On Wed, Jan 8, 2014 at 6:04 PM, brian carroll <electromagnetize@gmail.com> wrote:

coderman wrote:

...

i am exploring a gambit for disclosure post-statute-of-limitations, but even this protection seems meager and risky.

(that is a beautiful idea)

it may be a very bad idea, we'll find out together these months ahead ;) there are three tales to tell: the first: wifi security interests crossed paths with power institutions lacking tact. 2003 Synopsis scanned and vulnerable, Synopsis providing licensed IP to Intel, the Oregon behemoth, who then combined a PR ruse[0] with InfraGard pull for a FBI fishing expedition trying to catch dirt... the second: monitoring from convenient location unexpectedly colocated by covert crash pad for $TLA adventure leads to lessons on mutual authentication assurances. the third: a "research experiment" widely talked about yet so few know about. in 2007 a confluence of factors collided in the perfect storm: a Tor privacy appliance actively thwarted by VMWare, a Tor summer of code proposal rejected with prejudice, and a rash of mediocre Tor vulnerability papers garnering press and pomp for posturing poseurs. under this cloud of discontent we discovered and maximized a control port vulnerability to demonstrate both the inherent strength of a virtualized transparent proxy model, but also just how bad a truly a truly bad vulnerability can be in practice. (dialed to 11, and discovered the unbelievable without getting disappeared ;) in each a discussion of the security lessons learned, perhaps an insight here or there, much rambling implicitly entwined... that will do for now, until the future, best regards 0. called for lengthy discussion as background on article for wireless security, instead used as a scaryhacker caricature in FUD piece promoting Intel Centrino security features. never talked to media since; encourage all to never talk to media as well with rare exception. specific quote behind the interest: "Netstumbling is not against the law, says special agent Mary Kimura of the Federal Bureau of Investigation (FBI), but it comes awfully close. "It's not illegal to scan for open networks," Kimura says, "but once a theft of service, denial of service, or theft of information occurs, then it becomes a federal violation." Kimura is the Infragard coordinator in the FBI's San Francisco office."