Security Basics mailing list archives
Re: Hunting for Mr Badmouth (definately O.T. but short)
From: Meidinger Chris <chris.meidinger () badenit de>
Date: Fri, 29 Aug 2003 10:47:13 +0100
Charley, thanks for the good response. There have been too many hot-headed responses to various things here lately. I have been particularly disappointed to see newcomers ridiculed for asking newcomer questions in a newcomer way. If someone comes and posts to a list saying 'i have no idea what i am talking about' then do not chastise him, educate that person. I have spoken in private email to several people asking them to educate rather than ostracize, and it has worked. Specifically relating to this post, Rockit you should not expect that the original poster will justify why he is asking by providing a full discription of the security incident to which he is responding. You are imposing upon him the exact chains and limitations that you are rallying against. Freedom of speech grants him the equal right to ask how to find someone that that person may or may not have had to make statements that may or may not be libelous. Freedom is a two way street. I agree with both of you that the internet is changing - very rapidly - into something much different than what we all imagine the internet to be. We will, however, have to accept those changes and roll with those punches as they come. One change is accountability. Increasingly, we will have to account for our actions even in a virtual world - as long as its influence in the real world remains strong. There is nothing inherently wrong with asking how to find the originator of posts on a newsgroup. But, constructively, i hope that any further posters on the topic be so kind as to explain to the original poster how to balance matters legally, rather than tearing into him for asking a question that you didn't enjoy hearing asked. Let's leave the aggressive tone of voice out of this list, and behave like the professionals we are. With friendly Greetings, Chris Meidinger -----Ursprüngliche Nachricht----- Von: Charley Hamilton [mailto:chamilto () uci edu] Gesendet: Donnerstag, 28. August 2003 23:22 An: security-basics () securityfocus com Betreff: Re: Fwd: Re: Hunting for Mr Badmouth (mostly O.T. and long) Rockit, Short comment: There is inadequate evidence presented in the OP for anyone to make a moral judgement about the OP and his reasons for trying to "track" the individual in question. The OP asked a technical question, and if you feel morally offended by the question, ignore it. That said: Rockit wrote:
"short of a court order" ? Can't prove libel ? (and yes, the burden of
proof > would be upon you...so I am assuming that this person is actually telling the > truth about the "company") Sounds like a vendetta to me ! (after reviewing > your email header, it's a personal address, not a company one, which doesn't > help your case any !) I would argue that one reason for using a personal email over a company one, assuming your review of the headers is correct, is to keep this from becoming a public issue until after it has been addressed privately. Possibly, the company does not permit posting to mailing lists from comany accounts. How do you know why the email account used is personal, if, in fact, it is? You have assumed the person (Mr. Badmouth) is telling the truth, when in fact you have no supporting evidence for the case. Does this tendency to assumption on the part of the uninvolved public (e.g. you, Rockit) in itself not argue that the company in question should be able to pursue (at least) bilateral communication with the poster? How can such communication be established without response from the alleged defamer? Are we not entitled to defend ourselves against our accusers? I recall something about that appearing in US case law, as well. Anonymity should not be a mask behind which one can hide when making untrue statements about any entity, corporate or otherwise. If it's true, present your evidence and permit the entity to rebut. Otherwise, state the fact that you don't like the entity and leave it at that. False assertions are inappropraite. Period.
There are way too many companies and individuals trying to manipulate
the > justice system when it comes to the internet, especially in the civil courts, > because the laws don't support imagined criminal wrongs. So, I have one > question for you....ever hear of the first amendment and freedom of > speech ??? I agree that there is currently a race to over-regulate the internet in ways which are largely inappropriate and under-informed on the part of the government, as well as abuses and misuses on the part of many major corporations and industrial associations. I do not agree that this is a pertinent issue, here. Libel is libel, whether in print or electronic media. If it is actually libel, this is not an imagined wrong. Although I do not generally agree with Engels on matters, I believe his assertion, "Your freedom ends where the freedom of others begins, and only there.", is pertinent to this discussion. A person's freedom to make a statement, printed or otherwise, should not enable the person to make defamatory comments about another entity (human or otherwise). This would infringe on the entity's right to pursue happiness. I seem to recall that appearing in U.S. founding doctrine, as well. I don't generally like MS software, but to assert that my first amendment rights permit me to call all MS software "intentionally and unrecoverably flawed" is IMO simply overreaching the scope of the law. Granted, IANAL, so there is a strong possibility that I'm wrong. However, given that defamation, libel, and slander laws exist, I am pretty sure there is *some* legal limit to free expression, and there certainly is a logical limit (see Engels' assertion above). If I started to call you a dirty SOB and refused to give proof you were both unwashed *and* a canine, you would have grounds for suit. Period.
I can only hope that no one in this list will help your vigilantism >
styled tactics of violating someone's civil liberties ! Vigilantism? The OP's questions seemed to aim at tracking someone who had allegedly defamed a company with which I assume the OP is affiliated, based on the OP. It says nothing about what the plan is for what to do *after* the person is identified and contacted. Perhaps there is a plan to serve the person with a legal summons. If there is no evidence presented by the alleged defamer to support the position, and the alleged defamer is not identified, how is the company in question to determine whether or not the charge is true and present adequate evidence to a judge to obtain such a court order? Of course, obtaining an order might be easier than I think, but I doubt it. Just my $0.02. Charley --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Re: Hunting for Mr Badmouth (definately O.T. but short) Meidinger Chris (Aug 29)