Contacting The eleventh alliance

I, Bluefish, is responsible for webmastering www.11a.nu. I will happily answers any questions about our association, computer security and computer science. In most cases I will act as a spokesman for Eleventh Alliance if you want to interview us “as a group”. I am ready to answer questions from induviduals, researchers and reporters (etc.)

I/we can be reached at bluefish@11a.nu. All members are listed on the “about the members” page.

Please notify us before writing about us. The german magazine C’T didn’t; although we were happy to recieve the media attention, we do like to be prepared if we’re about to get a huge amount of emails in german (I barely understand german). Especially as people thought us to know everything mentioned in the article which was far from limited to information from our site.

Questions!

Sometimes people ask questions answered on our site.
What are our ideals and our aims? This is answered in our public agenda.
Please do check some of the questions & answers bellow as well.

Why do we disclosure security problems?

Sometimes we get the question why we publish security related information, as we then must be aware of the risk that the information can be abused. This mentallity has been used by companies previously, where security was provided through obscurity. Companies thought “We don’t tell anyone there’s a problem, then the problem doesn’t exist”. But actually it turns out the problem still does exist, and a public silence does not stop whispers. The problems remain, and can be exploited by the ‘few’ who know of it.

Today, all serious companies (Sun, Microsoft, Red Hat, Debian, Intel) at some extent believe in disclosure of security problems. They will inform people registered to their security announcements when you really should update a package, when it is insecure. This is better than before, people will learn that it’s time to update their products.

But some, and we are among them, believe that security today and for the future lies not only in patching existing known problems, but to understand the problems in depth, by letting it be publicly known exactly what the problem is. A problem will then recieve much more attention than a company can achive through conventional methods. And a secondary benefit is that the people who has understood the problem, are less likely to create new systems with the same problems.

This policy is known as full disclosure. It does not focus upon the possible missuse of a known vulnerability, but to provide the best possible fix and to avoid repeating the error. Instead of blindly limit your sight at the present, you look towards the future.

What’s your education?

Few of us have formal education in the field of security. Eleventh Alliance was started when most of us were 15 to 17 years old. We have learned programming and computer security much on our own, and it turns out that when it comes to practicly applying security, we aren’t totally clueless

Bluefish has some academic education in the field of computer security.

Will you help me evaluate my security?

Contact a decent company working in this field. To begin with, people who work with that every day ought to know it better than us. Secondly, we’re busy people. We don’t have time to do security evaluations, and aren’t qualified.

Does this mean we will help you “hack” or “crack”?

It does not. We do not help you do your crime. We do not “teach” you. People who place such stupid questions get a reply like “get lost”. And no, offering money does not help. We’re no criminals, and do not help criminals.