|
|
BugTraq
Popular Net anonymity service back-doored Aug 21 2003 04:56AM Thomas C. Greene (thomas greene theregister co uk) (4 replies) Re: Popular Net anonymity service back-doored Aug 21 2003 06:38PM Florian Weimer (fw deneb enyo de) (1 replies) Re: Popular Net anonymity service back-doored Aug 21 2003 12:05PM Thomas C. Greene (thomas greene theregister co uk) (3 replies) Re: Popular Net anonymity service back-doored Aug 21 2003 10:30PM Alex Russell (alex netWindows org) Re: Popular Net anonymity service back-doored Aug 21 2003 09:41PM Aron Nimzovitch (crypto clouddancer com) (2 replies) Re: Popular Net anonymity service back-doored Aug 21 2003 04:42PM Andreas Kuntzagk (andreas kuntzagk mdc-berlin de) (1 replies) RE: Popular Net anonymity service back-doored Aug 21 2003 08:16PM Drew Copley (dcopley eeye com) (1 replies) Re: Popular Net anonymity service back-doored Aug 21 2003 10:35PM Richard Stevens (mail richardstevens de) |
|
Privacy Statement |
> -----Original Message-----
> From: Aron Nimzovitch [mailto:crypto (at) clouddancer (dot) com [email concealed]]
> Sent: Thursday, August 21, 2003 2:42 PM
> To: thomas.greene (at) theregister.co (dot) uk [email concealed]
> Cc: fw (at) deneb.enyo (dot) de [email concealed]; bugtraq (at) securityfocus (dot) com [email concealed];
> full-disclosure (at) lists.netsys (dot) com [email concealed]
> Subject: Re: Popular Net anonymity service back-doored
>
>
>
> Mailing-List: contact bugtraq-help (at) securityfocus (dot) com [email concealed]; run by ezmlm
> From: "Thomas C. Greene " <thomas.greene (at) theregister.co (dot) uk [email concealed]>
> Organization: The Register
>
> Leaving a hint in the source and waiting for someone to
> call them on it may be
> a legal strategem, but it's not a good way of maintaining user
> trust.
>
> Only a fool would blindly depend on someone else's software
> to gain anonymity without examining the code.
Why stop at anonymity software?
What about all software?
>If you need
> anonymity, then you should easily be willing to invest sweat
> equity, or have a contractual arrangement when the threat is
> only financial. For more serious threats requiring
> anonymity, not reviewing the source when it is available
> seems beyond stupid. I could unserstand your ire if you were
> one of our clients, but this was a free service wasn't it?
>
> FAR
So, then, if I gave you free code which was trojanized for my own
interests, you deserve to be trojanized?
I fail to see the reasoning behind this.
Perhaps, in your isolating anonymity software from all other types of
software you have come up with this conclusion. But, that is an
artificial wall, so I do not see why that should even be considered.
In fact, this is a bit like me going around and beating people up and
then saying, "What a fool you are, you should have been working out two
hours a day every other day like I do".
Who reasons like this?
Look, if you don't want to condemn these actions, great. You have a
right to do that. Just be sure and don't condemn anyone if you ever run
their software and get trojanized because you did not bother to
carefully examine the source.
As for me, I will condemn this thing, as I would not do it to someone
else, and I would not like it to be done to me... Regardless of the type
of software it is.
What other software has the German police trojanized? Is it just this?
[ reply ]