<html><body><div style="color:#000; background-color:#fff; font-family:arial, helvetica, sans-serif;font-size:10pt"><div><span>this is quite surprising</span></div><div><br><span></span></div><div><span>first it seems nobody really read the posts about this software and the essential privace and security questions which weren't traited</span></div><div><span>it seems you were - as scientists - so absorbed in your project that you forgot the wider impact and possibilities of your project</span></div><div><span>the technical questions pushed the security and privacyproblems into the background</span></div><div><br><span></span></div><div><span>first the google searchterm didn't show links to reports on other forums but on your site itself</span></div><div><span>the google searchterm was site:yoursite and has shown all results on your site <br></span></div><div><span>that these results are also posted on other sites makes the problem even
greater</span></div><div>so that response is a mistake and its only purpose is to neglect your responsability</div><div>you should put however an article in your conditions - that you don't have (in a superlegalistic country like the US?) that this information shouldn't be <br></div><div>published on the internet because it has too much dangerous security information and that you aren't responsable etc....<br></div><div><br></div><div>three sideremarks on the question that a robot.txt will be made</div><div>* this changes nothing about the fact that the security information in the reports can be extremely dangerous</div><div>* this changes nothing about the fact that that information should be better protected against prying eyes</div><div>* this changes nothing about the fact that the information will still be on the site for scanners and searchengines that don't respect the robot.txt <br></div><div><br></div><div>secondly there are several things you
should do</div><div>* you should limit the tests to people who aren't behind a NAT (network)</div><div>the reason is that there are other people responsable for a network and that only those people should be able to use your service</div><div>you should also automatically refuse to it being used by certain organisations and firms like military, offical government and banks <br></div><div>to be sure that you aren't being used </div><div>you should make it possilble for the networkadmins to use your service but only after registration and control and with their official emailadress</div><div>and with a number of 'unresponsabilities" for you to sign for them</div><div><br></div><div>* you should change the structure and that people sign a declaration before the test is run <br></div><div>I don't understand why in the time of Lulzsec you take all these responsabilites without a disclaimer that is sufficient in the present situation of the internet and
legal environment</div><div><br></div><div>* and some other things I think about</div><div>but it all depends <br></div><div>do you want to do the right thing or do you still think that there is only a limited problem</div><div><br></div><div>If you want me to help you</div><div>I will <br></div><div>but If you think that I am just a stupid kid</div><div>than I will continue my research and campaign</div><div>belsec.skynetblogs.be<br></div><div><br></div><div><br></div><div><br><span></span></div><div><br></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"><div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"><font face="Arial" size="2"><hr size="1"><b><span style="font-weight:bold;">From:</span></b> Nicholas Weaver <nweaver@icsi.berkeley.edu><br><b><span style="font-weight: bold;">To:</span></b> Len Lavens <mailforlen@yahoo.com><br><b><span style="font-weight: bold;">Cc:</span></b>
Nicholas Weaver <nweaver@icsi.berkeley.edu>; "netalyzr@mailman.ICSI.Berkeley.EDU" <netalyzr@ICSI.Berkeley.EDU><br><b><span style="font-weight: bold;">Sent:</span></b> Friday, August 5, 2011 7:58 PM<br><b><span style="font-weight: bold;">Subject:</span></b> Re: [Netalyzr] did you know I can find all the results by IP address in Google<br></font><br>More specifically, the ones Google has indexed are summary reports which people have posted links to in a place where Google has crawled. Almost all are League of Legends users, where the advanced network debugging instructions are specifically for users to publically post Netalyzr links in the forums.<br><br>Thus even with a robots.txt (which we are going to add), these will still be discoverable by searching for URLs pointing TO netalyzr. <br><br><br>On Aug 5, 2011, at 1:58 AM, Len Lavens wrote:<br><br>> belsec.skynetblogs.be <br>> <br>> Yes Google has indexed all the results
it has found during its visits<br>> and your robot.txt doesn't probably exclude the results<br>> so now all that information is public<br>> <br>> and if you would like to ask Google also to delete all the results from its cache<br>> when you have installed your robot.txt and your Google accounts <br>> just to be sure no hacker sees all the very technical and useful information <br>> <br>> mailforlen<br>> _______________________________________________<br>> Netalyzr mailing list<br>> <a ymailto="mailto:Netalyzr@mailman.ICSI.Berkeley.EDU" href="mailto:Netalyzr@mailman.ICSI.Berkeley.EDU">Netalyzr@mailman.ICSI.Berkeley.EDU</a><br>> <a href="http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/netalyzr" target="_blank">http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/netalyzr</a><br><br><br><br></div></div></div></body></html>