Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

-- more on -- Whistle Blower in Prison for Disclosing Security Hole? (fwd)

From: Dave Farber <dave () farber net>
Date: Wed, 20 Aug 2003 15:32:34 -0400


Date: Wed, 20 Aug 2003 09:20:33 -0400
From: George Hotelling <george () hotelling net>
Subject: Re: [IP] Whistle Blower in Prison for Disclosing Security Hole? (fwd)
To: Dave Farber <dave () farber net>

Dave Farber remarked:
> >
> >Bret McDanel was dissatisfied with his former employer, Tornado
> >Development, Inc. Tornado provided internet access and web-based
> >e-mail to its clients.  However, McDanel apparently discovered a flaw
> >in the web-mail that would permit malicious users to piggyback a
> >previous secure session, grab the unique session ID and thereby read
> >a user's e-mail-- despite the fact that the site promised that e-mail
> >was secure. Dissatisfied with the pace at which Tornado addressed the
> >issue (and for other reasons, undoubtedly), McDanel severed his
> >employment with them, and went to work for another company.

There's possibly another side to this story.  In the Slashdot discussion
someone claiming to be a former coworker of McDanel writes about what
happened from his side of network.

http://yro.slashdot.org/comments.pl?sid=75168&cid=6730388

"Bret was not prosecuted for revealing a security vulnerability.  He was
prosecuted for DOS'ing our server.  He sent 14,000 emails to our system,
and it overloaded and stopped accepting mail.  He did this several
times, and knew it overloaded the system when he did it, and knew the
FBI had been called after the first time, so nobody needs to feel sorry
for him.  Holding him up as a martyr or hero is just asinine, but it
speaks volumes about how our media works these days."

Of course, caveat lector and on the Internet no one knows you're a dog,
but this guy seems to write a more balanced overview of what's going on.
He doesn't seem to be a fan of either party involved and has insider
information on how the systems actually functioned.

George

--
George Hotelling                  GPG: 0x8175D485 ]
                      http://george.hotelling.net ]
  If your site doesn't RSS, I won't visit twice.  ]
    _         _    _      ___      _         _   _/


-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: