Loading ...
Sorry, an error occurred while loading the content.

Legal Notification [forwarded from a real email I got...]

Expand Messages
  • Fred Cohen
    If this is a true and accurate email, I think it is time for massive community action. The idea that professional associations like ISC2, perportedly a
    Message 1 of 6 , Sep 1, 2002
    • 0 Attachment
      If this is a true and accurate email, I think it is time for massive
      community action. The idea that professional associations like ISC2,
      perportedly a security certification group, would be selling informaiton
      about individuals without their consent is aphorent.

      I think that the infosec community should stand up against such actions,
      all the more so because they demand a fee of me to deal with their sale
      of my private information. I think a class action suit by those whose
      information they hold for reimbursement for all of the fees collected
      from all sales plus damages is in order.

      Others who with to take part, please start by sending emails in protest to:

      Anthony Baratta, CISSP at info@...

      If this is not true, I cerrtainly hope that it is cleared up before too long.

      FC

      Per the message sent by Anthony Baratta, CISSP:
      From fc Sun Sep 1 10:26:08 2002
      Return-Path: <info@...>
      Delivered-To: fc@...
      Received: from 204.181.12.215 [204.181.12.215]
      by localhost with POP3 (fetchmail-5.7.4)
      for fc@localhost (single-drop); Sun, 01 Sep 2002 10:26:08 -0700 (PDT)
      Received: (qmail 3384 invoked by uid 510); 1 Sep 2002 17:23:19 -0000
      Received: from unknown (HELO isc2.org) (200.44.111.230)
      by all.net with SMTP; 1 Sep 2002 17:23:19 -0000
      X-Server: isc2.org securing the internet
      Message-ID: <005401c2520e$914b82e0$0400a8c0@localhost>
      Reply-To: "Anthony Baratta, CISSP" <info@...>
      From: "Anthony Baratta, CISSP" <info@...>
      To: fc@...
      Subject: Legal Notification
      Date: Sun, 1 Sep 2002 13:23:23 -1000
      MIME-Version: 1.0
      Content-Type: multipart/alternative;
      boundary="----=_NextPart_000_0051_01C251BA.BF914210"
      X-Priority: 3
      X-MSMail-Priority: Normal
      X-Mailer: Microsoft Outlook Express 6.00.2600.0000
      X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
      ...

      Legal Notification

      You are herby informed that (under the privacy act), the International =
      Information System Security Certification Consortium (ISC)2 has sold =
      your information including,

      Name, E-Mail address, Residential address, Credit and savings information,
      Social Security information, and Occupation details.

      This information has been sold to a third Party \ Parties and this =
      E-mail serves as notification for such action.

      This information was sold under the premise for marketing and research.

      Under the privacy act you may request to see in writing any information =
      that we have about you. Please write to the following address with a =
      self addressed envelope.

      (ISC)2
      860 Worcester Rd.,Ste 101
      Framingham, Ma 01702
      U.S.A

      If you have any questions about the third Party \ Parties please inquire =
      with them. The International Information System Security Certification =
      Consortium (ISC)2 is no longer responsible for the information sold. =
      (ISC)2 Will hold no responsibility for damages and loss suffered by the =
      reader of this E-mail. (ISC)2 is not responsible for the actions of =
      third party companies.

      Upon written request we will consider deleting records that we currently =
      hold about you. A processing fee of $ 10.00 will apply.

      Please make out this check to (ISC)2 and an application form will be =
      mailed to you in order to complete this request.

      Please visit our web site for more information about our organization

      http://www.isc2.org

      If you decline this offer by the 31 Sep 2002 a charge of $50 will be =
      deducted from your account. This charge will cover services that our =
      organization provides to secure the internet.

      Thank you
      Manager of Professional Programs
      Anthony Baratta, CISSP
      abaratta@...

      Contact E-Mail info@...

      --This communication is confidential to the parties it is intended to serve--
      Fred Cohen Fred Cohen & Associates.........tel/fax:925-454-0171
      fc@... The University of New Haven.....http://www.unhca.com/
      http://all.net/ Sandia National Laboratories....tel:925-294-2087
    • snooker3
      This is completely contrary to their stated privacy policy: http://www.isc2.org/cgi-bin/content.cgi?page=22 Bob Miller ... From: Fred Cohen [mailto:fc@all.net]
      Message 2 of 6 , Sep 1, 2002
      • 0 Attachment
        This is completely contrary to their stated privacy policy:

        http://www.isc2.org/cgi-bin/content.cgi?page=22

        Bob Miller



        -----Original Message-----
        From: Fred Cohen [mailto:fc@...]
        Sent: Sunday, September 01, 2002 12:26 PM
        To: Information Warfare Mailing List; Security Educators;
        risks@...
        Cc: abaratta@...; info@...
        Subject: [iwar] Legal Notification [forwarded from a real email I
        got...]

        If this is a true and accurate email, I think it is time for massive
        community action. The idea that professional associations like ISC2,
        perportedly a security certification group, would be selling informaiton
        about individuals without their consent is aphorent.

        I think that the infosec community should stand up against such actions,
        all the more so because they demand a fee of me to deal with their sale
        of my private information. I think a class action suit by those whose
        information they hold for reimbursement for all of the fees collected
        from all sales plus damages is in order.

        Others who with to take part, please start by sending emails in protest
        to:

        Anthony Baratta, CISSP at info@...

        If this is not true, I cerrtainly hope that it is cleared up before too
        long.

        FC

        Per the message sent by Anthony Baratta, CISSP:
        From fc Sun Sep 1 10:26:08 2002
        Return-Path: <info@...>
        Delivered-To: fc@...
        Received: from 204.181.12.215 [204.181.12.215]
        by localhost with POP3 (fetchmail-5.7.4)
        for fc@localhost (single-drop); Sun, 01 Sep 2002 10:26:08 -0700
        (PDT)
        Received: (qmail 3384 invoked by uid 510); 1 Sep 2002 17:23:19 -0000
        Received: from unknown (HELO isc2.org) (200.44.111.230)
        by all.net with SMTP; 1 Sep 2002 17:23:19 -0000
        X-Server: isc2.org securing the internet
        Message-ID: <005401c2520e$914b82e0$0400a8c0@localhost>
        Reply-To: "Anthony Baratta, CISSP" <info@...>
        From: "Anthony Baratta, CISSP" <info@...>
        To: fc@...
        Subject: Legal Notification
        Date: Sun, 1 Sep 2002 13:23:23 -1000
        MIME-Version: 1.0
        Content-Type: multipart/alternative;
        boundary="----=_NextPart_000_0051_01C251BA.BF914210"
        X-Priority: 3
        X-MSMail-Priority: Normal
        X-Mailer: Microsoft Outlook Express 6.00.2600.0000
        X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
        ...

        Legal Notification

        You are herby informed that (under the privacy act), the International =
        Information System Security Certification Consortium (ISC)2 has sold =
        your information including,

        Name, E-Mail address, Residential address, Credit and savings
        information,
        Social Security information, and Occupation details.

        This information has been sold to a third Party \ Parties and this =
        E-mail serves as notification for such action.

        This information was sold under the premise for marketing and research.

        Under the privacy act you may request to see in writing any information
        =
        that we have about you. Please write to the following address with a =
        self addressed envelope.

        (ISC)2
        860 Worcester Rd.,Ste 101
        Framingham, Ma 01702
        U.S.A

        If you have any questions about the third Party \ Parties please inquire
        =
        with them. The International Information System Security Certification =
        Consortium (ISC)2 is no longer responsible for the information sold. =
        (ISC)2 Will hold no responsibility for damages and loss suffered by the
        =
        reader of this E-mail. (ISC)2 is not responsible for the actions of =
        third party companies.

        Upon written request we will consider deleting records that we currently
        =
        hold about you. A processing fee of $ 10.00 will apply.

        Please make out this check to (ISC)2 and an application form will be =
        mailed to you in order to complete this request.

        Please visit our web site for more information about our organization

        http://www.isc2.org

        If you decline this offer by the 31 Sep 2002 a charge of $50 will be =
        deducted from your account. This charge will cover services that our =
        organization provides to secure the internet.

        Thank you
        Manager of Professional Programs
        Anthony Baratta, CISSP
        abaratta@...

        Contact E-Mail info@...

        --This communication is confidential to the parties it is intended to
        serve--
        Fred Cohen Fred Cohen &
        Associates.........tel/fax:925-454-0171
        fc@... The University of New
        Haven.....http://www.unhca.com/
        http://all.net/ Sandia National Laboratories....tel:925-294-2087


        ------------------
        http://all.net/

        Your use of Yahoo! Groups is subject to
        http://docs.yahoo.com/info/terms/
      • Rob Rosenberger
        Hmmm. Do you feel relatively sure someone didn t try to hoax you? I get hit with a really good attempt roughly once a year. Rob
        Message 3 of 6 , Sep 1, 2002
        • 0 Attachment
          Hmmm. Do you feel relatively sure someone didn't try to hoax you? I get
          hit with a really good attempt roughly once a year.

          Rob
        • e.r.
          I actually think that in two cases, they have violated federal criminal law.This is either a great scam, or a matter that should be reported to the FBI,
          Message 4 of 6 , Sep 2, 2002
          • 0 Attachment
            I actually think that in two cases, they have violated federal criminal law.This is either a great scam, or a matter that should be reported to the FBI, Immdeiatly. It is a clear violation of everyone's priavacy right. Further, this is in essance, blackmail, and if we choose not to act then we are all just a bunch of potted plants. Private online groups should report such a blatant act of at a minimum of blackmail and wire fraud. to the FBI. The peole who were party to this can potentially receive a jail sentance of 5-10 year and and pay a fine $10,000 $25,00 for EACH violation. That could add up very quickly. While a class action suit has merit is could go on forever, and give us nothing be possible resolution years from now. Tthe hus getting the FBI involved as well as the Justice Dept will fast track a matter and hopefully get the jerk that sent this out.new If this is in reality a balckmain scam, the person/s behind this action have everything to loose. They simply whent after the wrong bunch of cyber marines.
            We are all being blackmailed regardless of whether these folks know anything, with the excepption of that this is a serious chat group by intermet standards. It is clear they are trying to get us all pay up. These are one of the time when it is usefull that the FBI are a bit of pitbulls in polyester.
            Please let us know how real you think this threat is, Fred. I would be happy to help you out with federal law enforcement.
            Just do not let this fade away as it has the ability to bite up all in the ass.
            Fred Cohen wrote:If this is a true and accurate email, I think it is time for massive
            community action. The idea that professional associations like ISC2,
            perportedly a security certification group, would be selling informaiton
            about individuals without their consent is aphorent.

            I think that the infosec community should stand up against such actions,
            all the more so because they demand a fee of me to deal with their sale
            of my private information. I think a class action suit by those whose
            information they hold for reimbursement for all of the fees collected
            from all sales plus damages is in order.

            Others who with to take part, please start by sending emails in protest to:

            Anthony Baratta, CISSP at info@...

            If this is not true, I cerrtainly hope that it is cleared up before too long.

            FC

            Per the message sent by Anthony Baratta, CISSP:
            From fc Sun Sep 1 10:26:08 2002
            Return-Path: <info@...>
            Delivered-To: fc@...
            Received: from 204.181.12.215 [204.181.12.215]
            by localhost with POP3 (fetchmail-5.7.4)
            for fc@localhost (single-drop); Sun, 01 Sep 2002 10:26:08 -0700 (PDT)
            Received: (qmail 3384 invoked by uid 510); 1 Sep 2002 17:23:19 -0000
            Received: from unknown (HELO isc2.org) (200.44.111.230)
            by all.net with SMTP; 1 Sep 2002 17:23:19 -0000
            X-Server: isc2.org securing the internet
            Message-ID: <005401c2520e$914b82e0$0400a8c0@localhost>
            Reply-To: "Anthony Baratta, CISSP" <info@...>
            From: "Anthony Baratta, CISSP" <info@...>
            To: fc@...
            Subject: Legal Notification
            Date: Sun, 1 Sep 2002 13:23:23 -1000
            MIME-Version: 1.0
            Content-Type: multipart/alternative;
            boundary="----=_NextPart_000_0051_01C251BA.BF914210"
            X-Priority: 3
            X-MSMail-Priority: Normal
            X-Mailer: Microsoft Outlook Express 6.00.2600.0000
            X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
            ...

            Legal Notification

            You are herby informed that (under the privacy act), the International =
            Information System Security Certification Consortium (ISC)2 has sold =
            your information including,

            Name, E-Mail address, Residential address, Credit and savings information,
            Social Security information, and Occupation details.

            This information has been sold to a third Party \ Parties and this =
            E-mail serves as notification for such action.

            This information was sold under the premise for marketing and research.

            Under the privacy act you may request to see in writing any information =
            that we have about you. Please write to the following address with a =
            self addressed envelope.

            (ISC)2
            860 Worcester Rd.,Ste 101
            Framingham, Ma 01702
            U.S.A

            If you have any questions about the third Party \ Parties please inquire =
            with them. The International Information System Security Certification =
            Consortium (ISC)2 is no longer responsible for the information sold. =
            (ISC)2 Will hold no responsibility for damages and loss suffered by the =
            reader of this E-mail. (ISC)2 is not responsible for the actions of =
            third party companies.

            Upon written request we will consider deleting records that we currently =
            hold about you. A processing fee of $ 10.00 will apply.

            Please make out this check to (ISC)2 and an application form will be =
            mailed to you in order to complete this request.

            Please visit our web site for more information about our organization

            http://www.isc2.org

            If you decline this offer by the 31 Sep 2002 a charge of $50 will be =
            deducted from your account. This charge will cover services that our =
            organization provides to secure the internet.

            Thank you
            Manager of Professional Programs
            Anthony Baratta, CISSP
            abaratta@...

            Contact E-Mail info@...

            --This communication is confidential to the parties it is intended to serve--
            Fred Cohen Fred Cohen & Associates.........tel/fax:925-454-0171
            fc@... The University of New Haven.....http://www.unhca.com/
            http://all.net/ Sandia National Laboratories....tel:925-294-2087

            Yahoo! Groups SponsorADVERTISEMENT

            ------------------
            http://all.net/

            Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.



            ---------------------------------
            Do You Yahoo!?
            Yahoo! Finance - Get real-time stock quotes

            [Non-text portions of this message have been removed]
          • e.r.
            Fred and all: This entire situation involves both wide scale wire-fraud and blackmail. This entire message implies crimality frm a to z. I do believe
            Message 5 of 6 , Sep 2, 2002
            • 0 Attachment
              Fred and all: This entire situation involves both wide scale wire-fraud and blackmail. This entire message implies crimality frm a to z. I do believe it is inherint upon us all to report this to federal law enforcement authorities.
              The person/s who sent this out claims to know an intrusive amount of information about each person in the list. Given most of us are either infosec/ IWAR types, we all are profoundly more careful using the internet for almost anything. As this story stories sounds quite specious to me , we must first plan our actions and get infomation to law-enforcement, ASAP
              It is wake up and spell the coffee times for us all At a minimum, consider the issues. The possibility that someone has gotten hold of some inforamtion on each of us/ or created it and plans to use it in a detrimental manner is outlandish.. That is, unless we send them money. That would include being forced to makes purchases in one of our names and sending to a PO box. This is somewher between extortion, blackmail and wire fraud on a supstantial level.Potentially, all is of the above.
              This is a dangerous precident and I would appreciate knowing if the entirelist, the got this message, or only a specific group of people.
              I would hope that all infosec and IWAR folks out here with knowledge of the notes origin, or know of it's verasity would simply contact the FBI themselves. This is a significant problem and at a minimun, somone is attemtping to blackmail us all.
              It was nice of him to tell us send a stampted and self addresse enveolped. this was-I assume- just a ploy to gather information on the list and a ham handed one, at that.
              Fred, I appreciate your comment about a class action, but this is a criminal point of the law, herein. Let nail these folks and send them to jail. Them you can we go after their/corporate assetts in a civial
              We first need to verify who sent this out if possible. Then the Justice Dept will not play nice and try to make them the posterchild/children for cyber RICO actions on the internet. They have been looking for just such a case for a few years as a precident setter in presicely this area.








              f this is a true and accurate email, I think it is time for massive
              community action. The idea that professional associations like ISC2,
              perportedly a security certification group, would be selling informaiton
              about individuals without their consent is aphorent.

              I think that the infosec community should stand up against such actions,
              all the more so because they demand a fee of me to deal with their sale
              of my private information. I think a class action suit by those whose
              information they hold for reimbursement for all of the fees collected
              from all sales plus damages is in order.

              Others who with to take part, please start by sending emails in protest to:

              Anthony Baratta, CISSP at info@...

              If this is not true, I cerrtainly hope that it is cleared up before too long.

              FC

              Per the message sent by Anthony Baratta, CISSP:
              From fc Sun Sep 1 10:26:08 2002
              Return-Path: <info@...>
              Delivered-To: fc@...
              Received: from 204.181.12.215 [204.181.12.215]
              by localhost with POP3 (fetchmail-5.7.4)
              for fc@localhost (single-drop); Sun, 01 Sep 2002 10:26:08 -0700 (PDT)
              Received: (qmail 3384 invoked by uid 510); 1 Sep 2002 17:23:19 -0000
              Received: from unknown (HELO isc2.org) (200.44.111.230)
              by all.net with SMTP; 1 Sep 2002 17:23:19 -0000
              X-Server: isc2.org securing the internet
              Message-ID: <005401c2520e$914b82e0$0400a8c0@localhost>
              Reply-To: "Anthony Baratta, CISSP" <info@...>
              From: "Anthony Baratta, CISSP" <info@...>
              To: fc@...
              Subject: Legal Notification
              Date: Sun, 1 Sep 2002 13:23:23 -1000
              MIME-Version: 1.0
              Content-Type: multipart/alternative;
              boundary="----=_NextPart_000_0051_01C251BA.BF914210"
              X-Priority: 3
              X-MSMail-Priority: Normal
              X-Mailer: Microsoft Outlook Express 6.00.2600.0000
              X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
              ...

              Legal Notification

              You are herby informed that (under the privacy act), the International =
              Information System Security Certification Consortium (ISC)2 has sold =
              your information including,

              Name, E-Mail address, Residential address, Credit and savings information,
              Social Security information, and Occupation details.

              This information has been sold to a third Party \ Parties and this =
              E-mail serves as notification for such action.

              This information was sold under the premise for marketing and research.

              Under the privacy act you may request to see in writing any information =
              that we have about you. Please write to the following address with a =
              self addressed envelope.

              (ISC)2
              860 Worcester Rd.,Ste 101
              Framingham, Ma 01702
              U.S.A

              If you have any questions about the third Party \ Parties please inquire =
              with them. The International Information System Security Certification =
              Consortium (ISC)2 is no longer responsible for the information sold. =
              (ISC)2 Will hold no responsibility for damages and loss suffered by the =
              reader of this E-mail. (ISC)2 is not responsible for the actions of =
              third party companies.

              Upon written request we will consider deleting records that we currently =
              hold about you. A processing fee of $ 10.00 will apply.

              Please make out this check to (ISC)2 and an application form will be =
              mailed to you in order to complete this request.

              Please visit our web site for more information about our organization

              http://www.isc2.org

              If you decline this offer by the 31 Sep 2002 a charge of $50 will be =
              deducted from your account. This charge will cover services that our =
              organization provides to secure the internet.

              Thank you
              Manager of Professional Programs
              Anthony Baratta, CISSP
              abaratta@...

              Contact E-Mail info@...

              --This communication is confidential to the parties it is intended to serve--
              Fred Cohen Fred Cohen & Associates.........tel/fax:925-454-0171
              fc@... The University of New Haven.....http://www.unhca.com/
              http://all.net/ Sandia National Laboratories....tel:925-294-2087



              Yahoo! Groups SponsorADVERTISEMENT



              ------------------
              http://all.net/

              Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.




              ---------------------------------
              Do You Yahoo!?
              Yahoo! Finance - Get real-time stock quotes

              [Non-text portions of this message have been removed]
            • David Kennedy CISSP
              ... [address list trimmed] ... It s not true. It s part of a larger effort by one person to bring discredit upon (ISC)^2 (note the accepted way of
              Message 6 of 6 , Sep 3, 2002
              • 0 Attachment
                -----BEGIN PGP SIGNED MESSAGE-----

                [address list trimmed]
                At 11:26 AM 9/1/02 -0700, Fred Cohen wrote:
                >If this is a true and accurate email, I think it is time for massive
                >

                It's not true. It's part of a larger effort by one person to bring
                discredit upon (ISC)^2 (note the accepted way of abbreviating).
                (ISC)^2 is aware of the general effort and is taking action they deem
                appropriate. They have established an e-mail address to accept
                reports of suspicious e-mail and posted a web page on the issue to
                the web site with a link on the http://www.isc2.org homepage. See:
                https://www.isc2.org/cgi-bin/content.cgi?page=173
                (note https; where you can also check the certificate w/your
                browser)

                >
                >Per the message sent by Anthony Baratta, CISSP:
                >>From fc Sun Sep 1 10:26:08 2002
                >Return-Path: <info@...>
                >Delivered-To: fc@...
                >Received: from 204.181.12.215 [204.181.12.215]
                > by localhost with POP3 (fetchmail-5.7.4)
                > for fc@localhost (single-drop); Sun, 01 Sep 2002 10:26:08 -0700
                >(PDT) Received: (qmail 3384 invoked by uid 510); 1 Sep 2002 17:23:19
                >-0000 Received: from unknown (HELO isc2.org) (200.44.111.230)
                ^^^^^^^ ^^^^^^^^^^^^^^
                Here is the first clue. Each one of these I've seen so far, comes
                from a host on one or more of the anti-spam RBL's. This IP is
                presently on proxies.relays.monkeys.com and bl.spamcop.net. The IP
                block is registered in Latin America, not from (ISC)^2's block nor
                (ISC)^2's MX. So far the attacker has not demonstrated the skill to
                completely spoof the mail header, not to say he won't at some time in
                the future.

                > by all.net with SMTP; 1 Sep 2002 17:23:19 -0000
                >X-Server: isc2.org securing the internet



                -----BEGIN PGP SIGNATURE-----
                Version: PGP Personal Security 7.0.3
                Comment: hacker=cybercriminal--the definition changed; get over it

                iQCVAwUBPXRrgvGfiIQsciJtAQFuCQP+IDDhWk45J1wxhka1tqfdJEwwdnkqQbKV
                c9hj9NbpXTtuuXE0ZDiwMaTdGn+9aPWAq/5LW+pFQ6ZZBTnZR5JPk4ZAPck8J5CN
                ICnXlxPBYGNpMffJqnrroCToAPGH/Jbooilkgn8wuawIOKcNZLp3bsk1sapOUN10
                /O13RecHWOk=
                =r9ho
                -----END PGP SIGNATURE-----

                --
                Regards,

                David Kennedy CISSP /"\
                Director of Research Services, \ / ASCII Ribbon Campaign
                TruSecure Corp. http://www.trusecure.com X Against HTML Mail
                Protect what you connect; / \
                Look both ways before crossing the Net.
              Your message has been successfully submitted and would be delivered to recipients shortly.