Jon Williams writes: > I've got to admit, I was suspicious when I got the same message, but when I > tried getting the information and was told essentially "You've got > compromised passwords, but you have to pay us to find out which," it sounds > more like extortion than good cyber citizenship. I'd just like to point out a couple things briefly: 1) We have no affiliation whatsoever with monkeybrains.net; 2) We were unaware of their intent to charge for this information; 3) After scanning for ":443" in their database/web site and seeing > 2000 compromised SSL-encrypted sessions, we started alerting our customers; 4) We alerted a number of companies whose employees, customers, etc., were in that database, however there was no obligation or fee to any of those companies for our alerts; 5) Had we known of monkeybrains.net's intention to charge for releasing the information, we would have noted so in the alerts that we sent to companies that we found in their database. Cheers, Ken Kenneth R. van Wyk CTO & Corporate Vice President Para-Protect, Inc. www.para-protect.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jan 04 2002 - 12:38:36 PST