Full Disclosure mailing list archives

Re: SMS Banking

From: "Craig S Wright" <craig.wright () information-defense com>
Date: Thu, 11 Feb 2010 22:16:41 +1100

He proved nothing.

As for certs, I have Cisco, around 30 SANS ones, most of the others. 

I also code in C, C++, ASM, Java and a few others.

You did not look too hard.

-----Original Message-----
From: McGhee, Eddie [mailto:Eddie.McGhee () ncr com] 
Sent: Thursday, 11 February 2010 9:46 PM
To: Thor (Hammer of God); 'full-disclosure'
Cc: craig.wright () Information-Defense com
Subject: RE: [Full-disclosure] SMS Banking

Going by his resume he has some basic networking/it skills, no decent Cisco
certs, cant code.. He may be able to do maths but everyone knows you cannot
predict how a vuln is going to appear with some number crunching.. And with
his skill set.. Secured over 1600 networks, no wonder financial institutes
get pwned so much these days if people like this goon is working for them 

I wouldn't waste any more time on this nub Thor, you have more than proved
he is a douche.


-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Thor (Hammer
of God)
Sent: 11 February 2010 02:34
To: Valdis.Kletnieks () vt edu; 'full-disclosure'
Cc: craig.wright () Information-Defense com
Subject: Re: [Full-disclosure] SMS Banking

Actually Valdis, it seems like all of this may be for naught.  It has been
brought to my attention that drafting a contract with Dr. Wright wouldn't be
in my best interest.  Apparently, he's known for not keeping to the "spirit"
of contracts when money is concerned.  

Now, if I were an ass, I might be tempted to publish the information found
at
http://www.lawlink.nsw.gov.au/scjudgments/2004nswsc.nsf/00000000000000000000
000000000000/1c0f375d3250297dca256ef300196460?OpenDocument

but fortunately for the parties involved, I'm not.  Entering into a contract
where willful misconduct and lying under oath may ensue is not my idea of a
smart business move.  I'm not saying Dr. Wright did any of those things,
(even though others have), I'm just saying that if one can't define what
"product" means, then I doubt one can successfully define what "probability
of compromise" means either.  Good money is on letting this one die as it
lies (no pun intended).  So I must regretfully rescind my challenge, or not
accept his, or whatever it was at this point.  

Now, if I were REALLY as ass, I would point out something like though Dr.
Wright has a degree in law, between him and his attorney, the best they
could come up with when emails were found on his system and phone calls were
on his cell bill was the "it wasn't me" defense. But again, I won't point
that out.  It would be just plain mean.  

If I REALLY REALLY were an ass, I would further point out the irony of a
master of digital forensics not being able to properly delete emails from
his computer in the first place, or the rumor that AU has this thing call
"krypshun," but I won't mention that either.  That would be both crass and
insensitive of me.  

'twer I an ass cubed, I would take this opportunity to reference a Princess
Bride joke in regard to the source of iocane powder (that one's for you,
Laura) but again, I'll suffer internally to protect the innocent.  

So I'll bow out.  Craig, you win buddy.  While I may never know what the
Magic Number the Improbability Engine might have produced (now that Douglas
has passed on) at least I know that criteria one must meet in order to be a
Security Hero.

Thanks for playing everyone.  Good luck, and good night!

t

-----Original Message-----
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu]
Sent: Wednesday, February 10, 2010 1:17 PM
To: craig.wright () Information-Defense com
Cc: Thor (Hammer of God); 'full-disclosure'; pen- 
test () securityfocus com; security-basics () securityfocus com
Subject: Re: [Full-disclosure] SMS Banking

On Thu, 11 Feb 2010 07:02:43 +1100, "Craig S. Wright" said:

" Plain and simple.  Produce the contract, here, publically.  I'll 
produce my $100,000 that you match, in escrow.  If the system gets 
breached, any way I choose,


What happens if the system gets breached, but in a way not of your 
choosing?


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: SMS Banking, (continued)
- - - Re: SMS Banking Rosa Maria Gonzalez Pereira (Feb 11)
    - Re: SMS Banking Christian Sciberras (Feb 11)
    - Re: SMS Banking Craig S. Wright (Feb 10)
    - Re: SMS Banking Nick Chernyy (Feb 11)
    - Message not available
    - Re: SMS Banking Thor (Hammer of God) (Feb 09)
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: SMS Banking Valdis . Kletnieks (Feb 10)
    - Re: SMS Banking Thor (Hammer of God) (Feb 10)
    - Re: SMS Banking Thor (Hammer of God) (Feb 10)
    - Re: SMS Banking Thor (Hammer of God) (Feb 10)
    - Re: SMS Banking McGhee, Eddie (Feb 11)
    - Re: SMS Banking Craig S Wright (Feb 11)
    - Re: SMS Banking Thor (Hammer of God) (Feb 11)
    - Re: SMS Banking sine onus (Feb 11)
    - Re: SMS Banking Bhavuk Arora (Feb 11)
    - Re: SMS Banking Jeffrey Walton (Feb 11)
    - Risk measurements Craig S. Wright (Feb 12)
    - Message not available
    - Re: Risk measurements Christian Sciberras (Feb 12)
    - Re: Risk measurements Valdis . Kletnieks (Feb 12)
    - Re: Risk measurements Christian Sciberras (Feb 12)
    - Re: Risk measurements Valdis . Kletnieks (Feb 12)
    - Re: Risk measurements Christian Sciberras (Feb 12)

(Thread continues...)