George(s) Lessard on Sun, 3 Mar 2002 15:04:59 +0100 (CET)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> French site fined for expose of security hole

------- Forwarded message follows -------
Date sent:      	Wed, 27 Feb 2002 21:29:11 -0500
From:           	Declan McCullagh <>
Subject:        	FC: French site fined for expose of security hole
Send reply to:

Here's an article about's expose of Doubleclick:

This is another good reason to publish sensitive information untraceably. 
Establish a persistent pseudonymous identity -- standard procedure would be to
generate a private-public keypair and sign your reports with it. You can also
received messages encrypted to your public key (so only you can decipher them)
and dropped in a public place such as a Usenet newsgroup or popular mailing
list. Eventually, if the legal threat disappears, you can reveal your truename
and receive credit for your earlier work.

Naturally it'll be difficult for you to get paid under this scenario, but 
doesn't everyone do this for the love of the craft? :)



Date: Thu, 28 Feb 2002 02:43:06 +0100
From: Solveig <>
Organization: transfert
CC: "Kitetoa at Kitetoa . com" <>
Subject: Kitetoa in danger

Hello declan,

Sorry for my bad English, but I think this story should be told...
Sadly, there's only French links until now. But American media have
already written some articles about Kitetoa, who disclosed some
security flaws in DoubleClick last year, and recently, in Choicepoint...

The webmaster of Kitetoa, a French group of security enthusiasts with a 
passion for
showing how badly protected our personal data is, has been sentenced
by a French court to a 1000 euros fine. Using nothing more than
Netscape Navigator's features, he could access to Tati's (a
clothes' discounter)file directory, and then to all consumers
profiles. He had warned the webmaster of Tati one year before about
the problem, but no
effort was made to secure the server. So he disclosed the breach of
security in an article on Tati did nothing until the news was republished by an
offline mag called Newbiz - too much publicity for Tati, let's sue
those disturbers. Notice that Newbiz wasn't targeted, only the small
investigative website. Although the judge couldn't identify precisely
the nature of the "computer fraud" Kitetoa was fined for, this
sentence creates a dangerous precedent. It is likely to lead to some
more lawsuits. Kitetoa will probably have to stop its activities.

It reminds us, in France, of the story of Altern, an independent and
non-profit Internet provider who hosted 40 000 websites. Altern had
to close because it was held responsible for a nude picture of a
top-model, was fined, and then was subject to a true rain
of legal procedures coming from all the people who don't like free
speech on the Web.

Now, full disclosure is in danger.

Kitetoa's file about Kitetoa vs Tati

Some articles in French

About Choicepoint in English :

About DoubleClick in English :

Best regards,
  Solveig Godeluck               

POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at
To subscribe to Politech:
This message is archived at

------- End of forwarded message --------- 
:-) Message Ends; George(s) Lessard's Keywords Begin (-: 
Freelance Media Arts, Management, Training, Mentoring & Consulting 
On line: Internet / Workshops / Research / Presence / Content / 
On location: TV / Radio / Production / ENG / EFP / Editing
Interests: Access / Activism / Communities  / Cultures / Arts
Resume and more @
Queries / Offers / Patronage /  
Commissions should be sent to
Rostered Volunteer UNV# 120983 & CESO/SACO VA# 11799

-Caveat Lector- Disclaimers, NOTES TO EDITORS 
&  (c) information may be found @
Because of the nature of email & the WWW, 
please check ALL sources & subjects.
                          - 30 -

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: and "info nettime-l" in the msg body
#  archive: contact: