Pages

Saturday, 23 August 2014

It is correct that Full-Disclosure Mailing List is closed in the United Kingdom.

I saw it as a real threat to our cyber security in the United Kingdom that put criminals at an advantage.

To post technical software vulnerabilities without permission cannot be justified.

Friday, 22 August 2014

It took a long time to close Full-Disclosure Mailing List in the United Kingdom. I was smeared many times.

Supporters of the mailing list tried to paint me as someone in bad light. The fact is we are better without it in the United Kingdom.

To post technical software vulnerabilities without permission cannot be justified. It is immoral and laws should be changed before something bad happens than waiting for something to happen before doing something about it.

The sophistication of the smear against me included a PDF report by Neal Krawetz of HackerFactor. A news article by Robert Lemos of Symantec's SecurityFocus. A book written by Jayson E. Street and published by Syngress.

I have considered taking legal action against people and organisations over the whole thing. At the moment I haven't bothered with any kind of compensation.

I'm satisfied for the moment with the closure of the mailing list in the United Kingdom.
Andrew Wallace based in Glasgow. The 33 year old took on Full-Disclosure Mailing List administrators.

After years of the security specialist being against the practice of posting technical software vulnerabilities without permission the owners gave into pressure and closed the mailing list in the United Kingdom.

Andrew is available for public speaking and is taking advantage of it.

I'm greeted well by cyber security experts at conferences.

The posting of technical software vulnerabilities without permission is controversial and often sparks debate.

Only criminals are at an advantage. We as a responsible cyber security community should not support it.

If a mailing list is the only way for you to find out about vulnerabilities then you have a bigger problem.

Some people saw the mailing list as a form of entertainment. I didn't. I saw it as a real threat to our cyber security in the United Kingdom that put criminals at an advantage.
It is correct that Full-Disclosure Mailing List is closed in the United Kingdom.

It is not British to post technical software vulnerabilities without the permission of the vendor to the internet.

Cyber security experts have thanked me for contributing to the closure of the mailing list.

It is now based somewhere in the United States.

It is not polite to post technical software vulnerabilities without the permission of the vendor.

Everywhere I go I'm thanked for contributing to the closure of the mailing list.

UK Government will be thankful that the problem is now not on our doorstep and is based elsewhere.

The threat the mailing list poses could still have an impact on our national security and is monitored by cyber security experts.

We've seen that technical software vulnerabilities can be dangerous in the wrong hands. We need to work to counteract the threat "full disclosure" as an ideology poses.

UK Government class technical software vulnerabilities as a tier 1 threat to the United Kingdom.

Some cyber security experts have tried to legitimise the use of posting technical software vulnerabilities without permission as a way to get vendors to patch vulnerabilities quicker.

Overall the majority of people are against the practice.

Sunday, 17 August 2014

Andrew Wallace was wrongly called a "security troll" on Full-Disclosure Mailing List in 2006.

After the false allegation the mailing list was closed in the United Kingdom.

Unnamed authors went to lengths to hide their identity to cyber bully the security specialist who has been in the industry since 1999.

Andrew Wallace said "They tried to be smart and hid their identity to cyber bully me.

Sadly for them the mailing list is now closed in the United Kingdom."

The mailing list was used by criminals and other hackers to disclose technical software vulnerabilities without the permission of the vendor.

It is better for the UK Cyber Security industry as a whole that these people can not operate in Britain

The mailing list is now believed to be hosted somewhere in the United States.

The laws governing the disclosure of technical software vulnerabilities without permission remains a hot topic of debate.

It is not our problem anymore.

Saturday, 2 August 2014

Short bio

Andrew Wallace born 1981 (33 years old).

I provide not-for-profit protective security advice to cross-sector organisations in business environments and have done so since 1999.

Cyber security

In 2004 I started an online information sharing hub for UK private sector, public sector and academia named n3td3v.

In 2010 I closed the hub and afterwards learned that UK Government were introducing their own as explained in the UK Cyber Security Strategy.

I'm based in both Glasgow and London although my nearest city is Glasgow. As you will have guessed from my name.

Targeted by criminals

I've suffered from cyber bullying from various criminals on mailing lists, notably Full-Disclosure Mailing List.

The list was eventually closed 2014 due to pressure I had placed on the list administrator to delete offensive posts.

A lot of the stuff written by criminals is still on the Google search results and will remain there until the posts can be removed.

Formal education

From 2005 I attended college and university to gain a formal qualification, although I already had significant knowledge from self learning from the age of 18.

Physical security

In 2011 I moved away from cyber security into physical security and resilience.

From there I met security executives both based in Glasgow and London. This opened new opportunities for me.

In 2012 to 2014 I focused on counter-terrorism and protective security for the Games with a year gap between London and Glasgow event.

It has now finished and I'm looking for new opportunities to take me forward into 2015.

Thursday, 31 July 2014

Achievements

Three main things were achieved.

  • n3td3v - Security Mailing List

An information sharing hub for UK private sector, public sector and academia.

It accumulated over 7000 email and web subscribers.

The idea and concept was later up taken by the UK Government and included in its UK Cyber Security Strategy to introduce an online hub for information sharing.

  • Closure of Full-Disclosure Mailing List in the United Kingdom

The closure of the mailing list in the interest of the private sector, public sector and academia.

Once the online hub was introduced as part of the UK Cyber Security Strategy it was envisioned that Full Disclosure as a concept and mailing list was no longer required in the United Kingdom and closed.

It was said that it was more a benefit to criminals than it was for the industry and that the UK's hub would serve the industry better.

  • Responsible disclosure awareness

The debate in the cyber security industry was widened on responsible disclosure.

Encouragement of the conversation and discussion on frameworks for researchers to follow.

Monday, 24 March 2014

The decision to close Full-Disclosure Mailing List

John Cartwright said "I always assumed that the turning point would be a sweeping request for large-scale deletion of information that some vendor or other had taken exception to.

I never imagined that request might come from a researcher within the 'community' itself. Having spent a fair amount of time dealing with complaints from a particular individual (who shall remain nameless) I realised that I'm done."

In response Andrew Wallace said "Full-Disclosure Mailing List was being used against private sector, public sector, academia and individuals and little was done to remove things that shouldn't be there in enough time.

The list was nothing to do with responsible or full disclosure. True responsible and full disclosure can happen elsewhere from now on."

Monday, 17 March 2014

Introduction

n3td3v was bullied on Full-Disclosure Mailing List an unmoderated mailing list owned by John Cartwright and hosted and sponsored by Secunia.

Media Coverage

n3td3v was featured in A blog entry by HackerFactor a company owned by Neal Krawetz, who claimed n3td3v was three people.

n3td3v was featured in A news article by SecurityFocus a company owned by Symantec who accused him of being a "security troll".

n3td3v was featured in A book Dissecting the Hack: The F0rb1dd3n Network by Jayson E Street and published by Syngress Publishing.

Industry Reaction

Neal Krawetz said "I've been asked why I picked on n3td3v in the first place? My answer it pretty simple: it was the challenge asked of me. The targeted individual was not my selection, but was an excellent example for applying the tools. Even if the results are incorrect, they show how non-classical computer forensics can be applied. Are they incorrect? Time will tell."

Gadi Evron, Security Evangelist said: "Did you ever talk to n3td3v or ask him? Behind all that posted, he really seems like a good guy with good intentions."

What is cyber bullying?

Bullying UK said: "Cyber bullying is any form of bullying which takes place online or through your mobile phone."

Background

n3td3v was an up and coming cyber security professional who setup n3td3v - Security Mailing List.

This was a read-only mailing list and online hub of various mailing lists and newsletters.

It accumulated over 7000 email and web subscribers.