George(s) Lessard on Sun, 3 Mar 2002 17:16:03 +0100 (CET)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[nettime-fr] French site Kitetoa.com fined for expose of security hole



------- Forwarded message follows -------
Date sent:      	Wed, 27 Feb 2002 21:29:11 -0500
To:             	politech@politechbot.com
From:           	Declan McCullagh <declan@well.com>
Subject:        	FC: French site Kitetoa.com fined for expose of security hole
Send reply to:  	declan@well.com

Here's an article about Kitetoa.com's expose of Doubleclick:
http://www.ecommercetimes.com/perl/story/8505.html

This is another good reason to publish sensitive information untraceably. 
Establish a persistent pseudonymous identity -- standard procedure would be to
generate a private-public keypair and sign your reports with it. You can also
received messages encrypted to your public key (so only you can decipher them)
and dropped in a public place such as a Usenet newsgroup or popular mailing
list. Eventually, if the legal threat disappears, you can reveal your truename
and receive credit for your earlier work.

Naturally it'll be difficult for you to get paid under this scenario, but 
doesn't everyone do this for the love of the craft? :)

-Declan

---

Date: Thu, 28 Feb 2002 02:43:06 +0100
From: Solveig <solveig@transfert.net>
Organization: transfert
To: declan@well.com
CC: "Kitetoa at Kitetoa . com" <kitetoa@kitetoa.com>
Subject: Kitetoa in danger

Hello declan,

Sorry for my bad English, but I think this story should be told...
Sadly, there's only French links until now. But American media have
already written some articles about Kitetoa, who disclosed some
security flaws in DoubleClick last year, and recently, in Choicepoint...

The webmaster of Kitetoa, a French group of security enthusiasts with a 
passion for
showing how badly protected our personal data is, has been sentenced
by a French court to a 1000 euros fine. Using nothing more than
Netscape Navigator's features, he could access to Tati's (a
clothes' discounter)file directory, and then to all consumers
profiles. He had warned the webmaster of Tati one year before about
the problem, but no
effort was made to secure the server. So he disclosed the breach of
security in an article on
www.kitetoa.com. Tati did nothing until the news was republished by an
offline mag called Newbiz - too much publicity for Tati, let's sue
those disturbers. Notice that Newbiz wasn't targeted, only the small
investigative website. Although the judge couldn't identify precisely
the nature of the "computer fraud" Kitetoa was fined for, this
sentence creates a dangerous precedent. It is likely to lead to some
more lawsuits. Kitetoa will probably have to stop its activities.

It reminds us, in France, of the story of Altern, an independent and
non-profit Internet provider who hosted 40 000 websites. Altern had
to close because it was held responsible for a nude picture of a
top-model, was fined, and then was subject to a true rain
of legal procedures coming from all the people who don't like free
speech on the Web.

Now, full disclosure is in danger.

Kitetoa's file about Kitetoa vs Tati
   
http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Tativersus_Kitetoa/index.sht
   ml

Some articles in French
http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Tati_versus_Kitetoa/papiers.txt

About Choicepoint in English :
http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin7/choicepoint-
suite
-english.shtml

About DoubleClick in English :
http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick-
engli
sh.shtml
http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick-
round
2-english.shtml
http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick-
round
3-english.shtml
http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick-
round
4-english.shtml
http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Admins/Admin6/doubleclick-
round
5-english.shtml

-- 
Best regards,
  Solveig Godeluck                         mailto:solveig@transfert.net




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------



------- End of forwarded message --------- 
:-) Message Ends; George(s) Lessard's Keywords Begin (-: 
Freelance Media Arts, Management, Training, Mentoring & Consulting 
On line: Internet / Workshops / Research / Presence / Content / 
On location: TV / Radio / Production / ENG / EFP / Editing
Interests: Access / Activism / Communities  / Cultures / Arts
Resume and more @ http://members.tripod.com/~media002
Queries / Offers / Patronage /  
Commissions should be sent to 
media@_no_spam_web.net
Rostered Volunteer UNV# 120983 & CESO/SACO VA# 11799

-Caveat Lector- Disclaimers, NOTES TO EDITORS 
&  (c) information may be found @ 
http://members.tripod.com/~media002/disclaimer.htm
Because of the nature of email & the WWW, 
please check ALL sources & subjects.
                          - 30 -

_____________________________________________
#<nettime-fr@ada.eu.org> est une liste francophone de politique,
 art et culture lies au Net; annonces et filtrage collectif de textes.
#Cette liste est moderee, pas d'utilisation commerciale sans permission.
#Archive: http://www.nettime.org contact: nettime@bbs.thing.net
#Desabonnements http://ada.eu.org/cgi-bin/mailman/listinfo/nettime-fr 
#Contact humain <nettime-fr-admin@ada.eu.org>