Re: [Full-disclosure] An idea of leaking alternative to wikileaks
> I did understand the differences. The main issue is that "dangerous" > material may be published anonymously without verification or indeed, any > peer review. > > Keep in mind that you can easily set off people by telling them a UFO > crashed in the centre of New York, and there are actually those that would > believe it. > > Just consider the kind of laymen running blogs and how they react over > anything that stirs the slightest "news". I am with you on this one. Take a look at the shitstorm in Pakistan over faked wikileaks cables (0), (1) & (2). (0) http://www.google.com/hostednews/afp/article/ALeqM5jP2p0uuRX56yc0w9vXP8PRH5t5YA?docId=CNG.ff5b1dec5d31e4c8a507f2ccde331d41.881 (1) http://www.dawn.com/2010/12/17/massaging-public-opinion.html (2) http://www.thehindu.com/news/international/article948427.ece ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An idea of leaking alternative to wikileaks
On Thu, Dec 16, 2010 at 10:03:56PM +0100, Christian Sciberras wrote: > Ahh, where was my head?!! > > > Replace "lunatic" with "sheep". > > :) > > itz all the same, only the namez will change: when we reach multi billions of sheepz YOU will be called an ``овца'' :) > > > > On Thu, Dec 16, 2010 at 6:56 PM, Georgi Guninski wrote: > > > On Wed, Dec 15, 2010 at 12:24:28PM +0100, Christian Sciberras wrote: > > > > > > Just because someone got busted and found a number of lunatics in > > providing > > > mirrors doesn't mean there's a whole industry. If anything, there must be > > > some > > > > when we reach billions of lunatics YOU will be called a lunatic :) > > > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An idea of leaking alternative to wikileaks
Ahh, where was my head?!! Replace "lunatic" with "sheep". :) On Thu, Dec 16, 2010 at 6:56 PM, Georgi Guninski wrote: > On Wed, Dec 15, 2010 at 12:24:28PM +0100, Christian Sciberras wrote: > > > > Just because someone got busted and found a number of lunatics in > providing > > mirrors doesn't mean there's a whole industry. If anything, there must be > > some > > when we reach billions of lunatics YOU will be called a lunatic :) > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An idea of leaking alternative to wikileaks
On Wed, Dec 15, 2010 at 12:24:28PM +0100, Christian Sciberras wrote: > > Just because someone got busted and found a number of lunatics in providing > mirrors doesn't mean there's a whole industry. If anything, there must be > some when we reach billions of lunatics YOU will be called a lunatic :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An idea of leaking alternative to wikileaks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > i've been writing during past week a concept of leak management system Don't people see the irony of systems designed for leaking information anonymously? Tillmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJNCNSnAAoJEH195S4iyWW4sGkH/1tmKXmddw3P0m6Ov6BiH8L4 ZOzLiXj8aWdB0P0qzVncWzQw3w2+8uSonEUrvmOeIZId4n3mIbof1m3hlhGK3g7/ AKU7oKe2APambcO2r8+Ze2ODLC2/ghdOWIVJwSDf2kVCIoWMiFXyiv1WXX6bDH0K gyEALGPEHb7vEUj6HYjx+hrffWqbzRUuJKSuA05u2jnezMRfWgB+H9wqHsCYvbAJ iWkzlpi1T1LotksEWQAZxQj481peJ7UCPkjNYDHtkroC9Wp713RDbUtXtgQADpTx GDlHj8VnFC2QPAZFWVOgUZmo6qoCQHU18LoWRMGD3knDcgvnjPso1KALPDUt7MA= =HqQT -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An idea of leaking alternative to wikileaks
On Wed, Dec 15, 2010 at 4:21 AM, Fabio Pietrosanti (naif) wrote: > Hi all, > > i've been writing during past week a concept of leak management system with > the following main differences with wikileaks: > > Concentrate on leak amplification to let leaks reach media > No editing or publishing > Fully distributed organizations > Use best of existing anonymous networks (TOR/FreeNET) > > It has been named "openleak" (without the "s") but maybe it would be better > to change the name due to the misconfusion of "openleak.org" with > "openleaks.org" (the one in progress from daniel berg, ex-wikileaks). > > The OpenLeakProject.pdf with methodology analysis can be downloaded from > https://uloadr.com/u/91.pdf . > > Maybe nothing will be done, maybe something will be done, who know i > just want to share my idea with the nerdish hackish security community. > > That concept would require to be reviewed, to be put on the web ed > eventually start a community to discuss it and build-it ? > > Who know? > > Anyone willing to participate to a project like this contact me, maybe we > can arrange something? It sounds a lot like Onion Routing meets Usenet. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An idea of leaking alternative to wikileaks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 15/12/2010 11:34, Fabio Pietrosanti (naif) wrote: > On 15/12/10 12.24, Christian Sciberras wrote: >>> Which kind of trouble you refer to? It's nice to ear about understanding >>> and risks analysis on that stuff. >> >> Libel, fraud, sharing of illegal material. >> >> Hey, if you're really intent on going along with this, be my guest. >> I'll be watching >> the drama fold from afar. Same kind of stuff that happened with/to >> Wikileaks. >> A momentary hit/fad/hype and the next it's laughed of until it's >> forgotten... > > Not to criticitze you but it seems to me that you have not understood > which are the differences. > > Wikileaks does editing and publishing and that was his main source of > responsibility. > > Upcoming leaking methods doesn't do, like this openleak concept and the > http://openleaks.org that daniel berg (ex-wikileaks) is setting up. > http://blogs.forbes.com/andygreenberg/2010/12/09/how-openleaks-the-first-wikileaks-spinoff-will-work/ > > We'll probably see a lot of different approaches to leak management, > from the easier and dirty one to the most complex one. > > It's precious raw material for media, doesn't expect that it will not > get a value. > Cheers > > -naif > There is opportunity beyond the Media. Discover i) Who would benefit most from reading the raw material. ii) Who would suffer most damage from exposure of the raw material. Then i) Let the parties discovered in i) and ii) become aware of each other and each others desire for the raw material you have. ii) Have an auction, I hear e-bay is pretty good. Each man has his price. - -- Mankind's systems are white sticks tapping walls. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTQivCLIvn8UFHWSmAQKg4wf/bRGiiPKJTv71aRqPLn8zMAy4Ag1jmcv9 0ftDbXBX6F1TY1H/hIEtPftv5qedVoxIUmjoeXY/Gk450IzPeobJyKcZyJON1fAT XY9+vbNdnLSPh9v76auZotX0ZxEIIfBzDQXa27vwjNuIP7viFXCk4ncsxplMi0NK skM7hlEk+DMow6TFKlj+aBCP7qrhepazkHmsQy6Io2b3OdiqQ2p2BB12gqOr+z8n 2le+ynK+9MrFTd+k7AR5OM4+F7Ua3H4znSbCP/K2/aKH1YZjiLxKcl6eY9Ns9qaP lTgpPRAhCjtrUlbbyTQ184CBqy5JN7NiXcXDOOxvra1sChzFluH2Sg== =eU8Z -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An idea of leaking alternative to wikileaks
> Not to criticitze you but it seems to me that you have not understood > which are the differences. No problem with that. That's part of the point of discussion. I did understand the differences. The main issue is that "dangerous" material may be published anonymously without verification or indeed, any peer review. Keep in mind that you can easily set off people by telling them a UFO crashed in the centre of New York, and there are actually those that would believe it. Just consider the kind of laymen running blogs and how they react over anything that stirs the slightest "news". If it failed when the internet outreach was quite small, it will fail faster with today's media. Unless, you're trying to target twits and faceless faces as your peers. Anyhow, let's move away from my little rant. Each type of leak - actually, each different leak, is different in itself. One shouldn't make a policy out of leaking - unlike Wikileaks, where full-disclosure (and grab all the media attention) is what drove them. This is the same reason peer review is important. But given size of leaks like those cables, what guarantee do you have that someone doesn't defect in favour of personal fame? Chris. On Wed, Dec 15, 2010 at 12:34 PM, Fabio Pietrosanti (naif) < li...@infosecurity.ch> wrote: > On 15/12/10 12.24, Christian Sciberras wrote: > > > Which kind of trouble you refer to? It's nice to ear about > understanding > > > and risks analysis on that stuff. > > > > Libel, fraud, sharing of illegal material. > > > > Hey, if you're really intent on going along with this, be my guest. > > I'll be watching > > the drama fold from afar. Same kind of stuff that happened with/to > > Wikileaks. > > A momentary hit/fad/hype and the next it's laughed of until it's > > forgotten... > > Not to criticitze you but it seems to me that you have not understood > which are the differences. > > Wikileaks does editing and publishing and that was his main source of > responsibility. > > Upcoming leaking methods doesn't do, like this openleak concept and the > http://openleaks.org that daniel berg (ex-wikileaks) is setting up. > > http://blogs.forbes.com/andygreenberg/2010/12/09/how-openleaks-the-first-wikileaks-spinoff-will-work/ > > We'll probably see a lot of different approaches to leak management, > from the easier and dirty one to the most complex one. > > It's precious raw material for media, doesn't expect that it will not > get a value. > > Cheers > > -naif > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An idea of leaking alternative to wikileaks
On 15/12/10 12.24, Christian Sciberras wrote: > > Which kind of trouble you refer to? It's nice to ear about understanding > > and risks analysis on that stuff. > > Libel, fraud, sharing of illegal material. > > Hey, if you're really intent on going along with this, be my guest. > I'll be watching > the drama fold from afar. Same kind of stuff that happened with/to > Wikileaks. > A momentary hit/fad/hype and the next it's laughed of until it's > forgotten... Not to criticitze you but it seems to me that you have not understood which are the differences. Wikileaks does editing and publishing and that was his main source of responsibility. Upcoming leaking methods doesn't do, like this openleak concept and the http://openleaks.org that daniel berg (ex-wikileaks) is setting up. http://blogs.forbes.com/andygreenberg/2010/12/09/how-openleaks-the-first-wikileaks-spinoff-will-work/ We'll probably see a lot of different approaches to leak management, from the easier and dirty one to the most complex one. It's precious raw material for media, doesn't expect that it will not get a value. Cheers -naif ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An idea of leaking alternative to wikileaks
Hi Fabio and others Full-Disclosure readers, Have you seen how WikiLeaks are editing already released cables? Seems like WikiLeaks do not believe in Full-Disclosure and WL "partners" has already created "Ministry of Truth" (from Orwell's final novel 1984). For example in http://wikileaks.ch/cable/2008/07/08OTTAWA918.html on Dec 14 20:58 GMT entire paragraph about law been an "distraction" for law enforcement bodies was deleted: WAS (starting from Nov 30 07:18 GMT) "¶3. (S/NF) Responding to Dr. Cohen's query, Judd said CSIS had responded to recent, non-specific intelligence on possible terror operations by "vigorously harassing" known Hezbollah members in Canada. According to Judd, CSIS' current assessment is that no attack is "in the offing" in Canada. He noted, however, that Hezbollah members, and their lawyers, were considering new avenues of litigation resulting from recent court rulings that, Judd complained, had inappropriately treated intelligence agencies like law enforcement bodies (refs A and C). The Director observed that CSIS was "sinking deeper and deeper into judicial processes," making Legal Affairs the fastest growing division of his organization. Indeed, he added, legal challenges were becoming a "distraction" that could have a major "chill effect" on intelligence officials." NOW (starting from ~Dec 14 20:58 GMT): "¶3. (S/NF) " Source: Cablegate-Diff-201012142058 from http://www.privetbank.com.ua/cablegate/index.html Wikileaks hiding names is acceptable, but why legit content of USG cable is edited and deleted? Newspeak? Who can be hurt or killed because of this paragraph? If citizens in a democracy want their governments to reflect their wishes, they should ask to see what’s going on during WikiLeaks publishing/editing. -- Andriy G. Tereshchenko Odessa, Ukraine On Wed, Dec 15, 2010 at 11:21 AM, Fabio Pietrosanti (naif) wrote: > > Hi all, > > i've been writing during past week a concept of leak management system with > the following main differences with wikileaks: > > Concentrate on leak amplification to let leaks reach media > No editing or publishing > Fully distributed organizations > Use best of existing anonymous networks (TOR/FreeNET) > > It has been named "openleak" (without the "s") but maybe it would be better > to change the name due to the misconfusion of "openleak.org" with > "openleaks.org" (the one in progress from daniel berg, ex-wikileaks). > > The OpenLeakProject.pdf with methodology analysis can be downloaded from > https://uloadr.com/u/91.pdf . > > Maybe nothing will be done, maybe something will be done, who know i just > want to share my idea with the nerdish hackish security community. > > That concept would require to be reviewed, to be put on the web ed eventually > start a community to discuss it and build-it ? > > Who know? > > Anyone willing to participate to a project like this contact me, maybe we can > arrange something? > > Fabio Pietrosanti (naif) > blog http://infosecurity.ch ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An idea of leaking alternative to wikileaks
> It's a matter of splitting up responsibility among various players and > distributing almost everything. Leaking information is not a game, unlike some kids seem to think. > With the growing number of improvised leak sites and more to come in > future, most doesn't even have a methodology/risk model or fully > understand the level of risks they are taking. Just because someone got busted and found a number of lunatics in providing mirrors doesn't mean there's a whole industry. If anything, there must be some industry in making good use of these said lunatics. Perhaps, by teaching them the difference between "hacking" and "script-kidding" websites. > That's just an idea of a possible methodology. Which people tried already...and failed. > Which kind of trouble you refer to? It's nice to ear about understanding > and risks analysis on that stuff. Libel, fraud, sharing of illegal material. Hey, if you're really intent on going along with this, be my guest. I'll be watching the drama fold from afar. Same kind of stuff that happened with/to Wikileaks. A momentary hit/fad/hype and the next it's laughed of until it's forgotten... Cheers, Chris. On Wed, Dec 15, 2010 at 12:11 PM, Fabio Pietrosanti (naif) < li...@infosecurity.ch> wrote: > It's a matter of splitting up responsibility among various players and > distributing almost everything. > > With the growing number of improvised leak sites and more to come in > future, most doesn't even have a methodology/risk model or fully > understand the level of risks they are taking. > > That's just an idea of a possible methodology. > > Which kind of trouble you refer to? It's nice to ear about understanding > and risks analysis on that stuff. > > -naif > > On 15/12/10 12.01, Christian Sciberras wrote: > > Nice recipe to easily end up in a ton of trouble and ridicule. > > > > My 2 cents... > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An idea of leaking alternative to wikileaks
It's a matter of splitting up responsibility among various players and distributing almost everything. With the growing number of improvised leak sites and more to come in future, most doesn't even have a methodology/risk model or fully understand the level of risks they are taking. That's just an idea of a possible methodology. Which kind of trouble you refer to? It's nice to ear about understanding and risks analysis on that stuff. -naif On 15/12/10 12.01, Christian Sciberras wrote: > Nice recipe to easily end up in a ton of trouble and ridicule. > > My 2 cents... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An idea of leaking alternative to wikileaks
Nice recipe to easily end up in a ton of trouble and ridicule. My 2 cents... On Wed, Dec 15, 2010 at 10:21 AM, Fabio Pietrosanti (naif) < li...@infosecurity.ch> wrote: > Hi all, > > i've been writing during past week a concept of leak management system with > the following main differences with wikileaks: > >- Concentrate on leak amplification to let leaks reach media >- No editing or publishing >- Fully distributed organizations >- Use best of existing anonymous networks (TOR/FreeNET) > > It has been named "openleak" (without the "s") but maybe it would be better > to change the name due to the misconfusion of "openleak.org" with " > openleaks.org" (the one in progress from daniel berg, ex-wikileaks). > > The OpenLeakProject.pdf with methodology analysis can be downloaded from > https://uloadr.com/u/91.pdf . > > Maybe nothing will be done, maybe something will be done, who know i > just want to share my idea with the nerdish hackish security community. > > That concept would require to be reviewed, to be put on the web ed > eventually start a community to discuss it and build-it ? > > Who know? > > Anyone willing to participate to a project like this contact me, maybe we > can arrange something? > > Fabio Pietrosanti (naif) > blog http://infosecurity.ch > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] An idea of leaking alternative to wikileaks
Hi all, i've been writing during past week a concept of leak management system with the following main differences with wikileaks: * Concentrate on leak amplification to let leaks reach media * No editing or publishing * Fully distributed organizations * Use best of existing anonymous networks (TOR/FreeNET) It has been named "openleak" (without the "s") but maybe it would be better to change the name due to the misconfusion of "openleak.org" with "openleaks.org" (the one in progress from daniel berg, ex-wikileaks). The OpenLeakProject.pdf with methodology analysis can be downloaded from https://uloadr.com/u/91.pdf . Maybe nothing will be done, maybe something will be done, who know i just want to share my idea with the nerdish hackish security community. That concept would require to be reviewed, to be put on the web ed eventually start a community to discuss it and build-it ? Who know? Anyone willing to participate to a project like this contact me, maybe we can arrange something? Fabio Pietrosanti (naif) blog http://infosecurity.ch ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/