Author Topic: come home  (Read 13827 times)

0 Members and 1 Guest are viewing this topic.

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: come home
« Reply #15 on: December 16, 2010, 02:44:23 pm »
I don't care if it's Canadian, American, or European data - releasing it without the company's knowledge is wrong, both legally and ethically.

And for what it's worth, I've already talked to investigators about the situation. The company in question is taking this very seriously.
I was speaking from a purely legal standpoint, not a moral one. FWIW I agree with you that working with the company to secure their data is more ethical. And makes you more money.
Even legally - if I cause significant financial damage to a company, which this potentially could (especially being the X-mas season), they're going to go after me no matter which country I'm in (provided it isn't an unfriendly one).

Quick!  Move to Iraq!
Isn't Iraq owned by the US now?


Either way, it's not exactly friendly. :)

No, I'm not really sure what gave you that idea.. :P

Why would you be afraid of legal action if you aren't a national of the US? I highly doubt Canada would extradite you like that, if push came to shove.

I mean, assuming you haven't gotten passwords to the NYSE admin accounts or something. If you did that I would bow.
I don't care if it's Canadian, American, or European data - releasing it without the company's knowledge is wrong, both legally and ethically.

And for what it's worth, I've already talked to investigators about the situation. The company in question is taking this very seriously.


Release it anonymously!

I don't think it's unambiguously wrong from a moral standpoint.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: come home
« Reply #16 on: December 16, 2010, 03:55:10 pm »
Release it anonymously!

I don't think it's unambiguously wrong from a moral standpoint.
I think it is. I have 5 million passwords belonging to ~15 million users. I'd be directly harming some proportion of those users. That makes it wrong in my mind.

Additionally, there is some malice at play - somebody stole these, and right now investigators are trying to find that person/people. If I release it with the name of the company in question, those people are going to be tipped off that others know what's going on and will likely be more difficult to find.

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: come home
« Reply #17 on: December 16, 2010, 04:42:18 pm »
My suggestions are in jest.

I still don't think it's absolutely wrong, though, even if it does hurt people.

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: come home
« Reply #18 on: December 16, 2010, 04:46:28 pm »
I still don't think it's absolutely wrong, though, even if it does hurt people.
If a company had amassed data on people illegally, they'd get away with it as long as possible. I agree with your statement that it's not absolutely wrong, just could end up doing lots of damage. I don't know what Gawker is, so I'm talking in general terms of releasing passwords.
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: come home
« Reply #19 on: December 16, 2010, 04:51:52 pm »
I still don't think it's absolutely wrong, though, even if it does hurt people.
If a company had amassed data on people illegally, they'd get away with it as long as possible. I agree with your statement that it's not absolutely wrong, just could end up doing lots of damage. I don't know what Gawker is, so I'm talking in general terms of releasing passwords.
This isn't about Gawker - those passwords are out there and everybody has them. And they aren't doing *that much* damage - it isn't that important of a site, most people register with crap passwords to comment.

What we're talking about is a large financial site with 10x as many passwords breached. I have the passwords, but I don't want to name the site or anything until it hits the press on its own. It's being actively investigated. :)

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: come home
« Reply #20 on: December 16, 2010, 05:45:38 pm »
Tell me the company, website, and number of passwords and I'll go tell Slashdot then everyone can know and then you can do your stuff :D