[cryptome] Re: Why cryptome sold web logs to their paying customers?
Michael Best
themikebest at gmail.com
Sun Oct 11 11:43:43 PDT 2015
>
> Has anyone stopped to think that perhaps it was on absolute purpose as a
> warning of lack of safety on his servers due to known 'but unable to speak
> about’ system compromise? Ie. The same fashion as a warrant canary, or what
> have you?
> JYA’s stance has always seemed to have been: You’re not safe, please do
> not be deluded into believing any systems, statements, or mathematical
> systems will always have your back. Perhaps this is just to bring it into
> the absolute light for those too dense to grasp this mindset.
> The above scenario would also explain his general lack of input on the
> situation — I myself have been expecting miles and miles of (interestingly
> grotesque almost) prose about the situation.
> _benjamin
>
If so, then why did he spend a week denying it, calling me a liar, saying
the data is fake and accusing it of being disinfo? And why not notify
people on the website instead of the occasional tweet about how all logs
leak/it's "not the worst"?
And if it *was* purposeful, how is *that* okay? If he leaked four months
worth of his users' logs and metadata including search terms, *to make a
point*?
> On Sun, Oct 11, 2015 at 2:02 PM, Shelley <shelley at misanthropia.org> wrote:
>
> Calling bullshit. Mirimirs right, this makes no sense. And JYA says netsol
> won't let him delete the logs but Netsol says logs are disabled by default[
> https://www.networksolutions.com/support/how-to-enable-download-the-web-logs/]
> and you have to turn them on.
> So how the fuckd this really happen?
> I truly don't know. I don't have any more info than anyone else, I was
> just musing about how it could have happened. Obviously, hearing JY's
> explanation would be the best thing.
> Also agree re: the /var/log issue, but I get the impression that the
> restored files weren't kept in the normal file tree structure. Again, I
> simply don't know and I'm not trying to be an overt JY apologist - I'm just
> saying sometimes, shit happens. It would help if he would weigh in instead
> of having dorks like me positing hypotheticals.
> -S
>
> Mirimir <mirimir at riseup.net>
> Are you arguing that users could have found those logs?
> I almost can't imagine that. Logs are normally in /var/log/ somewhere,
> and I can't imagine making them searchable. And indeed, I can't imagine
> how Cryptome archives would have included anything from /var/log/, even
> after system restore from backups.
> <--SNIP-->
> > Should access logs be kept for that long? Absolutely not. From what I>
> have read in the email exchange that was posted, the log files were>
> included in a NetSol total restore. My guess is that John/Cryptome did> not
> intentionally keep these files, and did not realize these files were>
> included in the archive.
> But that's the thing. Logs should have been in /var/log/. And how would
> the "NetSol total restore" have changed that?
> > When I do incremental backups or updates on my own systems, I don't>
> usually go back and check the integrity of files I've already archived> in
> my closed system. I can see where this could be an honest mistake> that has
> gotten blown way out of proportion. It's a good lesson to be> more aware of
> these types of glitches.
> I still don't get how logs would have ended up in archives. Maybe JYA
> prepared a special set of archives for a collaborator. Maybe for someone
> helping him to understand what had happened. And then maybe he forgot
> about doing that. Hard to say.
>
>
>
> On October 11, 2015 10:14:15 AM "Dr. J Feinstein" <drjfeinstein at mail.com>
> wrote:
>
>> Resend–HTML email scrubbed
>>
>
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4969 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20151011/645c4378/attachment-0002.txt>
More information about the cypherpunks
mailing list