bāsicamente can you comment in the rumors that alike to the vast majority
of female investigators of the security you used to be a man?
<br><br>beyond that on the rumors that with you shoes of clown are apparent and jacket sports is being worn ?<br><br><br><div><span class="gmail_quote">On 4/8/07, <b class="gmail_sendername">Raven Alder</b> <<a href="mailto:raven@oneeyedcrow.net">
raven@oneeyedcrow.net</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hiya --<br><br>> Security conference staff needs to do a better job of screening
<br>> their audiences to prevent this sort of harassment during<br>> presentations. I must admit that I am afraid to present at future<br>> conferences if there is the possibility of being humiliated like<br>> this during my talks.
<br><br> As the researcher in question, I didn't feel particularly<br>humiliated. Sure, I thought the guy was a troll, but I figured that he<br>was just being a jerk to me because he had some chip on his shoulder and
<br>couldn't find anything to complain about in my talk. But really, his<br>big tac-nuke against me was that there was some undisclosed bug in<br>Apple's code? That's hardly my fault. I don't write their OS, and the
<br>thing was fully patched, firewalled, hardened, and still got popped.<br>Shit happens.<br><br> I didn't go public with it because I wanted a smoking gun first.<br>Security is very much a "show me" industry, and I didn't want to make
<br>claims that I couldn't substantiate. I did approach Apple, and they<br>pretty much blew me off. I sent them a detailed event report, offered<br>up my system for forensic analysis, and offered to help in any way I
<br>could. They went to the press, gave a reporter my name (I had not gone<br>to the press), and dished some crap about how I let my boyfriend use my<br>computer and he probably did something to disable my firewall and cause
<br>it to auto-own itself or something. Dude. My boyfriend does not have<br>admin permissions on my machine, for starters. Way to help, Apple.<br><br> After realizing that Apple were not my friends and were more
<br>interested in their PR spin than they were in finding and fixing the<br>problem, I stopped talking to them. I had several OS X geeks have a<br>look at the system, and none of them were able to find anything more<br>conclusive than I did. Forensics geeks, same thing. So, I dumped the
<br>filesystem for posterity, vowed that no OS X box was going on a hostile<br>network again, and reformatted the thing.<br><br> Sorry, folks, but I'm not going to share my filesystem dump with<br>people that I do not already know and trust. Don't even ask.
<br><br> Not even if you're Apple. You leak my name to the press when<br>I'm trying to help you find your flaw, you get no more help from me.<br><br> All of this is pretty irrelevant to the talk I gave. Still, I
<br>don't feel that audience screening is the way to solve the problem -- I<br>don't want to quash honest questions and interest in the projects I'm<br>working on, and I think any screening that wouldn't be trivially
<br>defeated by lying-fu would be draconian enough to be detrimental to free<br>and open discourse. There are always going to be trolls. I think the<br>audience and convention response was about as good as it could have been
<br>-- the troll got told off by several people, two of them with the mike,<br>but it was pretty clear that most people were more interested in the<br>technical content of the talk than they were in his effort to get my<br>
goat. The conference organizers offered sympathy, and that was kind of<br>them; I believe the guy got pitched out of the con for going on to<br>harass a few other folks too. Charming gent.<br><br> So, really, I don't think I have anything to be ashamed of, and
<br>I certainly don't feel humiliated. I can see why getting ad hominem<br>questions might make getting up on stage more intimidating for future<br>speakers, but I don't intend to let that shut me up. [grin]<br>
<br>Cheers,<br>Raven<br><br>--<br>@<br><br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html
</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/</a><br></blockquote></div><br>