This guy is outing the archive for terrible security posture by bringing attention to it because they received disclosures and did not fix them.
Don’t get shit twisted - he’s the hero here. IA fucked up and has been vulnerable to manipulation by any number of corporate or national actors this entire time.
If they were really “the hero”, they’d follow the bare minimum of responsible disclosure best practices, and allow 90 days between privately alerting them of the issue and going public with it. Two weeks is absurd.
90 days is just the standard timeframe for responsible disclosure. And normally that’s just a baseline with additional time being given if there’s genuine communication going on and signs they’re addressing the problem.
If this was genuinely done out of love I could understand but due to the legal battles the internet archive is currently being dragged through, I harbor suspicion of their intent.
I mean this person seems to be not doing it maliciously. As they say, if it wasn’t them, it would be someone else. Pushing archive to improve their security is great for everyone. As long as this person doesn’t do anything actually malicious, they’re in the clear as far as I’m concerned.
This person could be damaging corporate infrastructure but he goes after internet archive
This guy is outing the archive for terrible security posture by bringing attention to it because they received disclosures and did not fix them.
Don’t get shit twisted - he’s the hero here. IA fucked up and has been vulnerable to manipulation by any number of corporate or national actors this entire time.
If they were really “the hero”, they’d follow the bare minimum of responsible disclosure best practices, and allow 90 days between privately alerting them of the issue and going public with it. Two weeks is absurd.
90 days to cycle private tokens/keys?
90 days is just the standard timeframe for responsible disclosure. And normally that’s just a baseline with additional time being given if there’s genuine communication going on and signs they’re addressing the problem.
You don’t leak a passwords database publicly on the Internet in good faith.
Not necessarily the same hacker.
If this was genuinely done out of love I could understand but due to the legal battles the internet archive is currently being dragged through, I harbor suspicion of their intent.
You sure about that, or are you hypothesizing?
There’s never certainty when talking about hackers…
That’s verbatim the content of the email and the email hack does not appear to be malicious (unlike the ddos or the password breach)
It’s more likely that this is 3 different groups than it is a single group.
I mean this person seems to be not doing it maliciously. As they say, if it wasn’t them, it would be someone else. Pushing archive to improve their security is great for everyone. As long as this person doesn’t do anything actually malicious, they’re in the clear as far as I’m concerned.
The hackers are mostly not okay. Fucking bootlickers.