Cryptome has been leaking its user logs for over a year

[Steve Kinney]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The overall message I get from JYA's impressionistic essays on
network security is that in his view there ain't no such animal.
Add to this the well established security axiom across all
contexts, "a trusted entity is one that can break your security
model."  In the present context, trusting Cryptome to protect your
privacy is a sucker bet:  Either you don't care, or your own OpSec
is up to that task, or you are screwed.  This context makes the
issue at hand an object lesson in stating the obvious.

A rented, public facing, vendor configured and maintained web
server instance appears to be 'leaking' its http logs to world +
dog.  That would mean data that is supposed to be available only
to a few dozen intelligence services, tech support guise and
marketing departments is world readable.  A level playing field
with equal access for all is worse than one where access is
monopolized by a clusterfuck of privileged players why?

:o)






-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWFlEDAAoJEDZ0Gg87KR0LJKEP/RrMbcQWSeEVgXDNULqIHOV0
/hKa3G0yumMGT2Jne4yMrKlAEoCKD9x0BT03avLKaBd647mzxLfPVtQKcH1JMnCR
+y1anJRzyBa2K/5Q9vKRWtpe+N7PP5bK5nZF0l95OzxYa7rMCv6Ruzd5kJmkARcP
92y6iCKjHBmzO9Qs3HC9rxJEiwqDsOqtbWCGTce5bemriH1AymZldwrNn2DL0Q2w
k8kkhqP/1RRgAi5edKhrvwDvwlMCMAwtGK+KV9Ehv1O5KuyRCi963Uoyt5iuXvFa
98yLBe7xXOVQNl6KUynbn/oPErmCZIplkmpuMikgx40aCvzVndGj0VBxzw1RqjiW
ZKWU8+foVUXfs83Xk46i5iHTuJApGMh8L8bSUPxyd68KvB3HJw5043rO4A9g5q8/
SuIILOwDkqLTqf1baUC7tPYIs2ucT6Eo2o0bJcEmQZidgG+PQ8ZxTcdr1j0d5bGd
/JB45Rr1UY2wGV/DcFQGZ7WuMfZra7wcUL4pMk23OtRPhR1glSF1JHg64vNrybsh
EuzC56QDcHNEEgcqXTRTCCNCK20RxbpSEkib22F1tdZNk/6C6BDqpwUIo5U5nkbr
7zwau6CA1bWzWYQdIvuSlQ35VIvN03NxrddGLp0Gy9bQGQhFVV7KpNravgurs1H0
0Zv7i5ErmHlGJEr2ztRg
=cQhw
-----END PGP SIGNATURE-----