[Governance] JOSH SOKOL - CEASE AND DESIST CONTACT WITH CHRIS GATFORD

Josh Sokol josh.sokol at owasp.org
Wed Feb 26 14:48:16 UTC 2014


>
> There were no photos of his "wife on holiday" (has a hidden meaning
> which you can disclose with Google) or his kids in the bath (i.e.
> child pornography).  It was a fabrication that was made by Chris
> Gatford.
>

I would like for Christian to point out where I said "wife on holiday" or
"kids in the bath".  I said neither nor did I imply it.  Still, I would say
that hacking into a photo sharing site in order to disclose pictures of
another persons wife and kids is ethically sketchy at best and criminal at
worst.

Again, my Tweets are clearly labelled "Protected" which is commonly
> understood to be not for publication i.e.
>
> http://feedback.storify.com/knowledgebase/articles/236987-what-is-storify-s-policy-for-editing-or-deleting-s
>


*In a presentation entitled "For God Your Soul... For Me Your Flesh" at the
AusCERT security conference on the Gold Coast, security expert Christian
Heinrich demonstrated how he had gained access to the privacy-protected
Facebook photos of the wife of HackLabs director Chris Gatford.  *

*[snip]Heinrich, who works as an IT security contractor, admitted he did
not like Gatford but said that, because Gatford presented himself as a
security expert, he should be accountable for what is posted online. "I
have no ethical qualms about publishing the photos," he said. "They are in
the public domain."*

(
http://www.theherald.com.au/story/926302/security-experts-go-to-war-wife-targeted/
)

Christian, by his own admission, feels that even privacy-protected
documents are in the public domain.  That said, it doesn't matter in this
case as this tweet was sent to Jim Manico while in service on the OWASP
Board of Directors.  It shows a clear intent to do damage to the OWASP
Foundation.

Jim receives advice from someone in his family who works at the IRS,
> who he consulted (and was subsequently corrected by) for his recent
> failed attack against the OWASP Top Ten and Aspect Security.
>
> Google "Jim Manico" IRS inurl:owasp-board for references


The Google query returns two results.  Neither of which proves anything
about anything.  I see no ethical issues here.  Christian does not mention
Jim's specific ethical violation nor does he provide any evidence to
directly support a violation.  This should be summarily dismissed.

This is clearly dated in January 2011 and well before Josh or Jim
> become OWASP Board Members and furthermore "i.e." indicates "for
> instance" meaning in the present time.
>
> This is at best Josh clutching at straws since I also provided the URL.
>

This was a deliberate attempt to mislead the reader into believing that
Yiannis said something that he did not say.  This is merely Christian's
opinion and nothing more.  I will withdraw my request that it be tendered
into evidence as Christian fabricating evidence based on his clarification,
but would request that he be cautioned to be more explicit in the future
rather than saying someone said something, providing a link, and then
putting another statement in quotation marks next to it.

Can someone please let me know why Yiannis is still an OWASP Member in
> light of his continued violations of the OWASP Code of Ethics but I
> know the answer is selective judgement right Josh and Jim?
>

The OWASP Board does not and should not chase after individuals for ethics
violations.  In general, we are a community of volunteers and should trust
that our volunteers are doing the right thing.  The OWASP Code of Ethics
was meant to serve as an explicit reminder of things that we all should be
doing without having to be reminded.  However, in cases where specific
ethical concerns have been raised, the Board will use the Code of Ethics as
a guideline to determine if a violation has occurred.  I am not aware of a
formal ethics complaint against Yiannis as no complaint has been brought
forth during my tenure as a Board member and I fail to see the relevance of
this in a thread where it is me, not Yiannis, who has been accused of an
ethical violation.  I would recommend that Christian start a new thread on
the governance list with his allegations of ethical violations against
Yiannis and not place them in this one.

~josh


On Wed, Feb 26, 2014 at 12:44 AM, Christian Heinrich <
christian.heinrich at cmlh.id.au> wrote:

> On Wed, Feb 26, 2014 at 4:38 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
> > For the record, Christian is comparing disclosing pictures of a security
> > practitioners wife and kids by hacking into a photo sharing site with
> making
> > threats of damage to the OWASP Foundation via a tweet to an OWASP Board
> > member.  To say that these are the same because they are both "Social
> Media"
> > represents a gross misunderstanding of ethics in general.
>
> There were no photos of his "wife on holiday" (has a hidden meaning
> which you can disclose with Google) or his kids in the bath (i.e.
> child pornography).  It was a fabrication that was made by Chris
> Gatford.
>
> Furthermore, Chris Gatford's former employer endorses my action too
> i.e.
> http://www.zdnet.com/penetration-testing-employees-social-media-to-improve-policy-7000017234/
>
> The fact is Chris can't present
> https://www.slideshare.net/ChrisGatford/social-media-abuse-hacking and
> then not be held to account.
>
> Again, my Tweets are clearly labelled "Protected" which is commonly
> understood to be not for publication i.e.
>
> http://feedback.storify.com/knowledgebase/articles/236987-what-is-storify-s-policy-for-editing-or-deleting-s
>
> On Wed, Feb 26, 2014 at 4:38 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
> > Again, Christian is making wild claims of ethics violations without even
> > calling out the specific violations or providing evidence of the
> violation.
> > Does anyone know or understand what Christian is saying about the IRS and
> > OWASP/Jim Manico?
>
> Jim receives advice from someone in his family who works at the IRS,
> who he consulted (and was subsequently corrected by) for his recent
> failed attack against the OWASP Top Ten and Aspect Security.
>
> Google "Jim Manico" IRS inurl:owasp-board for references
>
> On Wed, Feb 26, 2014 at 4:38 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
> > To be clear, this actually says "Jeff decides and Dinis manipulates".
> > Yiannis says nothing about Josh or Jim.  This is an outright lie by
> > Christian.  Martin, please tender this into evidence as an example of
> > Christian fabricating evidence.
>
> This is clearly dated in January 2011 and well before Josh or Jim
> become OWASP Board Members and furthermore "i.e." indicates "for
> instance" meaning in the present time.
>
> This is at best Josh clutching at straws since I also provided the URL.
>
> Can someone please let me know why Yiannis is still an OWASP Member in
> light of his continued violations of the OWASP Code of Ethics but I
> know the answer is selective judgement right Josh and Jim?
>
> BTW, I support Yiannis %100 and Jim found no ethical qualms in
> scheduling an interview with him on JBroFuzz to support his election
> to the OWASP Board.
>
>
> --
> Regards,
> Christian Heinrich
>
> http://cmlh.id.au/contact
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20140226/556eae38/attachment.html>


More information about the Governance mailing list