can post rants, raves, speeches, ideas,
views, opinons, news items, the dirty on employees, gossip, security
conferences, or other intelligence thats non-technical.

A place where people like n3td3v don't get made to feel bad for
posting their views on whats going on in the security community.

There seems to be a feeling that anyone who is non-technical is
unwelcome on full-disclosure and end up getting written about on
securityfocus by robert lemos and made to feel a bad person. :(

This is unfair, in the bigger scope of things, there just isn't
anywhere to go to post non-technical stuff thats unmoderated.

So instead of being nasty to n3td3v and writing about him on
securityfocus and declaring a hunt for n3td3v, let's just create a new
mailing list where people like me won't get made uncomfortable for
posting.

The bottom line is, there is no non-technical, unbiased, unmoderated
version of full-disclosure and there should be one.

We need a cyber political mailing list, where anything goes, right now
it just seems that people don't really want n3td3v around, but thats
not because n3td3v has done something wrong, its just because there is
no where else suitable to post about cyber politics thats
non-technical, unbiased, unmoderated.

I don't like posting to full-disclosure if I feel unwelcome, but I
don't want to be muzzled, I want John Cartwright to setup a new
mailing list for the non-technical issues.

This is my proposal im putting forward, so let's talk about it.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/