For the love of everything sane, please seek medical attention, and grow up.
On Fri, Mar 21, 2008 at 8:00 AM, n3td3v <[EMAIL PROTECTED]> wrote: > [15:49] * Now talking in ##security > [15:55] <worried> someone wants my attention > [15:55] <njan> worried, best way to make them go away: Don't give it to > them. > [15:56] <worried> njan, query me their IP address > [15:57] <njan> worried, sorry, we don't hand out that sort of information. > [15:57] <sfirefinch> you fail > [15:58] <worried> where there is a will there is a way > [15:58] <worried> i don't need your help ;) > [15:58] <sfirefinch> heh, good luck > [15:58] <worried> sfire, thanks > [15:59] <worried> ex gov employee > [15:59] <sfirefinch> oh yeah? > [16:00] <worried> did you fall or did you get pushed? > [16:01] <lunaphyte_> just because you're paranoid doesn't mean they're > not out to get you. > [16:01] <sfirefinch> and just because you are paranoid doesn't mean > someone is listening to you > [16:01] <lunaphyte_> right. > [16:01] <worried> thats good > [16:02] <worried> how is sans institute coming along? > [16:02] <sfirefinch> quite well i am sure. > [16:03] * naxx|nothere is now known as naxxatoe > [16:03] <worried> i'm sure > [16:03] <worried> you didn't know much about iframe attacks for about > a whole weekend > [16:04] <worried> it was funny > [16:04] <sfirefinch> no. > [16:04] <sfirefinch> we didn't publish anything > [16:04] <sfirefinch> there is a difference > [16:04] <worried> you were crying out for info from random members of > the public to e-mail you > [16:04] <worried> and you thought there were two iframe attacks > [16:04] <sfirefinch> doesn't mean we didn't know, we wanted more info > [16:05] <iamnowonmai> > > http://www.linuxworld.com/news/2008/031908-red-hat-open-sources-security.html > [16:08] <worried> as i said in e-mail, you exposed a break/weakness in > your intelligence gathering chain. > [16:09] * riotz is now known as riotz_ > [16:09] <sfirefinch> and that is? > [16:09] <worried> you don't have strong links with non-professional > circuit > [16:10] <sfirefinch> oh, how you are so colorfully wrong. > [16:10] <worried> to know whats going on, when you need to know, when > the pro scene dont come up with answers > [16:10] * riotz_ is now known as riotz > [16:11] <worried> when your rely on shirt and tie to e-mail you info > 100% of the time then you're going toe ventually trip up and thats > what the iframe weekend showed folks like me > [16:11] <sfirefinch> well, the folks like you are more wrong then you > reali= > ze. > [16:11] <sfirefinch> the beauty part about it is, you will never know. > [16:12] <worried> i know you didn't have intelligence on the iframe > weekend, so i know what type of sources you have > [16:13] <worried> you needed underground links for that, and you > obviously didn't have any > [16:13] <sfirefinch> please read my previous statement where I say > "you are wrong" in more ways than one? > [16:13] <sfirefinch> you ASSUME we didn't know anything > [16:13] <worried> good folks know the ppl behind the attack and would > be in their hideout. > [16:13] <sfirefinch> and are therefore wrong > [16:14] <worried> nevermind > [16:14] <worried> i dont want to continue this > [16:15] <worried> let's move on > [16:15] <sfirefinch> good, because you were going in an endless loop. > [16:15] <worried> your blog just exposed more than it should of that > you probably didn't realise you were giving away > [16:15] <rexy__> where was the writeup about iframe posted on sans ? > [16:16] <worried> the smallest of indications gives away clues to the > enemy > [16:16] <sfirefinch> we were quite aware, thank you. > [16:17] <worried> you guys are all sitting on gmail addresses > [16:17] <rexy__> because i cant seem to find it > [16:17] <sfirefinch> you guys? > [16:17] <worried> contact.html > [16:18] <sfirefinch> that's the submission page > [16:18] <worried> are you willing to give your real name > [16:19] <sfirefinch> you should know it > [16:19] <echelon_> why is there a security conference in spain? > what've they contributed? > [16:19] <sfirefinch> lol > [16:20] <worried> echelon: its a few tents in the middle of a field > with wireless a campfire and beer > [16:20] <worried> i spoke to the guy already > [16:20] <echelon_> france would be a better location > [16:21] <worried> he is looking for english speaking people to talk > about security, cos its all spanish so far > [16:22] <worried> i'm not an enemy of sans im just an ethical enemy > [16:22] <worried> dont worry > [16:22] <rexy__> http://isc.sans.org/diary.html?storyid=4144&rss is > that the one you were talking about sfirefinch ? > [16:23] * naxxatoe is now known as naxx|nothere > [16:23] <worried> its not obvious to me how to fix the problem!!lolol > [16:23] <sfirefinch> rexy__: i think it would be more accurate to ask > if that's the one that worried was talking about. > [16:23] <worried> its a simple input valdiation flaw > [16:24] <rexy__> sfirefinch: probably :P > [16:24] <worried> they exploited > [16:24] <worried> which i e-mailed them to tell them > [16:24] <worried> lol > [16:24] <echelon_> what do you guys think of tunneling through a > nat-traversed connection? > [16:25] <sfirefinch> "its times like this that proves one thing to me > that you dicks dont > [16:25] <sfirefinch> have good intelligence links with the > underground, you're too busy > [16:25] <sfirefinch> show boating with your depaertment of homeland > security and cia type > [16:25] <sfirefinch> boffins, that you haven't got good underground > contacts, which prove > [16:25] <sfirefinch> invaluable at times like these when the > professional scene has no idea > [16:25] <sfirefinch> what's going on." > [16:25] <worried> they rely on http based intelligence at sans > [16:25] <sfirefinch> yeah, real polite. > [16:26] <rexy__> so what writeuup were you reffering to worried > [16:26] <worried> do you jsut know you broke your privacy agreement > and i'm lodging a complaint right now > [16:26] <worried> im serious > [16:27] <worried> want to give out any other info while you're > breaking your privacy agreement? > [16:27] <worried> this is going on FD dude > [16:27] <worried> and i hope you get taken off the sans handlers > [16:27] <sfirefinch> you say you are not an enemy > [16:27] <sfirefinch> yet you shout publically > [16:27] <njan> worried, I did warn you before that if you started > publishing things from ##security to FD or elsewhere, that you'd be > removed from the channel. > [16:27] <sfirefinch> you call names and are rude > [16:28] <sfirefinch> not a good way to get respect nor to get people to > listen > [16:28] <sfirefinch> I think what you did was selfish and rude > [16:28] <sfirefinch> I don't respect that > [16:28] <sfirefinch> n3td3v, I am sure you have something to > contribute to the community > [16:28] <sfirefinch> and Id like you to do so > [16:28] <sfirefinch> however, at this point all you are doing is > making people made and not trust you > [16:28] <worried> you jsut pasted a private e-mail to the world wide web > [16:29] <morning_wood> kill it! > [16:29] <sfirefinch> no, i posted an email to irc > [16:29] <sfirefinch> and i only posted a part of it > [16:29] <sfirefinch> and not even the worst part > [16:29] <sfirefinch> the privacy agreement applies if you agree to it > [16:29] <sfirefinch> which you never have > [16:29] * morning_wood throws the towles used to clean up TubGirl at > Worried > [16:30] <sfirefinch> worried: seriously dude, do you want me to help > you? I will. > [16:30] <sfirefinch> I'm through trying to degrade you, i'll help you > and be nice > [16:30] <sfirefinch> but you have to be nice to the community in return > [16:30] <njan> sfirefinch++ > [16:30] <sfirefinch> and you have years of doing the exact opposite. > [16:31] <sfirefinch> I am SERIOUSLY laying down the olive branch > [16:31] <worried> "Note: All information submitted via this form will > be sent to all ISC handlers. The information will be kept confidential > within this group. We will only publish your information with your > consent. " > [16:31] <sfirefinch> yes, SUBMITTED THIS FORM > [16:31] <sfirefinch> you don't submit via the form > [16:31] <sfirefinch> you bypass everything you are SUPPOSED TO DO > [16:31] <sfirefinch> and email us directly > [16:31] <sfirefinch> therefore you violate the agreement > [16:32] <sfirefinch> again > [16:32] <sfirefinch> olive branch > [16:32] <sfirefinch> http://en.wikipedia.org/wiki/Olive_branch > [16:32] <rexy__> thanx i was just about to look that up > [16:32] <sfirefinch> In Western culture, the olive branch, apart from > its literal meaning as a branch of an olive tree, symbolizes peace or > goodwill > [16:33] <sfirefinch> I'll be nice to you, if are nice to us > [16:33] <worried> you mean you dont want me tell people what you've jsut > done > [16:33] <sfirefinch> it's that simple. > [16:33] <samson--> worried: someone posted another security conference > on full-disclosure, you should warn them that the fedz are gonna raid > it > [16:33] <sfirefinch> if I was scared that you were going to tell > people what I've just done, i would have said that > [16:33] <sfirefinch> i'm pretty black and white dude. > [16:34] <sfirefinch> want me to help you? I will. > [16:34] <sfirefinch> want people to take you seriously, I will. > [16:34] <sfirefinch> but you have to be nice in return > [16:34] <sfirefinch> and you don't do that > [16:34] <sfirefinch> for years. > [16:34] <rexy__> never knew worried was famous > [16:35] <samson--> sfirefinch: it is impossible to take him seriously, > all he does is lays down FUD after FUD > [16:35] <samson--> it helps noone > [16:35] <samson--> it doesnt even spread awareness properly > [16:35] <sfirefinch> okay, well at least me > [16:35] <sfirefinch> rexy__: worried = n3td3v > [16:36] <rexy__> familiar nick, not ringing bells > [16:36] <sfirefinch> he has a group on google groups and posts to FD > all the time > [16:37] <sfirefinch> currently he's off writing an email to FD about > how sans sucks. > [16:37] <rexy__> ah > [16:37] <morning_wood> like ppl care lol > [16:37] <rexy__> postings any good? > [16:37] <sfirefinch> and how i clearly violated the privacy agreement > that he does not adhere to. > [16:37] <rexy__> n3td3v (leetspeak for net-dev) is a person or persons > who has had a history of posting some fairly obnoxious stuff > on Full Disclosure > [16:37] <sfirefinch> rexy__: depends on your perspective > [16:38] <sfirefinch> is there merit in what he says? sometimes yes > [16:38] <sfirefinch> but the way he says it is so rude and brash it's > not well received or respected. > [16:38] <samson--> sfirefinch: the group he has consists of one > person, which he has publicly admitted > [16:38] <sfirefinch> I think he has some descent things to say > sometimes, he shoots for the moon > [16:39] <sfirefinch> samson--: well, it has a bunch of members, lets say > that. > [16:39] <iamnowonmai> hey morning_wood long time no see. > [16:39] <morning_wood> hey0 > [16:40] <sfirefinch> he has some unfounded paranoia > [16:40] <samson--> only "some"? > [16:40] <sfirefinch> no, some of what he says is correct. > [16:40] <sfirefinch> he just says it so wildly and rudely that no one > listens. > [16:41] <samson--> the kid is borderline paranoid schizophrenia > [16:41] <sfirefinch> well i am not making a medical diagnosis > [16:42] <samson--> i'm not a doctor either, but i did stay at a > holiday inn express last night > [16:43] <sfirefinch> heh > [16:43] <iamnowonmai> sfirefinch++ for being the peacemaker. > [16:44] <sfirefinch> i'm tryig to do the right thing > [16:44] <sChaaa> hola > [16:45] <worried> say sorry for pasting a message sent to > [EMAIL PROTECTED] > [16:45] <sfirefinch> okay, i apologize for pasting a message. Now, > you say you are sorry for being rude. > [16:46] <worried> rude about what? there are so many things > [16:46] <sfirefinch> just the general statement > [16:47] <worried> you statement you pasted? > [16:47] <sfirefinch> you are just rude in general, and i ask you to be > nicer and apologize for it > [16:48] <worried> its true that you showboat about your cia and dhs > contacts. > [16:48] <sfirefinch> um, no. > [16:48] <worried> and help the cia push out disinformation about power > cuts carried out by hackers > [16:48] <sfirefinch> that's not what i asked you to say > [16:48] <worried> via the sans con > [16:49] <sfirefinch> i had nothing to do with it, and again, not what > i asked you to say > [16:49] <morning_wood> oh phear > [16:50] * naxx|nothere is now known as naxxatoe > [16:53] <worried> i'm sorry for calling you dicks, thats the only part > i can say sorry for. > [16:54] <worried> a private e-mail shouldn't be disucssed in this > fashion via a public channel of communication > [16:54] <worried> this is highly unacceptable on any level of thinking > [16:54] <morning_wood> you could apoligize for being a total idiot > [16:55] <sfirefinch> worried: okay, fair enough, i apologized for it > already. But why do you post IRC conversations to the web? > [16:55] <sfirefinch> err > [16:55] <sfirefinch> email > [16:55] <worried> an irc conversation is already on the web > [16:55] <njan> effectively to the web, given how much FD is archived. > [16:55] <njan> worried, not here, it isn't. > [16:55] <morning_wood> last one he posted on FD was him talking to himself > [16:56] <njan> worried, this channel explicitly doesn't log publicly, > and freenode explicitly bans people doing that without channel > consent. > [16:56] <morning_wood> then he follows it up with a post from "n3td3v" lol > [16:56] <njan> worried, anyone who logs this channel to the web does > so in the knowledge they're breaking the channel and network > guidelines, and they can be banned or klined for it. > [16:56] <morning_wood> responding to his own troll food > [16:56] <sfirefinch> and neither one has an expectation of privacy > [16:56] <sfirefinch> i am just asking a question > [16:57] <worried> njan, are you saying thats what you're going to do? > [16:58] <njan> worried, I've told you in the past if you log the > channel to the web, you'll be removed from the channel at the very > least. > [16:58] * morning_wood ant figure out why he hasnt been klined yet... > [16:58] <njan> worried, and for persistent offences in instances where > people know they're not supposed to publicly log without channel > consent, freenode can and does intervene where appropriate. > [16:58] <sfirefinch> i am going to go eat pizza > [16:58] <njan> worried, http://blog.freenode.net/?p=62 <= for instance. > [16:59] <worried> my google group isn't public > [16:59] <morning_wood> who gives a fuck > [17:00] <sfirefinch> it is if you can sign up for it for free. > [17:00] <iamnowonmai> sfirefinch: mushroom pizza++ > [17:00] <sfirefinch> i am suprised you aren't more paranoid about google > [17:01] <worried> im not paranoid > [17:02] <njan> worried, for the purposes of this conversation, yes, it is. > [17:02] <samson--> what what what? > [17:02] <worried> tell me what i'm paranoid about > [17:02] <sfirefinch> the government for one. > [17:03] <samson--> RBN caring enough to send someone out to UK to take > care of you > [17:03] <worried> why would i be paranoid about them > [17:03] <Renski_> *cough* russian hackers *cough* > [17:03] <njan> worried, CCTV? ;) > [17:03] <samson--> if you arent paranoid, you are delusional > [17:03] <sfirefinch> i think you give them more credit then they are worth > [17:03] * sfirefinch is away for pizza > [17:03] <worried> i dont break laws > [17:03] <worried> so why would the gov phase me > [17:04] <worried> if anything its them who are paranoid if they are > tracking me, cos there is nothing to uncover > [17:04] <worried> its a waste of their time trying > [17:04] <njan> worried, http://en.wikipedia.org/wiki/First_they_came > [17:05] <njan> worried, I think that's a pretty powerful response to > the notion that anyone who isn't doing anything wrong doesn't have > anything to fear from their own government. > [17:05] <worried> what would the government do to someone who hasn't > broke a law? > [17:06] <rexy__> information > [17:06] <Renski_> worried: where were you during history? > [17:06] <worried> i haven't broke a law and im not a poltical threat > to the national interest > [17:06] <njan> Who was it that said that the price of freedom was > perpetual vigilence? > [17:07] <transzorp> eternal vigilence is the usual phrasing > [17:07] <njan> Ah.. Jefferson. > [17:07] <worried> there is no useful intelligence on my gmail > accounts, there is simply copy&pasted public news articles, everything > sent from my gmails goes straight to a mailing lsit where it can be > read by anyone, so the wiretap would be pointless > [17:07] <transzorp> yup > [17:08] <njan> or Wendell Phillips, according to wikipedia. hmm. > [17:08] <njan> <3 stolen quotes. :) > [17:08] <worried> i dont send e-mail to private ppl > [17:08] <iamnowonmai> njan: I would have guessed someone else. > [17:08] <transzorp> so since I'm lazy and don't want to read scroll > back who's wire taping who? > [17:08] <samson--> worried: you just sent an email to sans > [17:08] <worried> thats a list, its not a one on one e-mail > [17:08] <samson--> with the expectation that it was private > [17:08] <worried> no i dodnt think it was private > [17:09] <samson--> then what did you pitch a fit for? > [17:09] <worried> ethics > [17:09] <iamnowonmai> transzorp: worried has hurt feelings about his > note to the ISC being partially pasted here. > [17:09] <worried> no i dont have hurt feelings > [17:09] <worried> i jsut stated the person broke sans policy > [17:10] <Renski_> worried: stop whining alreadly > [17:10] <Renski_> he said sorry, and you havnt done the same. > [17:10] <worried> yes, i wasnt the one who brought it up again > [17:11] <worried> i did say sorry > [17:11] <worried> i said sorry for calling them dicks > [17:11] <transzorp> ok > [17:11] <worried> im not discussing a closed e-mail with this channel, > its unacceptable that this conversation is even possible > [17:12] <iamnowonmai> But you are discussing it. > [17:12] <worried> not now > [17:12] <worried> no, you brought it up > [17:12] <worried> i responded > [17:12] <iamnowonmai> That counts - you still are. > [17:12] <worried> you brought it up > [17:12] <Renski_> worried: the internet is a giant copying machine, get > over it. > [17:12] <transzorp> so since I don't really care about emails etc. > what else is going on? > [17:13] <iamnowonmai> transzorp: not much. I'm still trying to glean > more information about the Hannaford breach. > [17:13] <worried> renski: no its not actually, there are rules and > regulations for professionals > [17:13] <iamnowonmai> Now they are blaming misconfiguration. > [17:13] <worried> im finished discussing this > [17:13] <transzorp> iamnowonmai: I haven't heard about the hannaford > breach > [17:13] <Renski_> worried: really? > [17:14] * Renski_ doesnt recall signing anything > [17:14] <iamnowonmai> > > http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1306289,00.html > [17:14] <iamnowonmai> disable javascript and you bypass the registration > crap > [17:15] <iamnowonmai> also here - > > http://securosis.com/2008/03/18/picking-apart-the-hannaford-breach-what-might-have-happened/ > [17:31] <worried> sweet, thats the transcript saved > [17:31] * Disconnected > > > ---------- Forwarded message ---------- > From: n3td3v <[EMAIL PROTECTED]> > Date: Thu, Mar 20, 2008 at 5:43 PM > Subject: breach in sans policy about to go public > To: [EMAIL PROTECTED] > > > one of your sans handlers post one of the e-mails i sent to this > e-mail address to a ##security on freenode, this event has just > happened. > > i'm posting the full transcript unedited onto full-disclosure > > let's see how many media outlets pick this up :) > > he said because the e-mail was sent to [EMAIL PROTECTED] and not via > the form then > > "All submissions are kept confidential. Your submission will reach all > ISC handlers. Your e-mail address will only be used to reply to your > submission." doesn't count. > > we'll see what the public has to say eh? > > this is a major news event thats about to unfold... > > the name of the offender will remain undisclosed until i decide if i > go public with this or not and what the strategy will be.... > > the next few hours the transcript will be post to full-disclosure or > n3td3v list. maybe both. > > this is a window of opportunity for dialog if you want to have it to > stop the transcript from being made public and for the person to owe > up to sans and the other handlers that this incident has just taken > place. > > an e-mail i sent to [EMAIL PROTECTED] was in the last hour post to > ##security freenode, which led to the e-mail being publically > discussed with all the channel members, much to my embarassment. > > i dont buy his excuse that because it wasn't sent via the form then > the e-mail was allowed to be copy& pasted to a public channel and be > discussed publically, > > the person then told me to apologise for what i sent to sans infront > of everyone. > > it is a big public channel, this is completely unacceptable. > > > ---------- Forwarded message ---------- > From: n3td3v <[EMAIL PROTECTED]> > Date: Thu, Mar 20, 2008 at 8:17 PM > Subject: Re: sans handler gives out n3td3v e-mail to public > To: Johannes Ullrich <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > > > On Thu, Mar 20, 2008 at 7:08 PM, Johannes Ullrich > <[EMAIL PROTECTED]> wrote: > > n3td3v: > > > > thanks for letting us know. We will deal with this breach internally. > > n3td3v please don't make this public, please please. > > > Please refrain from sending any additional e-mail either regarding this > > incident or additional incidents to [EMAIL PROTECTED] or other aliases > used > > by this group or its individuals. > > we're begging you, please!!! > > > Thanks. > > its too late for thanks, prepare for a PR crisis. > > > [10:28] <PhilKC> Hi. > [10:31] <worried> hi > [10:32] <PhilKC> Hiya, fancy filling me in on all the details of your > issue? :) > [10:32] <worried> a sans.org handler post an e-mail i sent to > [EMAIL PROTECTED] to ##security > [10:33] <worried> this goes against their privacy agreement > [10:33] <worried> and the handler made fun of me and made me say sorry > about the e-mail > [10:33] <worried> which should never of been copy&pasted to the channel > [10:33] <worried> and then i said i want to post the channel log to a > mailing list and njan said he would k-line me if i did > [10:34] <PhilKC> Ah > [10:35] <worried> njan says he will ban me from security channel and > k-line me if i post proof of the sans violation to a public mailing > list > [10:35] <worried> this is unfair > [10:35] <worried> my rights to privacy were violated and i was made > fun of in a public freenode channel > [10:35] <PhilKC> Every channel has its own rules on public logging > (Wikipedia for example prohibits all public logging), breaking these > rules can result in you being banned from the channel/project, but, > from what you have told me, I don't see why a kline would be applied. > [10:36] <PhilKC> (njan is a channel op on ##security and as such can > enforce said rules about logging) > [10:36] <worried> so tell njan that, so i can proceed to press send on > this e-mail > [10:36] <worried> njan is just being a dick to protect his friend > [10:37] <worried> he is trying to stop me posting to a mailing list > through a technicality > [10:37] <worried> of a freenode rule > [10:37] <PhilKC> There's nothing to stop you sending the email, *but* > if it breaches the channel policy on public logging then you may be > banned from that channel. > [10:37] <worried> njan says k-line too > [10:38] <worried> he is trying his best to scare me > [10:39] <PhilKC> Hows about, before you send the mail, I have a chat > with njan and we'll see if we can sort this out? > [10:39] <worried> deal > [10:39] <PhilKC> :) > [10:39] <worried> are u a senior staff? > [10:40] <PhilKC> I'm staff, not senior though. :) > [10:40] <PhilKC> Will you be around for a couple of hours whilst I try > and summon njan? > [10:40] <worried> yes > [10:40] <PhilKC> Great, I shall poke you as soon as he's about. :) > [10:41] <PhilKC> And, thank you for coming to us to talk about the > issue, it is appreciated :) > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/