For the love of everything sane, please seek medical attention, and grow up.<br><br><div class="gmail_quote">On Fri, Mar 21, 2008 at 8:00 AM, n3td3v <<a href="mailto:xploitable@gmail.com">xploitable@gmail.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">[15:49] * Now talking in ##security<br>
[15:55] <worried> someone wants my attention<br>
[15:55] <njan> worried, best way to make them go away: Don't give it to them.<br>
[15:56] <worried> njan, query me their IP address<br>
[15:57] <njan> worried, sorry, we don't hand out that sort of information.<br>
[15:57] <sfirefinch> you fail<br>
[15:58] <worried> where there is a will there is a way<br>
[15:58] <worried> i don't need your help ;)<br>
[15:58] <sfirefinch> heh, good luck<br>
[15:58] <worried> sfire, thanks<br>
[15:59] <worried> ex gov employee<br>
[15:59] <sfirefinch> oh yeah?<br>
[16:00] <worried> did you fall or did you get pushed?<br>
[16:01] <lunaphyte_> just because you're paranoid doesn't mean they're<br>
not out to get you.<br>
[16:01] <sfirefinch> and just because you are paranoid doesn't mean<br>
someone is listening to you<br>
[16:01] <lunaphyte_> right.<br>
[16:01] <worried> thats good<br>
[16:02] <worried> how is sans institute coming along?<br>
[16:02] <sfirefinch> quite well i am sure.<br>
[16:03] * naxx|nothere is now known as naxxatoe<br>
[16:03] <worried> i'm sure<br>
[16:03] <worried> you didn't know much about iframe attacks for about<br>
a whole weekend<br>
[16:04] <worried> it was funny<br>
[16:04] <sfirefinch> no.<br>
[16:04] <sfirefinch> we didn't publish anything<br>
[16:04] <sfirefinch> there is a difference<br>
[16:04] <worried> you were crying out for info from random members of<br>
the public to e-mail you<br>
[16:04] <worried> and you thought there were two iframe attacks<br>
[16:04] <sfirefinch> doesn't mean we didn't know, we wanted more info<br>
[16:05] <iamnowonmai><br>
<a href="http://www.linuxworld.com/news/2008/031908-red-hat-open-sources-security.html" target="_blank">http://www.linuxworld.com/news/2008/031908-red-hat-open-sources-security.html</a><br>
[16:08] <worried> as i said in e-mail, you exposed a break/weakness in<br>
your intelligence gathering chain.<br>
[16:09] * riotz is now known as riotz_<br>
[16:09] <sfirefinch> and that is?<br>
[16:09] <worried> you don't have strong links with non-professional circuit<br>
[16:10] <sfirefinch> oh, how you are so colorfully wrong.<br>
[16:10] <worried> to know whats going on, when you need to know, when<br>
the pro scene dont come up with answers<br>
[16:10] * riotz_ is now known as riotz<br>
[16:11] <worried> when your rely on shirt and tie to e-mail you info<br>
100% of the time then you're going toe ventually trip up and thats<br>
what the iframe weekend showed folks like me<br>
[16:11] <sfirefinch> well, the folks like you are more wrong then you reali=<br>
ze.<br>
[16:11] <sfirefinch> the beauty part about it is, you will never know.<br>
[16:12] <worried> i know you didn't have intelligence on the iframe<br>
weekend, so i know what type of sources you have<br>
[16:13] <worried> you needed underground links for that, and you<br>
obviously didn't have any<br>
[16:13] <sfirefinch> please read my previous statement where I say<br>
"you are wrong" in more ways than one?<br>
[16:13] <sfirefinch> you ASSUME we didn't know anything<br>
[16:13] <worried> good folks know the ppl behind the attack and would<br>
be in their hideout.<br>
[16:13] <sfirefinch> and are therefore wrong<br>
[16:14] <worried> nevermind<br>
[16:14] <worried> i dont want to continue this<br>
[16:15] <worried> let's move on<br>
[16:15] <sfirefinch> good, because you were going in an endless loop.<br>
[16:15] <worried> your blog just exposed more than it should of that<br>
you probably didn't realise you were giving away<br>
[16:15] <rexy__> where was the writeup about iframe posted on sans ?<br>
[16:16] <worried> the smallest of indications gives away clues to the enemy<br>
[16:16] <sfirefinch> we were quite aware, thank you.<br>
[16:17] <worried> you guys are all sitting on gmail addresses<br>
[16:17] <rexy__> because i cant seem to find it<br>
[16:17] <sfirefinch> you guys?<br>
[16:17] <worried> contact.html<br>
[16:18] <sfirefinch> that's the submission page<br>
[16:18] <worried> are you willing to give your real name<br>
[16:19] <sfirefinch> you should know it<br>
[16:19] <echelon_> why is there a security conference in spain?<br>
what've they contributed?<br>
[16:19] <sfirefinch> lol<br>
[16:20] <worried> echelon: its a few tents in the middle of a field<br>
with wireless a campfire and beer<br>
[16:20] <worried> i spoke to the guy already<br>
[16:20] <echelon_> france would be a better location<br>
[16:21] <worried> he is looking for english speaking people to talk<br>
about security, cos its all spanish so far<br>
[16:22] <worried> i'm not an enemy of sans im just an ethical enemy<br>
[16:22] <worried> dont worry<br>
[16:22] <rexy__> <a href="http://isc.sans.org/diary.html?storyid=4144&rss" target="_blank">http://isc.sans.org/diary.html?storyid=4144&rss</a> is<br>
that the one you were talking about sfirefinch ?<br>
[16:23] * naxxatoe is now known as naxx|nothere<br>
[16:23] <worried> its not obvious to me how to fix the problem!!lolol<br>
[16:23] <sfirefinch> rexy__: i think it would be more accurate to ask<br>
if that's the one that worried was talking about.<br>
[16:23] <worried> its a simple input valdiation flaw<br>
[16:24] <rexy__> sfirefinch: probably :P<br>
[16:24] <worried> they exploited<br>
[16:24] <worried> which i e-mailed them to tell them<br>
[16:24] <worried> lol<br>
[16:24] <echelon_> what do you guys think of tunneling through a<br>
nat-traversed connection?<br>
[16:25] <sfirefinch> "its times like this that proves one thing to me<br>
that you dicks dont<br>
[16:25] <sfirefinch> have good intelligence links with the<br>
underground, you're too busy<br>
[16:25] <sfirefinch> show boating with your depaertment of homeland<br>
security and cia type<br>
[16:25] <sfirefinch> boffins, that you haven't got good underground<br>
contacts, which prove<br>
[16:25] <sfirefinch> invaluable at times like these when the<br>
professional scene has no idea<br>
[16:25] <sfirefinch> what's going on."<br>
[16:25] <worried> they rely on http based intelligence at sans<br>
[16:25] <sfirefinch> yeah, real polite.<br>
[16:26] <rexy__> so what writeuup were you reffering to worried<br>
[16:26] <worried> do you jsut know you broke your privacy agreement<br>
and i'm lodging a complaint right now<br>
[16:26] <worried> im serious<br>
[16:27] <worried> want to give out any other info while you're<br>
breaking your privacy agreement?<br>
[16:27] <worried> this is going on FD dude<br>
[16:27] <worried> and i hope you get taken off the sans handlers<br>
[16:27] <sfirefinch> you say you are not an enemy<br>
[16:27] <sfirefinch> yet you shout publically<br>
[16:27] <njan> worried, I did warn you before that if you started<br>
publishing things from ##security to FD or elsewhere, that you'd be<br>
removed from the channel.<br>
[16:27] <sfirefinch> you call names and are rude<br>
[16:28] <sfirefinch> not a good way to get respect nor to get people to listen<br>
[16:28] <sfirefinch> I think what you did was selfish and rude<br>
[16:28] <sfirefinch> I don't respect that<br>
[16:28] <sfirefinch> n3td3v, I am sure you have something to<br>
contribute to the community<br>
[16:28] <sfirefinch> and Id like you to do so<br>
[16:28] <sfirefinch> however, at this point all you are doing is<br>
making people made and not trust you<br>
[16:28] <worried> you jsut pasted a private e-mail to the world wide web<br>
[16:29] <morning_wood> kill it!<br>
[16:29] <sfirefinch> no, i posted an email to irc<br>
[16:29] <sfirefinch> and i only posted a part of it<br>
[16:29] <sfirefinch> and not even the worst part<br>
[16:29] <sfirefinch> the privacy agreement applies if you agree to it<br>
[16:29] <sfirefinch> which you never have<br>
[16:29] * morning_wood throws the towles used to clean up TubGirl at Worried<br>
[16:30] <sfirefinch> worried: seriously dude, do you want me to help<br>
you? I will.<br>
[16:30] <sfirefinch> I'm through trying to degrade you, i'll help you<br>
and be nice<br>
[16:30] <sfirefinch> but you have to be nice to the community in return<br>
[16:30] <njan> sfirefinch++<br>
[16:30] <sfirefinch> and you have years of doing the exact opposite.<br>
[16:31] <sfirefinch> I am SERIOUSLY laying down the olive branch<br>
[16:31] <worried> "Note: All information submitted via this form will<br>
be sent to all ISC handlers. The information will be kept confidential<br>
within this group. We will only publish your information with your consent. "<br>
[16:31] <sfirefinch> yes, SUBMITTED THIS FORM<br>
[16:31] <sfirefinch> you don't submit via the form<br>
[16:31] <sfirefinch> you bypass everything you are SUPPOSED TO DO<br>
[16:31] <sfirefinch> and email us directly<br>
[16:31] <sfirefinch> therefore you violate the agreement<br>
[16:32] <sfirefinch> again<br>
[16:32] <sfirefinch> olive branch<br>
[16:32] <sfirefinch> <a href="http://en.wikipedia.org/wiki/Olive_branch" target="_blank">http://en.wikipedia.org/wiki/Olive_branch</a><br>
[16:32] <rexy__> thanx i was just about to look that up<br>
[16:32] <sfirefinch> In Western culture, the olive branch, apart from<br>
its literal meaning as a branch of an olive tree, symbolizes peace or<br>
goodwill<br>
[16:33] <sfirefinch> I'll be nice to you, if are nice to us<br>
[16:33] <worried> you mean you dont want me tell people what you've jsut done<br>
[16:33] <sfirefinch> it's that simple.<br>
[16:33] <samson--> worried: someone posted another security conference<br>
on full-disclosure, you should warn them that the fedz are gonna raid<br>
it<br>
[16:33] <sfirefinch> if I was scared that you were going to tell<br>
people what I've just done, i would have said that<br>
[16:33] <sfirefinch> i'm pretty black and white dude.<br>
[16:34] <sfirefinch> want me to help you? I will.<br>
[16:34] <sfirefinch> want people to take you seriously, I will.<br>
[16:34] <sfirefinch> but you have to be nice in return<br>
[16:34] <sfirefinch> and you don't do that<br>
[16:34] <sfirefinch> for years.<br>
[16:34] <rexy__> never knew worried was famous<br>
[16:35] <samson--> sfirefinch: it is impossible to take him seriously,<br>
all he does is lays down FUD after FUD<br>
[16:35] <samson--> it helps noone<br>
[16:35] <samson--> it doesnt even spread awareness properly<br>
[16:35] <sfirefinch> okay, well at least me<br>
[16:35] <sfirefinch> rexy__: worried = n3td3v<br>
[16:36] <rexy__> familiar nick, not ringing bells<br>
[16:36] <sfirefinch> he has a group on google groups and posts to FD<br>
all the time<br>
[16:37] <sfirefinch> currently he's off writing an email to FD about<br>
how sans sucks.<br>
[16:37] <rexy__> ah<br>
[16:37] <morning_wood> like ppl care lol<br>
[16:37] <rexy__> postings any good?<br>
[16:37] <sfirefinch> and how i clearly violated the privacy agreement<br>
that he does not adhere to.<br>
[16:37] <rexy__> n3td3v (leetspeak for net-dev) is a person or persons<br>
who has had a history of posting some fairly obnoxious stuff<br>
on Full Disclosure<br>
[16:37] <sfirefinch> rexy__: depends on your perspective<br>
[16:38] <sfirefinch> is there merit in what he says? sometimes yes<br>
[16:38] <sfirefinch> but the way he says it is so rude and brash it's<br>
not well received or respected.<br>
[16:38] <samson--> sfirefinch: the group he has consists of one<br>
person, which he has publicly admitted<br>
[16:38] <sfirefinch> I think he has some descent things to say<br>
sometimes, he shoots for the moon<br>
[16:39] <sfirefinch> samson--: well, it has a bunch of members, lets say that.<br>
[16:39] <iamnowonmai> hey morning_wood long time no see.<br>
[16:39] <morning_wood> hey0<br>
[16:40] <sfirefinch> he has some unfounded paranoia<br>
[16:40] <samson--> only "some"?<br>
[16:40] <sfirefinch> no, some of what he says is correct.<br>
[16:40] <sfirefinch> he just says it so wildly and rudely that no one listens.<br>
[16:41] <samson--> the kid is borderline paranoid schizophrenia<br>
[16:41] <sfirefinch> well i am not making a medical diagnosis<br>
[16:42] <samson--> i'm not a doctor either, but i did stay at a<br>
holiday inn express last night<br>
[16:43] <sfirefinch> heh<br>
[16:43] <iamnowonmai> sfirefinch++ for being the peacemaker.<br>
[16:44] <sfirefinch> i'm tryig to do the right thing<br>
[16:44] <sChaaa> hola<br>
[16:45] <worried> say sorry for pasting a message sent to <a href="mailto:handlers@sans.org">handlers@sans.org</a><br>
[16:45] <sfirefinch> okay, i apologize for pasting a message. Now,<br>
you say you are sorry for being rude.<br>
[16:46] <worried> rude about what? there are so many things<br>
[16:46] <sfirefinch> just the general statement<br>
[16:47] <worried> you statement you pasted?<br>
[16:47] <sfirefinch> you are just rude in general, and i ask you to be<br>
nicer and apologize for it<br>
[16:48] <worried> its true that you showboat about your cia and dhs contacts.<br>
[16:48] <sfirefinch> um, no.<br>
[16:48] <worried> and help the cia push out disinformation about power<br>
cuts carried out by hackers<br>
[16:48] <sfirefinch> that's not what i asked you to say<br>
[16:48] <worried> via the sans con<br>
[16:49] <sfirefinch> i had nothing to do with it, and again, not what<br>
i asked you to say<br>
[16:49] <morning_wood> oh phear<br>
[16:50] * naxx|nothere is now known as naxxatoe<br>
[16:53] <worried> i'm sorry for calling you dicks, thats the only part<br>
i can say sorry for.<br>
[16:54] <worried> a private e-mail shouldn't be disucssed in this<br>
fashion via a public channel of communication<br>
[16:54] <worried> this is highly unacceptable on any level of thinking<br>
[16:54] <morning_wood> you could apoligize for being a total idiot<br>
[16:55] <sfirefinch> worried: okay, fair enough, i apologized for it<br>
already. But why do you post IRC conversations to the web?<br>
[16:55] <sfirefinch> err<br>
[16:55] <sfirefinch> email<br>
[16:55] <worried> an irc conversation is already on the web<br>
[16:55] <njan> effectively to the web, given how much FD is archived.<br>
[16:55] <njan> worried, not here, it isn't.<br>
[16:55] <morning_wood> last one he posted on FD was him talking to himself<br>
[16:56] <njan> worried, this channel explicitly doesn't log publicly,<br>
and freenode explicitly bans people doing that without channel<br>
consent.<br>
[16:56] <morning_wood> then he follows it up with a post from "n3td3v" lol<br>
[16:56] <njan> worried, anyone who logs this channel to the web does<br>
so in the knowledge they're breaking the channel and network<br>
guidelines, and they can be banned or klined for it.<br>
[16:56] <morning_wood> responding to his own troll food<br>
[16:56] <sfirefinch> and neither one has an expectation of privacy<br>
[16:56] <sfirefinch> i am just asking a question<br>
[16:57] <worried> njan, are you saying thats what you're going to do?<br>
[16:58] <njan> worried, I've told you in the past if you log the<br>
channel to the web, you'll be removed from the channel at the very<br>
least.<br>
[16:58] * morning_wood ant figure out why he hasnt been klined yet...<br>
[16:58] <njan> worried, and for persistent offences in instances where<br>
people know they're not supposed to publicly log without channel<br>
consent, freenode can and does intervene where appropriate.<br>
[16:58] <sfirefinch> i am going to go eat pizza<br>
[16:58] <njan> worried, <a href="http://blog.freenode.net/?p=62" target="_blank">http://blog.freenode.net/?p=62</a> <= for instance.<br>
[16:59] <worried> my google group isn't public<br>
[16:59] <morning_wood> who gives a fuck<br>
[17:00] <sfirefinch> it is if you can sign up for it for free.<br>
[17:00] <iamnowonmai> sfirefinch: mushroom pizza++<br>
[17:00] <sfirefinch> i am suprised you aren't more paranoid about google<br>
[17:01] <worried> im not paranoid<br>
[17:02] <njan> worried, for the purposes of this conversation, yes, it is.<br>
[17:02] <samson--> what what what?<br>
[17:02] <worried> tell me what i'm paranoid about<br>
[17:02] <sfirefinch> the government for one.<br>
[17:03] <samson--> RBN caring enough to send someone out to UK to take<br>
care of you<br>
[17:03] <worried> why would i be paranoid about them<br>
[17:03] <Renski_> *cough* russian hackers *cough*<br>
[17:03] <njan> worried, CCTV? ;)<br>
[17:03] <samson--> if you arent paranoid, you are delusional<br>
[17:03] <sfirefinch> i think you give them more credit then they are worth<br>
[17:03] * sfirefinch is away for pizza<br>
[17:03] <worried> i dont break laws<br>
[17:03] <worried> so why would the gov phase me<br>
[17:04] <worried> if anything its them who are paranoid if they are<br>
tracking me, cos there is nothing to uncover<br>
[17:04] <worried> its a waste of their time trying<br>
[17:04] <njan> worried, <a href="http://en.wikipedia.org/wiki/First_they_came" target="_blank">http://en.wikipedia.org/wiki/First_they_came</a><br>
[17:05] <njan> worried, I think that's a pretty powerful response to<br>
the notion that anyone who isn't doing anything wrong doesn't have<br>
anything to fear from their own government.<br>
[17:05] <worried> what would the government do to someone who hasn't<br>
broke a law?<br>
[17:06] <rexy__> information<br>
[17:06] <Renski_> worried: where were you during history?<br>
[17:06] <worried> i haven't broke a law and im not a poltical threat<br>
to the national interest<br>
[17:06] <njan> Who was it that said that the price of freedom was<br>
perpetual vigilence?<br>
[17:07] <transzorp> eternal vigilence is the usual phrasing<br>
[17:07] <njan> Ah.. Jefferson.<br>
[17:07] <worried> there is no useful intelligence on my gmail<br>
accounts, there is simply copy&pasted public news articles, everything<br>
sent from my gmails goes straight to a mailing lsit where it can be<br>
read by anyone, so the wiretap would be pointless<br>
[17:07] <transzorp> yup<br>
[17:08] <njan> or Wendell Phillips, according to wikipedia. hmm.<br>
[17:08] <njan> <3 stolen quotes. :)<br>
[17:08] <worried> i dont send e-mail to private ppl<br>
[17:08] <iamnowonmai> njan: I would have guessed someone else.<br>
[17:08] <transzorp> so since I'm lazy and don't want to read scroll<br>
back who's wire taping who?<br>
[17:08] <samson--> worried: you just sent an email to sans<br>
[17:08] <worried> thats a list, its not a one on one e-mail<br>
[17:08] <samson--> with the expectation that it was private<br>
[17:08] <worried> no i dodnt think it was private<br>
[17:09] <samson--> then what did you pitch a fit for?<br>
[17:09] <worried> ethics<br>
[17:09] <iamnowonmai> transzorp: worried has hurt feelings about his<br>
note to the ISC being partially pasted here.<br>
[17:09] <worried> no i dont have hurt feelings<br>
[17:09] <worried> i jsut stated the person broke sans policy<br>
[17:10] <Renski_> worried: stop whining alreadly<br>
[17:10] <Renski_> he said sorry, and you havnt done the same.<br>
[17:10] <worried> yes, i wasnt the one who brought it up again<br>
[17:11] <worried> i did say sorry<br>
[17:11] <worried> i said sorry for calling them dicks<br>
[17:11] <transzorp> ok<br>
[17:11] <worried> im not discussing a closed e-mail with this channel,<br>
its unacceptable that this conversation is even possible<br>
[17:12] <iamnowonmai> But you are discussing it.<br>
[17:12] <worried> not now<br>
[17:12] <worried> no, you brought it up<br>
[17:12] <worried> i responded<br>
[17:12] <iamnowonmai> That counts - you still are.<br>
[17:12] <worried> you brought it up<br>
[17:12] <Renski_> worried: the internet is a giant copying machine, get over it.<br>
[17:12] <transzorp> so since I don't really care about emails etc.<br>
what else is going on?<br>
[17:13] <iamnowonmai> transzorp: not much. I'm still trying to glean<br>
more information about the Hannaford breach.<br>
[17:13] <worried> renski: no its not actually, there are rules and<br>
regulations for professionals<br>
[17:13] <iamnowonmai> Now they are blaming misconfiguration.<br>
[17:13] <worried> im finished discussing this<br>
[17:13] <transzorp> iamnowonmai: I haven't heard about the hannaford breach<br>
[17:13] <Renski_> worried: really?<br>
[17:14] * Renski_ doesnt recall signing anything<br>
[17:14] <iamnowonmai><br>
<a href="http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1306289,00.html" target="_blank">http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1306289,00.html</a><br>
[17:14] <iamnowonmai> disable javascript and you bypass the registration crap<br>
[17:15] <iamnowonmai> also here -<br>
<a href="http://securosis.com/2008/03/18/picking-apart-the-hannaford-breach-what-might-have-happened/" target="_blank">http://securosis.com/2008/03/18/picking-apart-the-hannaford-breach-what-might-have-happened/</a><br>
[17:31] <worried> sweet, thats the transcript saved<br>
[17:31] * Disconnected<br>
<br>
<br>
---------- Forwarded message ----------<br>
From: n3td3v <<a href="mailto:xploitable@gmail.com">xploitable@gmail.com</a>><br>
Date: Thu, Mar 20, 2008 at 5:43 PM<br>
Subject: breach in sans policy about to go public<br>
To: <a href="mailto:handlers@sans.org">handlers@sans.org</a><br>
<br>
<br>
one of your sans handlers post one of the e-mails i sent to this<br>
e-mail address to a ##security on freenode, this event has just<br>
happened.<br>
<br>
i'm posting the full transcript unedited onto full-disclosure<br>
<br>
let's see how many media outlets pick this up :)<br>
<br>
he said because the e-mail was sent to <a href="mailto:handlers@sans.org">handlers@sans.org</a> and not via<br>
the form then<br>
<br>
"All submissions are kept confidential. Your submission will reach all<br>
ISC handlers. Your e-mail address will only be used to reply to your<br>
submission." doesn't count.<br>
<br>
we'll see what the public has to say eh?<br>
<br>
this is a major news event thats about to unfold...<br>
<br>
the name of the offender will remain undisclosed until i decide if i<br>
go public with this or not and what the strategy will be....<br>
<br>
the next few hours the transcript will be post to full-disclosure or<br>
n3td3v list. maybe both.<br>
<br>
this is a window of opportunity for dialog if you want to have it to<br>
stop the transcript from being made public and for the person to owe<br>
up to sans and the other handlers that this incident has just taken<br>
place.<br>
<br>
an e-mail i sent to <a href="mailto:handlers@sans.org">handlers@sans.org</a> was in the last hour post to<br>
##security freenode, which led to the e-mail being publically<br>
discussed with all the channel members, much to my embarassment.<br>
<br>
i dont buy his excuse that because it wasn't sent via the form then<br>
the e-mail was allowed to be copy& pasted to a public channel and be<br>
discussed publically,<br>
<br>
the person then told me to apologise for what i sent to sans infront<br>
of everyone.<br>
<br>
it is a big public channel, this is completely unacceptable.<br>
<br>
<br>
---------- Forwarded message ----------<br>
From: n3td3v <<a href="mailto:xploitable@gmail.com">xploitable@gmail.com</a>><br>
Date: Thu, Mar 20, 2008 at 8:17 PM<br>
Subject: Re: sans handler gives out n3td3v e-mail to public<br>
To: Johannes Ullrich <<a href="mailto:jullrich@euclidian.com">jullrich@euclidian.com</a>>, <a href="mailto:handlers@sans.org">handlers@sans.org</a><br>
<br>
<br>
On Thu, Mar 20, 2008 at 7:08 PM, Johannes Ullrich<br>
<<a href="mailto:jullrich@euclidian.com">jullrich@euclidian.com</a>> wrote:<br>
> n3td3v:<br>
><br>
> thanks for letting us know. We will deal with this breach internally.<br>
<br>
n3td3v please don't make this public, please please.<br>
<br>
> Please refrain from sending any additional e-mail either regarding this<br>
> incident or additional incidents to <a href="mailto:handlers@sans.org">handlers@sans.org</a> or other aliases used<br>
> by this group or its individuals.<br>
<br>
we're begging you, please!!!<br>
<br>
> Thanks.<br>
<br>
its too late for thanks, prepare for a PR crisis.<br>
<br>
<br>
[10:28] <PhilKC> Hi.<br>
[10:31] <worried> hi<br>
[10:32] <PhilKC> Hiya, fancy filling me in on all the details of your issue? :)<br>
[10:32] <worried> a <a href="http://sans.org" target="_blank">sans.org</a> handler post an e-mail i sent to<br>
<a href="mailto:handlers@sans.org">handlers@sans.org</a> to ##security<br>
[10:33] <worried> this goes against their privacy agreement<br>
[10:33] <worried> and the handler made fun of me and made me say sorry<br>
about the e-mail<br>
[10:33] <worried> which should never of been copy&pasted to the channel<br>
[10:33] <worried> and then i said i want to post the channel log to a<br>
mailing list and njan said he would k-line me if i did<br>
[10:34] <PhilKC> Ah<br>
[10:35] <worried> njan says he will ban me from security channel and<br>
k-line me if i post proof of the sans violation to a public mailing<br>
list<br>
[10:35] <worried> this is unfair<br>
[10:35] <worried> my rights to privacy were violated and i was made<br>
fun of in a public freenode channel<br>
[10:35] <PhilKC> Every channel has its own rules on public logging<br>
(Wikipedia for example prohibits all public logging), breaking these<br>
rules can result in you being banned from the channel/project, but,<br>
from what you have told me, I don't see why a kline would be applied.<br>
[10:36] <PhilKC> (njan is a channel op on ##security and as such can<br>
enforce said rules about logging)<br>
[10:36] <worried> so tell njan that, so i can proceed to press send on<br>
this e-mail<br>
[10:36] <worried> njan is just being a dick to protect his friend<br>
[10:37] <worried> he is trying to stop me posting to a mailing list<br>
through a technicality<br>
[10:37] <worried> of a freenode rule<br>
[10:37] <PhilKC> There's nothing to stop you sending the email, *but*<br>
if it breaches the channel policy on public logging then you may be<br>
banned from that channel.<br>
[10:37] <worried> njan says k-line too<br>
[10:38] <worried> he is trying his best to scare me<br>
[10:39] <PhilKC> Hows about, before you send the mail, I have a chat<br>
with njan and we'll see if we can sort this out?<br>
[10:39] <worried> deal<br>
[10:39] <PhilKC> :)<br>
[10:39] <worried> are u a senior staff?<br>
[10:40] <PhilKC> I'm staff, not senior though. :)<br>
[10:40] <PhilKC> Will you be around for a couple of hours whilst I try<br>
and summon njan?<br>
[10:40] <worried> yes<br>
[10:40] <PhilKC> Great, I shall poke you as soon as he's about. :)<br>
[10:41] <PhilKC> And, thank you for coming to us to talk about the<br>
issue, it is appreciated :)<br>
<br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br>
</blockquote></div><br>