Reply from Clem.Colman@dva.gov.au
> text = Mr. Colman's
text = mea_culpa
--
> I know this is a moderated list, but I think that, based on what I have
> seen, the conclusion you reach in your reply needs to be questioned.
While moderated, I think I have shown that I post any intelligent
discussion on any matter. Moderation != censorship
As for my last comment about her lying to the feds, that is *easily*
backed up. This is not the first. I host an entire web page dedicated to
the crap this lady has pulled, which includes libel/slander against me,
and lying to FBI agents in attempt to indict me on hacking servers I have
never touched.
I was asked by FBI agent Randy Zhuelke in San Antonio to take a polygraph
about hacking a machine *solely* based on the fact that Carolyn Meinel
told the agent I did it. They had no logs, no hints, and absolutely
NOTHING else to base that on, and Randy told me as much once he learned
more about Ms. Meinel.
> >1.8 million eh? <snipped reasons why 1.8 million does not seem to be a
> >reasonable figure>
>
> It seems that your argument is based on the fact that the attacks have
> caused Rt66 Internet 1.8 million dollars worth of damage.
That is her claim, not mine. I heard that figure from people associated
with the Happy Hacker mail list before she posted it to any list.
> I believe the statement could imply that the 1.8 million dollars
> includes damage done to those served by Rt66 Internet. They may well be
> suing Rt66 for lose of business, punitive damages as a result of system
So an ISP foolishly leaves credit cards on an unsecure networked system,
and they want to blame anyone other than themselves? How can you blame
hackers for their poor decision?
Consider that *these* hackers made the Credit Card compromise public info.
RT66 and Carolyn Meinel have both admitted that they suffered root
compromises *multiple* times before this last incident. That means at
least two (i have heard the figure closer to eight) other attackers could
have gotten the information. Did RT66 notify customers then, or hold their
breath that massive credit card fraud wouldn't occur? They are negligent
to say the least.. criminally negligent by some definitions.
At least the customers know for sure the information was compromised this
time. And finally.. if they are being sued, isn't that public information?
If so, they should make it known to validate their 1.8 million dollar
claim. Further.. to sue RT66 for damages, damages would have to be done,
ie: credit card fraud. Has it been done? How much was done? Why are they
holding RT66 liable when the credit card company has protection and
insurance in place to stop it?
I think there are a lot of questions that need to be answered to validate
a claim of 1.8 million, and until those questions are answered, I disagree
with their assessment.
> downtime etc. Also Rt66 has to factor in it's loss of goodwill...,
> basically the loss of confidence by customers, which means they may
> change ISP when their subscription term comes up.
The credit card information was apparently sitting on the server before
this attack. The only thing new to add to the picture is that it is now
KNOWN that the information was compromised. Before this incident, the
information could have been compromised and the customers would never
know. Should that "goodwill" exist only because the customers were lied
to? Roughly one month ago, Carolyn Meinel's credit card was placed on the
web page to RT66 along with her full information. At that point, serious
question should have been raised as to the action taken by RT66 in
securing their systems, making customers aware, etc. A friend who has an
account there told me nothing was done outwardly, that they tried to cover
it up.
> I'll happily concede I have no background on this matter, which might
I'll unhappily concede I have over three years background in fighting with
this lady.
> provide some insight into the reasoning in the arguments presented.
> Perhaps you could give me a pointer to what this is all about.
Once my web server is up (hard drive crash),
http://www.sekurity.org/~shame for the Carolyn Meinel Hall of Shame page.
In case it isn't obvious, I have problems with a LOT of things she does.
:)
> Regards,
> Clem Colman
mea_culpa
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
Received on Wed Aug 19 09:41:11 1998