[LinuxUsers] Dan Tentler's script kiddie antics last night

[Roger E. Rustad, Jr.]

Dan, since you cc'd the group in your exchange with me, then I will 
assume that it's okay to continue cc'ing them in this email exchange 
back to you.

I personally consider your actions inappropriate, and I have asked 
others here in a public forum on what they think.  I don't expect others 
to necessarily concur, and I am asking for their input.

As I told you in a previous email this morning, if this sort of activity 
is "okay" to you, then I and several others will likely start working 
with other people in the tech community in protecting them from these 
sorts of antics when you are around.

In the words of The Dude in the Big Lebowsky, "This aggression will not 
stand!"

Dan Tentler wrote:
> Wow, thanks for totally scolding me like a little child Rog, I'm glad to 
> know that you look up to me like a respectable member of the community.
> 
> Sounds to me like the beginning of a witch hunt. Sounds like you're 
> trying to 'rally everyone to your cause'.
> 
> Sort of funny you think doing a MITM attack is 'script kiddie' level 
> though, it just illustrates to me your depth of knowledge with security.
> 
> As I have no intention of 'feeding the troll', as it were - I'll not 
> address your points - it's just going to start a flame war.
> 
> Just picture me shaking my head and saying : "You get butthurt too easy".
> 
> I didnt 'steal' anything, I didn't log anybodys information, nothing was 
> stateful, and no damage was done.
> 
> And the app I used was called "Ettercap" - and it doesn't log by default.
> 
> -Viss
> 
> Roger E. Rustad, Jr. wrote:
>> Hey guys,
>>
>> I would like to formally address the "man in the middle" script kiddie 
>> stuff that Dan Tentler was doing to the SoCal Linux group last night 
>> at the coffee shop.
>>
>> Personally, I take issue with Dan...
>>
>> (a) Not formally and publicly disclosing that he was using Backtrack 
>> to sniff other members' traffic.
>> (b) Not immediately getting rid of another member's gmail password 
>> once he handed out a fake certificate and sniffed it with Ethereal.
>> (c) Doing what he was doing secretly, rather than for the edification 
>> of the group
>> (d) Changing the of an otherwise friendly meeting.
>>
>> I consider Dan's actions last night tantamount to pick pocketing 
>> fellow members when we're having a discussion that's not about pick 
>> pocketing.
>>
>> I also would argue that if we, as a group, are going to be cool with 
>> other members (or, in this case, a friend of a member) secretly doing 
>> this kind of thing to each other, then we have an obligation to inform 
>> newbies in our group who do not know any better, particularly 
>> unsuspecting friends, girlfriends, coworkers, or kids who sometimes 
>> accompany us.
>>
>> Our meetings are not mini Defcons or 2600 meetups, and it's not 
>> reasonable for new people to come and expect this type of sophomoric 
>> crap to take place. When one goes to Defcon, one can reasonably expect 
>> to get messed with. It is the nature of the conference, and much of 
>> what is done is often made public for everyone's edification (e.g. 
>> Wall of Shame).
>>
>> I like to think of SoCal Linux as a group of open source advocates who 
>> work at places like Apple, Google, Microsoft, ESRI, etc. Kiddie 
>> scripting is not, in my opinion, the tone of our group, and if we are 
>> going to be cool with someone doing this sort of thing, then we should 
>> should ask the person in question to formally disclose what s/he is 
>> doing beforehand or perhaps make a public presentation about it, not 
>> do it on the side secretly.
>>
>> I would be curious to know what other people in the group think about 
>> this. (Dan Tentler is cc'd on this, as well)
>>
>> Rog