Here's an article about Kitetoa.com's expose of Doubleclick: http://www.ecommercetimes.com/perl/story/8505.html This is another good reason to publish sensitive information untraceably. Establish a persistent pseudonymous identity -- standard procedure would be to generate a private-public keypair and sign your reports with it. You can also received messages encrypted to your public key (so only you can decipher them) and dropped in a public place such as a Usenet newsgroup or popular mailing list. Eventually, if the legal threat disappears, you can reveal your truename and receive credit for your earlier work. Naturally it'll be difficult for you to get paid under this scenario, but doesn't everyone do this for the love of the craft? :) -Declan --- Date: Thu, 28 Feb 2002 02:43:06 +0100 From: Solveig <solveigat_private> Organization: transfert To: declanat_private CC: "Kitetoa at Kitetoa . com" <kitetoaat_private> Subject: Kitetoa in danger Hello declan, Sorry for my bad English, but I think this story should be told... Sadly, there's only French links until now. But American media have already written some articles about Kitetoa, who disclosed some security flaws in DoubleClick last year, and recently, in Choicepoint... The webmaster of Kitetoa, a French group of security enthusiasts with a passion for showing how badly protected our personal data is, has been sentenced by a French court to a 1000 euros fine. Using nothing more than Netscape Navigator's features, he could access to Tati's (a clothes' discounter)file directory, and then to all consumers profiles. He had warned the webmaster of Tati one year before about the problem, but no effort was made to secure the server. So he disclosed the breach of security in an article on www.kitetoa.com. Tati did nothing until the news was republished by an offline mag called Newbiz - too much publicity for Tati, let's sue those disturbers. Notice that Newbiz wasn't targeted, only the small investigative website. Although the judge couldn't identify precisely the nature of the "computer fraud" Kitetoa was fined for, this sentence creates a dangerous precedent. It is likely to lead to some more lawsuits. Kitetoa will probably have to stop its activities. It reminds us, in France, of the story of Altern, an independent and non-profit Internet provider who hosted 40 000 websites. Altern had to close because it was held responsible for a nude picture of a top-model, was fined, and then was subject to a true rain of legal procedures coming from all the people who don't like free speech on the Web. Now, full disclosure is in danger. Kitetoa's file about Kitetoa vs Tati http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Tativersus_Kitetoa/index.shtml Some articles in French http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Tati_versus_Kitetoa/papiers.txt About Choicepoint in English : http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin7/choicepoint-suite-english.shtml About DoubleClick in English : http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick-english.shtml http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick-round2-english.shtml http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick-round3-english.shtml http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick-round4-english.shtml http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick-round5-english.shtml -- Best regards, Solveig Godeluck mailto:solveigat_private ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. Declan McCullagh's photographs are at http://www.mccullagh.org/ To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 19:14:17 PST