Patrick Webster and OSI Security Lack Ethics
In response to Patrick Webster of OSI Security poor attempt at exploiting the unfortunate and unintended events of my presentation at Security B-Sides (Australia) in 2011 with Twitter i.e. [1] [2] including retweeting others attempt(s) to exploit the situation [3] [4] and an anonymous post on the “Risky Business Podcast” i.e. search for “REDACTED” on this web page and is also quoted below, the recent publication of the OAIC Investigation Report of, having previously held a position of trust, his unauthorised intrusion of First State Super (FSS) continues to demonstrate that “White Hats” motivation is solely based on profit and self promotion in blackmailing First State Super, who have attempt to execute their duty of care, in direct conflict with their stated ethics (or lack thereof).
The above is concluded by the following quotes in the OAIC Investigation Report:
- “… promoting himself as a ‘white hat’ hacker intending to improve their computer security. He also stated that he runs a business specialising in firewall penetration and vulnerability assessment.”
- “… the hacker offered his services to FSS …”
- “… The hacker identified himself to FSS, outlining details of the weakness he had found in their systems and offering his professional services to FSS. The hacker also informed them that he had an IT security background and he ran a business specialising in firewall penetration and vulnerability assessment.”
As expected, Patrick has attempted to deny and/or downplay that OSI Security did attempt to exploit this for commercial gain by engaging in a pathetic public relations campaign using Twitter [5] [6].
Furthermore, FFS met its duty of care as “In the Commissioner’s view, FSS would therefore have had the capacity to remedy this flaw in its system, even if it had not been advised of the vulnerability by the hacker” and their refusal to be blackmailed by OSI Security.
Finally, it is important to highlight that FFS are not promoting themselves as an subject matter expert in the security of Social Media [7] [8] so this attempted comparison as justification is laughable in addition to posting the “anonymous”, i.e. cowardly, opinion at risky.biz reproduced below which can be correlated to the capitalize “REDACTED” pattern as per http://it.slashdot.org/comments.pl?sid=2477160&cid=37721986:
CREDIT: Risky Business Podcast
In an ironic, but as expected, twist, the Social Media Security “expertvictim” has no ethical qualms in lending support to the blackmail of FSS on Risky Business Podcast #227.
REFERENCES
[1] http://twitter.com/aushack/status/70832737514307584
[2] http://twitter.com/aushack/status/70832709672517632
[3] http://twitter.com/snare/status/70429574814646272
[4] http://twitter.com/jodymelbourne/status/70437329990463488
[5] http://twitter.com/aushack/status/210641709103722496
[6] http://twitter.com/aushack/status/210647260856467458
[7] http://www.qutnews.com/2010/09/23/hackers-target-social-media/
[8] http://www.sbs.com.au/insight/episode/overview/30/Stolen-ID
