George(s) Lessard on Sun, 3 Mar 2002 15:04:59 +0100 (CET) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
<nettime> French site Kitetoa.com fined for expose of security hole |
------- Forwarded message follows ------- Date sent: Wed, 27 Feb 2002 21:29:11 -0500 To: politech@politechbot.com From: Declan McCullagh <declan@well.com> Subject: FC: French site Kitetoa.com fined for expose of security hole Send reply to: declan@well.com Here's an article about Kitetoa.com's expose of Doubleclick: http://www.ecommercetimes.com/perl/story/8505.html This is another good reason to publish sensitive information untraceably. Establish a persistent pseudonymous identity -- standard procedure would be to generate a private-public keypair and sign your reports with it. You can also received messages encrypted to your public key (so only you can decipher them) and dropped in a public place such as a Usenet newsgroup or popular mailing list. Eventually, if the legal threat disappears, you can reveal your truename and receive credit for your earlier work. Naturally it'll be difficult for you to get paid under this scenario, but doesn't everyone do this for the love of the craft? :) -Declan --- Date: Thu, 28 Feb 2002 02:43:06 +0100 From: Solveig <solveig@transfert.net> Organization: transfert To: declan@well.com CC: "Kitetoa at Kitetoa . com" <kitetoa@kitetoa.com> Subject: Kitetoa in danger Hello declan, Sorry for my bad English, but I think this story should be told... Sadly, there's only French links until now. But American media have already written some articles about Kitetoa, who disclosed some security flaws in DoubleClick last year, and recently, in Choicepoint... The webmaster of Kitetoa, a French group of security enthusiasts with a passion for showing how badly protected our personal data is, has been sentenced by a French court to a 1000 euros fine. Using nothing more than Netscape Navigator's features, he could access to Tati's (a clothes' discounter)file directory, and then to all consumers profiles. He had warned the webmaster of Tati one year before about the problem, but no effort was made to secure the server. So he disclosed the breach of security in an article on www.kitetoa.com. Tati did nothing until the news was republished by an offline mag called Newbiz - too much publicity for Tati, let's sue those disturbers. Notice that Newbiz wasn't targeted, only the small investigative website. Although the judge couldn't identify precisely the nature of the "computer fraud" Kitetoa was fined for, this sentence creates a dangerous precedent. It is likely to lead to some more lawsuits. Kitetoa will probably have to stop its activities. It reminds us, in France, of the story of Altern, an independent and non-profit Internet provider who hosted 40 000 websites. Altern had to close because it was held responsible for a nude picture of a top-model, was fined, and then was subject to a true rain of legal procedures coming from all the people who don't like free speech on the Web. Now, full disclosure is in danger. Kitetoa's file about Kitetoa vs Tati http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Tativersus_Kitetoa/index.sht ml Some articles in French http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Tati_versus_Kitetoa/papiers.txt About Choicepoint in English : http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin7/choicepoint- suite -english.shtml About DoubleClick in English : http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick- engli sh.shtml http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick- round 2-english.shtml http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick- round 3-english.shtml http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick- round 4-english.shtml http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick- round 5-english.shtml -- Best regards, Solveig Godeluck mailto:solveig@transfert.net ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. Declan McCullagh's photographs are at http://www.mccullagh.org/ To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ ------------------------------------------------------------------------- ------- End of forwarded message --------- :-) Message Ends; George(s) Lessard's Keywords Begin (-: Freelance Media Arts, Management, Training, Mentoring & Consulting On line: Internet / Workshops / Research / Presence / Content / On location: TV / Radio / Production / ENG / EFP / Editing Interests: Access / Activism / Communities / Cultures / Arts Resume and more @ http://members.tripod.com/~media002 Queries / Offers / Patronage / Commissions should be sent to media@_no_spam_web.net Rostered Volunteer UNV# 120983 & CESO/SACO VA# 11799 -Caveat Lector- Disclaimers, NOTES TO EDITORS & (c) information may be found @ http://members.tripod.com/~media002/disclaimer.htm Because of the nature of email & the WWW, please check ALL sources & subjects. - 30 - # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: nettime@bbs.thing.net