come home

[Sidoh]

you have some work to do.  analyze the gawker passwords, bitch!

I may download them and do a little analysis myself. ;P

[iago]

you need to follow me on twitter!

6 minutes ago:
@iagox86 450,442/748,081 (60.2%) of Gawker hashes cracked so far. Thanks to everybody who's shared their results with us!


Also, I've been home since Dec 4.

[Sidoh]

Cool.

[Newby]

Haha. I saw this on the news and thought "I bet iago is up to something..."

Scary that I was right!

[iago]

We have a much bigger password list from a much higher profile site (a financial one in fact) that we're sitting on. We don't want to be the first ones to break the story for fear of legal action, so we're cracking way and waiting for somebody else to slip up

[Blaze]

We have a much bigger password list from a much higher profile site (a financial one in fact) that we're sitting on. We don't want to be the first ones to break the story for fear of legal action, so we're cracking way and waiting for somebody else to slip up

So.. is this a Canadian site? 

[Joe]

You say "we". You and the other 11 iagi? Or is S.S. (I think I like that, The S.S.) no longer a one-man operation?

[iago]

We have a much bigger password list from a much higher profile site (a financial one in fact) that we're sitting on. We don't want to be the first ones to break the story for fear of legal action, so we're cracking way and waiting for somebody else to slip up

So.. is this a Canadian site? 

No, I'm not really sure what gave you that idea..

[deadly7]

No, I'm not really sure what gave you that idea..

Why would you be afraid of legal action if you aren't a national of the US? I highly doubt Canada would extradite you like that, if push came to shove.

I mean, assuming you haven't gotten passwords to the NYSE admin accounts or something. If you did that I would bow.

[Joe]

Cmon deadly, this is the guy who h4xx3d Facebook.

[iago]

No, I'm not really sure what gave you that idea..

Why would you be afraid of legal action if you aren't a national of the US? I highly doubt Canada would extradite you like that, if push came to shove.

I mean, assuming you haven't gotten passwords to the NYSE admin accounts or something. If you did that I would bow.

I don't care if it's Canadian, American, or European data - releasing it without the company's knowledge is wrong, both legally and ethically.

And for what it's worth, I've already talked to investigators about the situation. The company in question is taking this very seriously.

[deadly7]

I don't care if it's Canadian, American, or European data - releasing it without the company's knowledge is wrong, both legally and ethically.

And for what it's worth, I've already talked to investigators about the situation. The company in question is taking this very seriously.

I was speaking from a purely legal standpoint, not a moral one. FWIW I agree with you that working with the company to secure their data is more ethical. And makes you more money.

[iago]

I don't care if it's Canadian, American, or European data - releasing it without the company's knowledge is wrong, both legally and ethically.

And for what it's worth, I've already talked to investigators about the situation. The company in question is taking this very seriously.

I was speaking from a purely legal standpoint, not a moral one. FWIW I agree with you that working with the company to secure their data is more ethical. And makes you more money.

Even legally - if I cause significant financial damage to a company, which this potentially could (especially being the X-mas season), they're going to go after me no matter which country I'm in (provided it isn't an unfriendly one).

[rabbit]

I don't care if it's Canadian, American, or European data - releasing it without the company's knowledge is wrong, both legally and ethically.

And for what it's worth, I've already talked to investigators about the situation. The company in question is taking this very seriously.

I was speaking from a purely legal standpoint, not a moral one. FWIW I agree with you that working with the company to secure their data is more ethical. And makes you more money.

Even legally - if I cause significant financial damage to a company, which this potentially could (especially being the X-mas season), they're going to go after me no matter which country I'm in (provided it isn't an unfriendly one).

Quick!  Move to Iraq!

[iago]

I don't care if it's Canadian, American, or European data - releasing it without the company's knowledge is wrong, both legally and ethically.

And for what it's worth, I've already talked to investigators about the situation. The company in question is taking this very seriously.

I was speaking from a purely legal standpoint, not a moral one. FWIW I agree with you that working with the company to secure their data is more ethical. And makes you more money.

Even legally - if I cause significant financial damage to a company, which this potentially could (especially being the X-mas season), they're going to go after me no matter which country I'm in (provided it isn't an unfriendly one).

Quick!  Move to Iraq!

Isn't Iraq owned by the US now?

[Sidoh]

I don't care if it's Canadian, American, or European data - releasing it without the company's knowledge is wrong, both legally and ethically.

And for what it's worth, I've already talked to investigators about the situation. The company in question is taking this very seriously.

I was speaking from a purely legal standpoint, not a moral one. FWIW I agree with you that working with the company to secure their data is more ethical. And makes you more money.

Even legally - if I cause significant financial damage to a company, which this potentially could (especially being the X-mas season), they're going to go after me no matter which country I'm in (provided it isn't an unfriendly one).

Quick!  Move to Iraq!

Isn't Iraq owned by the US now?

Either way, it's not exactly friendly.

No, I'm not really sure what gave you that idea..

Why would you be afraid of legal action if you aren't a national of the US? I highly doubt Canada would extradite you like that, if push came to shove.

I mean, assuming you haven't gotten passwords to the NYSE admin accounts or something. If you did that I would bow.

I don't care if it's Canadian, American, or European data - releasing it without the company's knowledge is wrong, both legally and ethically.

And for what it's worth, I've already talked to investigators about the situation. The company in question is taking this very seriously.

Release it anonymously!

I don't think it's unambiguously wrong from a moral standpoint.

[iago]

Release it anonymously!

I don't think it's unambiguously wrong from a moral standpoint.

I think it is. I have 5 million passwords belonging to ~15 million users. I'd be directly harming some proportion of those users. That makes it wrong in my mind.

Additionally, there is some malice at play - somebody stole these, and right now investigators are trying to find that person/people. If I release it with the name of the company in question, those people are going to be tipped off that others know what's going on and will likely be more difficult to find.

[Sidoh]

My suggestions are in jest.

I still don't think it's absolutely wrong, though, even if it does hurt people.

[deadly7]

I still don't think it's absolutely wrong, though, even if it does hurt people.

If a company had amassed data on people illegally, they'd get away with it as long as possible. I agree with your statement that it's not absolutely wrong, just could end up doing lots of damage. I don't know what Gawker is, so I'm talking in general terms of releasing passwords.

[iago]

I still don't think it's absolutely wrong, though, even if it does hurt people.

If a company had amassed data on people illegally, they'd get away with it as long as possible. I agree with your statement that it's not absolutely wrong, just could end up doing lots of damage. I don't know what Gawker is, so I'm talking in general terms of releasing passwords.

This isn't about Gawker - those passwords are out there and everybody has them. And they aren't doing *that much* damage - it isn't that important of a site, most people register with crap passwords to comment.

What we're talking about is a large financial site with 10x as many passwords breached. I have the passwords, but I don't want to name the site or anything until it hits the press on its own. It's being actively investigated.

[rabbit]

Tell me the company, website, and number of passwords and I'll go tell Slashdot then everyone can know and then you can do your stuff