FC: French site Kitetoa.com fined for expose of security hole

From: Declan McCullagh (declanat_private)
Date: Wed Feb 27 2002 - 18:29:11 PST

  • Next message: Declan McCullagh: "FC: Australian cops interrogate Jim-Bell quoting online anarchist"

    Here's an article about Kitetoa.com's expose of Doubleclick:
    This is another good reason to publish sensitive information untraceably. 
    Establish a persistent pseudonymous identity -- standard procedure would be 
    to generate a private-public keypair and sign your reports with it. You can 
    also received messages encrypted to your public key (so only you can 
    decipher them) and dropped in a public place such as a Usenet newsgroup or 
    popular mailing list. Eventually, if the legal threat disappears, you can 
    reveal your truename and receive credit for your earlier work.
    Naturally it'll be difficult for you to get paid under this scenario, but 
    doesn't everyone do this for the love of the craft? :)
    Date: Thu, 28 Feb 2002 02:43:06 +0100
    From: Solveig <solveigat_private>
    Organization: transfert
    To: declanat_private
    CC: "Kitetoa at Kitetoa . com" <kitetoaat_private>
    Subject: Kitetoa in danger
    Hello declan,
    Sorry for my bad English, but I think this story should be told...
    Sadly, there's only French links until now. But American media have
    already written some articles about Kitetoa, who disclosed some
    security flaws in DoubleClick last year, and recently, in Choicepoint...
    The webmaster of Kitetoa, a French group of security enthusiasts with a 
    passion for
    showing how badly protected our personal data is, has been sentenced
    by a French court to a 1000 euros fine. Using nothing more than
    Netscape Navigator's features, he could access to Tati's (a
    clothes' discounter)file directory, and then to all consumers
    profiles. He had warned the webmaster of Tati one year before about
    the problem, but no
    effort was made to secure the server. So he disclosed the breach of
    security in an article on
    www.kitetoa.com. Tati did nothing until the news was republished by an
    offline mag called Newbiz - too much publicity for Tati, let's sue
    those disturbers. Notice that Newbiz wasn't targeted, only the small
    investigative website. Although the judge couldn't identify precisely
    the nature of the "computer fraud" Kitetoa was fined for, this
    sentence creates a dangerous precedent. It is likely to lead to some
    more lawsuits. Kitetoa will probably have to stop its activities.
    It reminds us, in France, of the story of Altern, an independent and
    non-profit Internet provider who hosted 40 000 websites. Altern had
    to close because it was held responsible for a nude picture of a
    top-model, was fined, and then was subject to a true rain
    of legal procedures coming from all the people who don't like free
    speech on the Web.
    Now, full disclosure is in danger.
    Kitetoa's file about Kitetoa vs Tati
    Some articles in French
    About Choicepoint in English :
    About DoubleClick in English :
    Best regards,
      Solveig Godeluck                         mailto:solveigat_private
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/

    This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 19:14:17 PST