This guy is outing the archive for terrible security posture by bringing attention to it because they received disclosures and did not fix them.
Don’t get shit twisted - he’s the hero here. IA fucked up and has been vulnerable to manipulation by any number of corporate or national actors this entire time.
If they were really “the hero”, they’d follow the bare minimum of responsible disclosure best practices, and allow 90 days between privately alerting them of the issue and going public with it. Two weeks is absurd.
If this was genuinely done out of love I could understand but due to the legal battles the internet archive is currently being dragged through, I harbor suspicion of their intent.
This guy is outing the archive for terrible security posture by bringing attention to it because they received disclosures and did not fix them.
Don’t get shit twisted - he’s the hero here. IA fucked up and has been vulnerable to manipulation by any number of corporate or national actors this entire time.
You don’t leak a passwords database publicly on the Internet in good faith.
Not necessarily the same hacker.
If they were really “the hero”, they’d follow the bare minimum of responsible disclosure best practices, and allow 90 days between privately alerting them of the issue and going public with it. Two weeks is absurd.
If this was genuinely done out of love I could understand but due to the legal battles the internet archive is currently being dragged through, I harbor suspicion of their intent.
You sure about that, or are you hypothesizing?
There’s never certainty when talking about hackers…
That’s verbatim the content of the email and the email hack does not appear to be malicious (unlike the ddos or the password breach)
It’s more likely that this is 3 different groups than it is a single group.