RE: Monkeybrains.net and badtrans compromise information

From: van Wyk, Ken (Ken@para-protect.com)
Date: Fri Jan 04 2002 - 11:37:41 PST

  • Next message: Ken Pfeil: "RE: Monkeybrains.net and badtrans compromise information"

    Jon Williams writes:
    > I've got to admit, I was suspicious when I got the same message, but when
    I
    > tried getting the information and was told essentially "You've got
    > compromised passwords, but you have to pay us to find out which," it
    sounds
    > more like extortion than good cyber citizenship.
    
    I'd just like to point out a couple things briefly:
    1) We have no affiliation whatsoever with monkeybrains.net;
    2) We were unaware of their intent to charge for this information;
    3) After scanning for ":443" in their database/web site and seeing > 2000
    compromised SSL-encrypted sessions, we started alerting our customers;
    4) We alerted a number of companies whose employees, customers, etc., were
    in that database, however there was no obligation or fee to any of those
    companies for our alerts;
    5) Had we known of monkeybrains.net's intention to charge for releasing the
    information, we would have noted so in the alerts that we sent to companies
    that we found in their database.
    
    Cheers,
    
    Ken
    
    Kenneth R. van Wyk
    CTO & Corporate Vice President
    Para-Protect, Inc.
    www.para-protect.com
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Jan 04 2002 - 12:38:36 PST