Goatse Security

Gaping Holes Exposed

Goatse Security Press Release

8 Comments »

June 20th, 2010 ― Goatse Security is dismayed at AT&T’s effort to co-opt the authority of the FBI to absolve themselves of their responsibility in a massive security vulnerability which disclosed private and secure information of its customers. Indeed, this vulnerability was 100% avoidable, and 100% AT&T’s fault. By co-opting the FBI, the private lives of Goatse Security volunteers has been invaded, and destroyed by what was at best a blunt instrument: the raid, by force, of the Goatse Security spokesperson’s private residence.

Goatse Security, in terms both clear and public, deplores this use of force to solve what is, in the end, AT&T’s PR problem. Goatse Security took measures beyond the norm to contact AT&T and assist them in patching the vulnerability before publishing it, or allowing any related media story to be published. It is our belief, and AT&T’s brash and public actions re-enforce this belief that:

  • Without large numbers of compromised customers, and without the headlines that go with them, this vulnerability would have gone unpublished, and AT&T customers unprotected. AT&T, as has been demonstrated in this instance, grossly irresponsible with the private data of its customers. We have no reasonable belief that AT&T would have taken action, would have warned anyone of this vulnerability. Instead, they would have simply swept it under the rug.
  • Full disclosure, the immediate public release of a vulnerability, is justified when companies act in their own self-interest, instead of protecting their customers’ privacy. Indeed, AT&T, instead of respecting its customers’ privacy, violated ours. This is unacceptable. Further vulnerabilities developed against AT&T will continue to be developed utilizing the best common practices (BCP) for developing such exploits, but will no longer be privately given to AT&T prior to their release. All future releases of AT&T related vulnerabilities will occur under “Full Disclosure” practices.

Goatse Security is relieved that Andrew has been released from his incarceration and is mostly unharmed, but condemns the violent, subversive, and unnecessary actions taken against him by both AT&T and the FBI. We wish Andrew the best in coming days as he picks up his front door, and his life, both pointlessly shattered by the FBI.
Goatsec is dismayed at AT&T’s effort to co-opt the authority of the FBI to absolve themselves of their responsibility in a massive security vulnerability which disclosed private and secure information of it’s customers. Indeed, this vulnerability was 100% avoidable, and 100% AT&T’s fault. By co-opting the FBI, the private lives of Goatsec volunteers has been invaded, and destroyed by what was at best a blunt instrument, the raid, by force, of the head of Goatsec’s private residence.
Goatsec, in terms both clear and public, deplores this use of force to solve what is, in the end, AT&T’s PR problem. Goatsec took measures beyond the norm to contact AT&T and assist them in patching the vulnerability before publishing it, or allowing any related media story to be published. It is our belief, and AT&T’s brash and public actions re-enforce this belief, that:
without large numbers of compromised customers, and without the headlines that go with them, that this vulnerability would have gone unpublished, and AT&T customers unprotected. AT&T, as has been demonstrated in this instance, grossly irresponsible with the private data of it’s customers. We have no reasonable belief that AT&T would have taken action, would have warned anyone of this vulnerability. Instead, they would have simply swept it under the rug.
Full Disclosure, the immediate public release of a vulnerability, is justified when companies act in their own self-interest, instead of protecting their customers privacy. Indeed, AT&T, instead of respecting it’s customers’ privacy, violated ours. This is unacceptable. Further vulnerabilities developed against AT&T will continue to be developed utilizing the best common practices (BCP) for developing such exploits, but will no longer be privately given to AT&T prior to their release. All future releases of AT&T related vulnerabilities will occur under “Full Disclosure” practices.
Goatsec is relieved that Andrew has been released from his incarceration and is mostly unharmed, but condemns the violent, subversive, and unnecessary actions taken against him by both AT&T and the FBI. We wish Andrew the best in coming days as he picks up his front door, and his life, both pointlessly shattered by the FBI.

8 Responses

Someone’s got to do it. Three cheers for your work.

- Dr. Dave

  • Thanks for finding the “gaping” hole with AT&T’s crap! I hate the damn monopoly of AT&T anyway! Great find GOATSE.

  • Fucking AT&T. It might almost be forgiven if AT&T wasn’t so happy with letting the government spy on everything that goes through the network. What a bunch of treasonous scum.

  • I was raided on the 23rd.

  • PERSONALLY????? I,m kind of glad that for at least 5 years someones going to be calling him their BITCH!! Prisons no fun……………….

  • Leave a Reply

    Switch to our mobile site