Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Monkeybrains.net and badtrans compromise information

From: "van Wyk, Ken" <Ken () para-protect com>
Date: Fri, 4 Jan 2002 14:37:41 -0500 
Jon Williams writes:

I've got to admit, I was suspicious when I got the same message, but when

I

tried getting the information and was told essentially "You've got
compromised passwords, but you have to pay us to find out which," it

sounds

more like extortion than good cyber citizenship.


I'd just like to point out a couple things briefly:
1) We have no affiliation whatsoever with monkeybrains.net;
2) We were unaware of their intent to charge for this information;
3) After scanning for ":443" in their database/web site and seeing > 2000
compromised SSL-encrypted sessions, we started alerting our customers;
4) We alerted a number of companies whose employees, customers, etc., were
in that database, however there was no obligation or fee to any of those
companies for our alerts;
5) Had we known of monkeybrains.net's intention to charge for releasing the
information, we would have noted so in the alerts that we sent to companies
that we found in their database.

Cheers,

Ken

Kenneth R. van Wyk
CTO & Corporate Vice President
Para-Protect, Inc.
www.para-protect.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: