Hacker Leaks Unreleased CERT Reports 379
Call Me Black Cloud writes "A hacker calling himself "Hack4Life" swiped 3 unpublished vulnerability reports from a company working with CERT and posted them to the Full Disclosure mailing list. A couple of days later, he did it again (while promising weekly leaks). Wired also has a story, including a link to one of the postings."
FD and Bugtraq (Score:5, Informative)
Full disclosure link (Score:3, Informative)
http://lists.netsys.com/pipermail/full-disclosure
go to March--view by author--hack4life@hushmail.com.
Re:You've spelled Cracker wrong. (Score:1, Informative)
That may be true in many countries...but not in france. They have a language standards board that decides what changes are adopted.
Re:Interesting to note... (Score:1, Informative)
this? [smh.com.au]
carried by the rest of the world's media?
Re:Maybe it's an inside job. (Score:3, Informative)
It was the Guardian Observer... (Score:5, Informative)
oh, and link to story on subsequent arrest: (Score:3, Informative)
Re:Well.... (Score:5, Informative)
Note that isn't one of Slashdot's conspiracy theories. If you report something to CERT/CC for free, they sell it to their subscribers.
Unfortunately, this process is not defined in a way that is transparent for those who contact CERT/CC. I've seen conflicting reports regarding the question whether this sharing is mandatory or optional, implicit or explicit. Not surprisingly, the CERT/CC website is not very helpful:
(From the CERT/CC FAQ [cert.org].)Re:It was the Guardian Observer... (Score:2, Informative)
But not surprising. That's why I get my news from google [google.com]. It's not hard to tell which "unpopular" stories will fall through the cracks of US news reporting.