Pages

Sunday, 17 August 2014

Security specialist Andrew Wallace was wrongly called a security troll on Full-Disclosure Mailing List in 2006.

After the false allegation the mailing list was closed in the United Kingdom.

Unnamed authors went to lengths to hide their identity to cyber bully the security specialist who has been in the industry since 1999.

Andrew Wallace said "They tried to be smart and hid their identity to cyber bully me.

Sadly for them the mailing list is now closed in the United Kingdom."

The mailing list was used by criminals and other hackers to disclose technical software vulnerabilities without the permission of the vendor.

It is better for the UK Cyber Security industry as a whole that these people can not operate in Britain

The mailing list is now believed to be hosted somewhere in the United States.

The laws governing the disclosure of technical software vulnerabilities without permission remains a hot topic of debate.

It is not our problem anymore.

Saturday, 2 August 2014

Short bio

Andrew Wallace born 1981 (33 years old).

I've provided not for profit protective security advice to cross-sector organisations in business environments and have done so since 1999.

Cyber security

In 2004 I started an online information sharing hub for UK private sector, public sector and academia named n3td3v.

In 2010 I closed the hub and afterwards learned that UK Government were introducing their own as explained in the UK Cyber Security Strategy.

I'm based in both Glasgow and London although my nearest city is Glasgow. As you will have guessed from my name.

Targeted by criminals

I've suffered from cyber bullying from various criminals on mailing lists, notably Full-Disclosure Mailing List.

The list was eventually closed 2014 due to pressure I had placed on the list administrator to delete offensive posts.

A lot of the stuff written by criminals is still on the Google search results and will remain there until the posts can be removed.

Formal education

From 2005 I attended college and university for vanity purposes to gain a formal qualification, although I already had significant knowledge from self learning from the age of 18.

Physical security

In 2011 I moved away from cyber security into physical security and resilience.

From there I met security executives both based in Glasgow and London. This opened new opportunities for me.

In 2012 to 2014 I focused on counter-terrorism and protective security for the Games with a year gap between London and Glasgow event.

It has now finished and I'm looking for new opportunities to take me forward into 2015.

Thursday, 31 July 2014

Achievements

Three main things were achieved.

  • n3td3v - Security Mailing List

An information sharing hub for UK private sector, public sector and academia.

It accumulated over 7000 email and web subscribers.

The idea and concept was later up taken by the UK Government and included in its UK Cyber Security Strategy to introduce an online hub for information sharing.

  • Closure of Full-Disclosure Mailing List in the United Kingdom

The closure of the mailing list in the interest of the private sector, public sector and academia.

Once the online hub was introduced as part of the UK Cyber Security Strategy it was envisioned that Full Disclosure as a concept and mailing list was no longer required in the United Kingdom and closed.

It was said that it was more a benefit to criminals than it was for the industry and that the UK's hub would serve the industry better.

  • Responsible disclosure awareness

The debate in the cyber security industry was widened on responsible disclosure.

Encouragement of the conversation and discussion on frameworks for researchers to follow.

Monday, 24 March 2014

The decision to close Full-Disclosure Mailing List

John Cartwright said "I always assumed that the turning point would be a sweeping request for large-scale deletion of information that some vendor or other had taken exception to.

I never imagined that request might come from a researcher within the 'community' itself. Having spent a fair amount of time dealing with complaints from a particular individual (who shall remain nameless) I realised that I'm done."

In response Andrew Wallace said "Full-Disclosure Mailing List was being used against corporations, governments, academia and individuals and little was done to remove things that shouldn't be there in enough time.

The list was nothing to do with responsible or full disclosure. True responsible and full disclosure can happen elsewhere from now on."

Monday, 17 March 2014

Introduction

n3td3v was an up and coming cyber security professional who became the victim of bullying, slander and defamation.

n3td3v was bullied on Full-Disclosure Mailing List an unmoderated mailing list owned by John Cartwright and hosted and sponsored by Secunia.

Media Coverage

n3td3v was featured in A blog entry by HackerFactor a company owned by Neal Krawetz, who claimed n3td3v was three people.

n3td3v was featured in A news article by SecurityFocus a company owned by Symantec who accused him of being a "security troll".

n3td3v was featured in A book Dissecting the Hack: The F0rb1dd3n Network by Jayson E Street and published by Syngress Publishing.

Health Impact

n3td3v dropped out of a cyber security degree due to ill health at University of Abertay still owing thousands of pounds spent on student loan, suffered from alcoholism and became unemployable as a result of anxiety.

Industry Reaction

Neal Krawetz said "I've been asked why I picked on n3td3v in the first place? My answer it pretty simple: it was the challenge asked of me. The targeted individual was not my selection, but was an excellent example for applying the tools. Even if the results are incorrect, they show how non-classical computer forensics can be applied. Are they incorrect? Time will tell."

Gadi Evron, Security Evangelist said: "Did you ever talk to n3td3v or ask him? Behind all that posted, he really seems like a good guy with good intentions."

What is cyber bullying?

Bullying UK said: "Cyber bullying is any form of bullying which takes place online or through your mobile phone."

Background

n3td3v was an up and coming cyber security professional who setup n3td3v - Security Mailing List.

This was a read-only mailing list and online hub of various mailing lists and newsletters.

It accumulated over 7000 email and web subscribers.

Contact

To offer n3td3v an apprenticeship, course placement or job within the cyber security industry or to help him with legal aid or careers advice contact n3td3v.