RE: Popular Net anonymity service back-doored

From: Drew Copley (dcopley_at_eeye.com)
Date: 08/22/03

  • Next message: Alex Russell: "Re: Popular Net anonymity service back-doored"
    To: <bugtraq@securityfocus.com>, <full-disclosure@lists.netsys.com>
    Date: Thu, 21 Aug 2003 15:29:16 -0700
    
    

    > -----Original Message-----
    > From: Aron Nimzovitch [mailto:crypto@clouddancer.com]
    > Sent: Thursday, August 21, 2003 2:42 PM
    > To: thomas.greene@theregister.co.uk
    > Cc: fw@deneb.enyo.de; bugtraq@securityfocus.com;
    > full-disclosure@lists.netsys.com
    > Subject: Re: Popular Net anonymity service back-doored
    >
    >
    >
    > Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
    > From: "Thomas C. Greene " <thomas.greene@theregister.co.uk>
    > Organization: The Register
    >
    > Leaving a hint in the source and waiting for someone to
    > call them on it may be
    > a legal strategem, but it's not a good way of maintaining user
    > trust.
    >
    > Only a fool would blindly depend on someone else's software
    > to gain anonymity without examining the code.

    Why stop at anonymity software?

    What about all software?

    >If you need
    > anonymity, then you should easily be willing to invest sweat
    > equity, or have a contractual arrangement when the threat is
    > only financial. For more serious threats requiring
    > anonymity, not reviewing the source when it is available
    > seems beyond stupid. I could unserstand your ire if you were
    > one of our clients, but this was a free service wasn't it?
    >
    > FAR

    So, then, if I gave you free code which was trojanized for my own
    interests, you deserve to be trojanized?

    I fail to see the reasoning behind this.

    Perhaps, in your isolating anonymity software from all other types of
    software you have come up with this conclusion. But, that is an
    artificial wall, so I do not see why that should even be considered.

    In fact, this is a bit like me going around and beating people up and
    then saying, "What a fool you are, you should have been working out two
    hours a day every other day like I do".

    Who reasons like this?

    Look, if you don't want to condemn these actions, great. You have a
    right to do that. Just be sure and don't condemn anyone if you ever run
    their software and get trojanized because you did not bother to
    carefully examine the source.

    As for me, I will condemn this thing, as I would not do it to someone
    else, and I would not like it to be done to me... Regardless of the type
    of software it is.

    What other software has the German police trojanized? Is it just this?


  • Next message: Alex Russell: "Re: Popular Net anonymity service back-doored"

    Relevant Pages

    • RE: Popular Net anonymity service back-doored
      ... > to gain anonymity without examining the code. ... but this was a free service wasn't it? ... I fail to see the reasoning behind this. ... Look, if you don't want to condemn these actions, great. ...
      (Full-Disclosure)
    • [Full-Disclosure] RE: Popular Net anonymity service back-doored
      ... > to gain anonymity without examining the code. ... but this was a free service wasn't it? ... I fail to see the reasoning behind this. ... Look, if you don't want to condemn these actions, great. ...
      (Full-Disclosure)
    • Re: No, I really am converting.........Read on.
      ... sincerity. ... I'd prefer to judge them by what they have to say than to ... condemn them for the username that they have chosen to use while saying ... insulting me from behind his veil of anonymity. ...
      (soc.culture.jewish.moderated)
    • [Full-Disclosure] Re: Popular Net anonymity service back-doored
      ... anonymity without examining the code. ... threats requiring anonymity, not reviewing the source when it is ... but this was a free service wasn't it? ... For more information on a proactive email security ...
      (Full-Disclosure)