Slashdot Mirror

The birth of a troll. Not that he hadn't been kicked out of several other online forums for the same behavior. I've had some fun googling the alecstaar username and seeing his banned self being talked about as a sort of trolling legend, while most are unaware of his Slashdot antics.

Or weirder, making coherent positive contributions on other web sites.

Im genuinely curious about what makes him tick

It looks like severe bipolar disorder, with Persecutory delusions - http://psycheducation.org/diag...

So, then, you are admitting the hosts file is not effective at blocking botnet c&c channels. Take that out of your list of extravagant claims of the benefits of hosts files.

How many times is a dumbshit like YOU going to *try* pull that on me, menial? Are there hostnames here that are still online?? Yes, ZEUS botnet (as a SINGLE example) https://zeustracker.abuse.ch/m...

If your approach only blocks 5-10% of domain names, then it is NOT effective for security. This might fly in your shareware consumer world, but that is not enterprise-grade.

Any OTHER kind, such as the edge case RARE types you noted (out of 'desperation') MY SECURITY GUIDE catches via Layered Security/Defense in Depth practices -> http://forums.pcpitstop.com/in...

You DO NOT HAVE A SECURITY GUIDE. I actually looked for it, and the closest I could find was where you posted it, but everybody thought you were an idiot and banned you. Not what I would call "success."

"Sounds like you've washed out of every job you've had."

Wouldn't matter, since if YOU are 'state of the art' in "security engineers" (allegedly)? You suck...

Yeah, you have totally washed out of every job you had, and now you've been an author of (shitty) shareware. Found this gem:

IpTables, iirc, = the LINUX modern evolution of the older IPChains system, right?? I am more of a Win32 guy the past few years though, so I must ask.

So you don't even understand UNIX. You are quite the security professional.

When I FRY weasels like YOU on a forums as I have here? Sure, they get pissed & have to 'kick me'...

You have been banned from almost every forum you've ever joined. Like when you were banned in 2000 from arstechnica, and rejoined as a different name to defend yourself. Or when you were banned after trying to spam your shitty security guide in 2007.

The best thing I could find anyone say about you, from a friend, was:

Vortac said:

The only thing I don't like about him (although I've gotten over it), is he thinks everyone is an idiot. He just hasn't had any real experience, deadlines to meet, or being a team player within an organization.

And the worst thing is, you're a really shitty programmer!

For my Hosts Engine, I chose Object Pascal since it's beaten even MSVC++ in strings work which my app does HEAVILY - dumb thing for you to say:

Funny, because you got called out for very poorly performing code (that just sorted some strings and took 11 minutes) here. And here are the kinds of things people said about your code a few years ago:

Man with no head wrote:

Of course spamming forums with publicity ads is kind of lame; don't take it personally, but you brought it upon yourself.

Now as regarding the actual package, I find the UI kind of weird and you don't seem to be following Windows UI guidelines (That's a no-no in Tog speak).

The feature set is kind of questionable; I fail to see the real value of your product really.

And to finish my rant, I got these errors on startup on my Win2k SRV SP1 system.

BTW

So, then, you are admitting the hosts file is not effective at blocking botnet c&c channels. Take that out of your list of extravagant claims of the benefits of hosts files.

How many times is a dumbshit like YOU going to *try* pull that on me, menial? Are there hostnames here that are still online?? Yes, ZEUS botnet (as a SINGLE example) https://zeustracker.abuse.ch/m...

If your approach only blocks 5-10% of domain names, then it is NOT effective for security. This might fly in your shareware consumer world, but that is not enterprise-grade.

Any OTHER kind, such as the edge case RARE types you noted (out of 'desperation') MY SECURITY GUIDE catches via Layered Security/Defense in Depth practices -> http://forums.pcpitstop.com/in...

You DO NOT HAVE A SECURITY GUIDE. I actually looked for it, and the closest I could find was where you posted it, but everybody thought you were an idiot and banned you. Not what I would call "success."

"Sounds like you've washed out of every job you've had."

Wouldn't matter, since if YOU are 'state of the art' in "security engineers" (allegedly)? You suck...

Yeah, you have totally washed out of every job you had, and now you've been an author of (shitty) shareware. Found this gem:

IpTables, iirc, = the LINUX modern evolution of the older IPChains system, right?? I am more of a Win32 guy the past few years though, so I must ask.

So you don't even understand UNIX. You are quite the security professional.

When I FRY weasels like YOU on a forums as I have here? Sure, they get pissed & have to 'kick me'...

You have been banned from almost every forum you've ever joined. Like when you were banned in 2000 from arstechnica, and rejoined as a different name to defend yourself. Or when you were banned after trying to spam your shitty security guide in 2007.

The best thing I could find anyone say about you, from a friend, was:

Vortac said:

The only thing I don't like about him (although I've gotten over it), is he thinks everyone is an idiot. He just hasn't had any real experience, deadlines to meet, or being a team player within an organization.

And the worst thing is, you're a really shitty programmer!

For my Hosts Engine, I chose Object Pascal since it's beaten even MSVC++ in strings work which my app does HEAVILY - dumb thing for you to say:

Funny, because you got called out for very poorly performing code (that just sorted some strings and took 11 minutes) here. And here are the kinds of things people said about your code a few years ago:

Man with no head wrote:

Of course spamming forums with publicity ads is kind of lame; don't take it personally, but you brought it upon yourself.

Now as regarding the actual package, I find the UI kind of weird and you don't seem to be following Windows UI guidelines (That's a no-no in Tog speak).

The feature set is kind of questionable; I fail to see the real value of your product really.

And to finish my rant, I got these errors on startup on my Win2k SRV SP1 system.

BTW

That leaves hardware failures. I have full drive images to restore once the HDs fail. On a more serious failure, the entire rig is considered failed. Either time to pony up the $25k for a new system, or we do without.

Not that simple. If you trigger the reactivation requirement due to hardware changes, your MUST connect it up to the internet (assuming MS still has those servers online).

Otherwise your drive images mean squat.

OK, now I'm a bit confused. I assume that by transparent firewall you mean that the internal IPs are exposed (the firewall behaves like it is not there, well, other than filtering some packets). In that case I do not see why the attack surface would be lowered. I mean a NAT router also has a firewall (on Linux for example, iptables can be used as a router and firewall). If there is a bug in the firewall code then the device can be hacked and that does not depend on the mode. Same with NAT, if there is a bug in the code then it can be hacked.

Also, a transparent firewall would allow the bad guys to count how many machines you have. While this is not really serious, it would help them, especially since with NAT they cannot be sure whether port 12345 and 12346 go to the same machine or not.

Yes, I do indeed mean the setup where your internal(internet routable) IP addresses get exposed. I meant to point out that it lowers the attack surface of the security measure, in this case the firewall. NAT by itself (as a security measure) does not provide this, granted that one would not be especially smart to not run a firewall in front of a firewall which is one of the reasons I prefer to not run NAT and a firewall but just a firewall instead, to me that limits administration to the one function.
As for counting the amount of machines, this is possible behind a NAT as well, granted it takes more effort, more time and increases the amount of guess work. (2 random sources : http://www.antionline.com/archive/index.php/t-238181.html http://www.techspot.com/vb/topic5154.html [2003] ).

While usually a bug in the code indeed exposes the security measure to possible abuse, if you run transparent however, lacking a public IP address makes the chance those particular bugs get abused drop dramatically. After all you're not aiming communications directly at the firewall machine. One would first need to identify the fact that there's a transparent firewall by profiling, then either try the attack or run extensive profiling to try and identify the brand/version/implementation of the firewall and pick an attack based on that. Much like a NAT prevents direct contact to clients behind it on private ranges, a transparent firewall prevents direct contact to the firewall itself. It's nothing more then a packet filtering bridge like device after all. Intelligently crafted packets can still hurt it of course, but then I don't believe it can be 100% secure unless you unplug the cable.
I just trust transparent firewalls more then I trust NAT to keep my network safe based on the above, I don't find it a threat if someone is able to determine how many hosts are on my network, firewall, NAT or even both can't really prevent that anyway.
And let's not forget one can still control the exposure of hosts by other means like proxies for web/ftp/etc.

Yes, and both methods work well. What I meant was, you said about connectivity issues that are present with NAT. Yes, I need to forward a port for you to be able to connect to me. But the same would be true if I used a firewall - I still would have to add a rule to allow your packets. If I used Linux and iptables, the rules would look very similar.

Also, the point is that with IPv6, nobody would force you to use NAT, like it is with IPv4. If you do not like it or use protocols that do not support it, just do not use NAT, while I could continue to use it (if it becomes available of course).

True, I agree the two effectively pose similar challenges to connectivity yet under the premise that NAT on it's own should always be fortified by a firewall I'd rather leave the NAT out if I had the choice. Save me the trouble of administrating both a firewall and port forwarding or public/private IP mapping on a NAT solution. IPv6, as you point out, makes NAT a choice rather then a given, I am sure that if the IPv6 NAT standard doesn't get drafted the 'big' vendors will step in to fill the void albeit with their own, not necessarily good/friendly/open, 'standard'.

Briefly speaking, I try to 'debug life'. It's nice, everything I want I usually get through these mentally sketched 'algorithms'. But trying to argue with a girl about a problem in a logical way really doesn't work. When you think you had all the variables fixed and an obvious overall picture that she can't disagree, that's when she'll bring things that aren't even related to the problem, just to confuse things up.

That's because the female virtual machine doesn't (yet?) run on male systems, and any attempt to do so before it has been successfully ported will result in what can only be described as a mental segmentation fault.

I wonder how many of those students will end up working on the other side once they graduate. It would be kind of like a hacker working for a security company. They'll be more familiar with the strengths and weaknesses of all the arguments and could demand premium salaries in this area of law.

Except a hacker improves security when they see something that's insecure. It's crackers and script kiddies that break into systems for gain. Hackers have an ethic of not committing theft, vandalism, or breach of confidentiality.

I had a $50 POS Thinkpad that I used to take with me to the library, leaving my new laptop at home. Since I didn't give a crap whether or not someone stole my Thinkpad, I decided to have a little bit of fun with it. First, I wrote my phone number on a white label, which I stuck inside the battery case. Criminals are stupid.

Then I edited my Windows registry so that when the computer was booted up, a 'warning' message would appear from the Department of Homeland Security. Second screen was a reminder that this was a Top Secret computer, and they could go to jail for ten years if this computer didn't belong to them.

The only reason I even bothered to put my phone number inside the battery case was so that the police would know who to call when the idjit thief got scared and ditched the computer.

(This is why I don't have a husband. I'm too much of a computer geek.)

Here's a Microsoft link explaining how to make a logon warning script.
http://www.microsoft.com/technet/scriptcenter/resources/qanda/jan05/hey0117.mspx

And information about putting a DOD related warning banner.

http://www.antionline.com/archive/index.php/t-233933.html

How does the government really control all aspects of my life? Does the government stop me from any of the following:

a) starting a business

It depends on what business you want to start. Depending on what the business is government can make it harder to start. For instance my sister started trading, buying and selling on eBay. However in North Dakota the legislature has a law that require auctioneers to spend a lot of money to be licensed as an auctioneer. For those who are poor yet have the skills to sell on eBay this could prevent them from doing so, as least doing it legally.

b) selling a product

Same as above.

d) expressing myself however I want

I guess you didn't try to attend any of Bush's campaign stops in 2006 wearing a tshirt that wasn't approved. Even Bush supporters were turned out when they appeared with tickets to events where Bush was. And it's not just Bush, both the Democratic and Republican Parties were able to get law enforcement where they had their conventions to setup "free speach zones" away from the conventions.

e) buying anything I want

Government prevent you from buying many thing legally. There's this fake "Drug War" going on which deprives people of liberty.

f) eating however much I want, when I want, where I want

If you live in New York, or a number of other cities, yes. NYC has banned trans fats.

The answer is really no.

As listed above, the answer is YES! Just because it's not as bad in the US as it is in most other countries it doesn't mean there isn't any restrictions on liberty in the US as well.

Do I like the USA PATRIOT ACT? No, I don't. However, I've not seen the Democrats do anything to even try to repeal it.

Of course, Democrats supported the PATROIT Act as much as the Republicans did. Not only that but as President Clinton tried to get many of the same powers. Only two congressmen voted against the Act, one from Wisconson though I don't recall his name, and Rep Ron Paul (R) of Texas. And the thing is is none of them read the whole thing!

Actually, SCO [slashdot.org] (back when it was called Caldera) invented Open Source back in 1996 [google.com]. Yes, that's before the OSI thing, though after the foundation of the FSF.

The Tech Model Railroad Club of MIT had open source software as early as the 1960s and early 1970s beating out SCO by a long shot. The first computer game, Spacewar, came out in 1962 as a result of many programmers' contributions in an open manner. They used to compeat to see who could come up with a nifty hack, something that was considered impossible, never thought of, or was able to shave a few lines out of a program. Those programmer were amoung the first computer hackers and followed the Hacker ethic.

When something doesn't quite work, don't be tempted to strip the training filename off a URL in the address bar, as that's been proven in the US courts as _hacking_.

I use, delete the last file or directory from website, all the tyme if I get a 404, File Not Found, message. It makes it easier to find the file if it is still on the server, but the addie has changed, than going to the front page. It's the same suggestion I've been given by professors. If the webmaster or whomever doesn't want people to have accss to a directory all they have to do is block it. As for hacking, if it is to steal or maliciously cause harm it IS NOT HACKING, nor is the person a hacker. They may be a cracker or a script kiddie but they are not a hacker if they don't live up to the hacker ethnic!

Someone who exploits the tax code (for instance) is a hacker just as much as someone who exploits a vulnerability of a computer program. It's just the machine that's different.

A hacker hacks the system sure but they don't cause harm. Someone who causes harm, rips off, or steals from anyone else is a cracker, script kiddie, or plain crook but they are NOT hackers. Boy, this being slashdot I'd think people here would know what a hacker is and what the hacker ethic n. is about. It seems more and more like those who have the knowledge are allowing the mass media dictate what words mean.

That sounds like the pre-quantum wave theory equivalent of the bogon flux. (It's applied more generally now that we understand more about the underlying quantum nature of the bogon, and the fact that they only act like waves when observed in particular ways.)

Soda has posted two tutorials about it on AntiOnline. An older one @ http://www.antionline.com/showthread.php?s=&thread id=266049/ A newer one @ http://www.antionline.com/showthread.php?s=&thread id=269669/ Enjoy!

Soda has posted two tutorials about it on AntiOnline. An older one @ http://www.antionline.com/showthread.php?s=&thread id=266049/ A newer one @ http://www.antionline.com/showthread.php?s=&thread id=269669/ Enjoy!

I can see it now. The dumb ass goes to pick up all of the dead animals laying about, after first choosing the "turn rifle off" option. Someone breaks into the site using a couple of bounce points, chooses the "turn rifle on" option and BANG BANG BANG.

Or even worse, some kids happen to be playing in the field! "I know I shot the kids all dead, but I thought it was a game".....

Eerily this Gary Morse guy reminds me of John Vranesevich.

Serveral of the "security agencies" in Canada offer courses which are fairly strong overviews. The RCMP technical security branch offers a number of workshops for free. I have taken the 4 day IT security officer and 1 day malacious code course and both were very good overviews.

The Communications Security Establishement (Canada's NSA) offers a number of courses quite cheap. This is a good place to start and often provide a wealth of resources for additional learning. I would look into whether the same exist in your country...

SANS reading room boasts 1300 research papers. Here are some other places for reading off the top of my head:

@Stake
phrack
antionline
securityfocus

There are tons more if you look

Sig, Shmig...who needs one

I can suggest two sites you can check out for focussed information on this topic:

securityfocus.com

antionline.com

Did Adequacy ripoff that "Hacker" article you're bragging about in your sig from this antionline article? A lot of it seems to be almost word-for-word.

"Picture 1980. Ted Nelson is running around with his Xanadu guys: Roger Gregory, H. Keith Henson (now waging war against the Scientologists) and K. Eric Drexler, later to build the Foresight Institute. They dream of creating what is to become the World Wide Web. Nowadays guys at hacker cons might dress like vampires. In 1980 they wear identical black baseball caps with silver wings and the slogan: 'Xanadu: wings of the mind.'"

1994-current. Work continues on the second XOC fine-grain hyper-sharin transpublishing server, under Roger Gregory and Keith Henson.

o In 1992, the Church of Scientology had become the first religious organization in Canada to be convicted of criminal conduct. Specifically, stealing documents from law firms, public associations and government entities -- and breach of trust. In addition, in the Casey Hill litigation, Scientology was ordered to pay millions of dollars to Canadian lawyer, Casey Hill, for slandering his reputation.

If you are of a similar age to your superiors, especially if you are both young, you can communcate better because you feel like you are peers. I worked for a startup of 20-somethings where I regularly called the founder an asshole and vice versa, because we got along well.

• _____
• 
  ToiletDuk
  Protector of the Wastes

L0pht Heavy Industries
Cult of the dead cow
Happyhacker.org
Infiltration.org
hackers.com
Hacker news
attrition.org
AntiOnline
AntiCode
phrack
2600
Many of these pages contain arhives that have documents on cracking networks and such.
Vast documents on cracking NT servers.
A few of these are not really related but fun any how.
And the archives also contain many documents on system defence.
-----
If my facts are wrong then tell me. I don't mind.

see http://www.antionline.com/wargames/
it's cooperatively run by antionline and somebody else. It may have it's uses, but I think that most script kiddies to it to be annoying/show they have power, not just for the thrill of the hack.
it's DOS, it's not as complex as rooting a box or finding a real volnerability (sp) -- the people that are doing that probably have their own boxes anyhow.
willis/

• promotes

http://www.antionline.com/Ne tworkOperations/hacks.html is supposed to show the attacks on his network, which RealSecure detected. it comes out to about an average of 9 attacks a day. on the side, what kind of questions did he expect? He's never really accomplished anything or written any security tools or anything like that. The only thing there was TO ask him was to clear up the rumors.

I don't know, but its almost certanly JP@antionline.com

He seems like the kind of person who'll just block you.

--
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

That article is kinda inaccurate there. What happned was AntiOnline was linking to another site, which then deliberately set up a redirector so that any hits that came from AntiOnline, went to another page, which made it look as if it was cracked. Since no AntiOnline system was actually compromised, you can't really call it cracked. I suppose you could say AntiOnline was *hacked*, in the "clever prank" definition though.

I have my problems with things JP has said/done, the Packetstorm thing in particular, but the security on the site is set up pretty damn well. Now whether it is secure because of any "expertise" on behalf of JP, or from highly paid professionals with his VC money, is another story altogether.

Oh, you can read about AntiOnline's security setup here.

-Wintermute

This interview of JP begins to make more sense after reading JP's allegations of how many hits AntiOnline gets compared to other security sites.

The truth is there are now three contenders for Open Source eyeballs:
1. Andover News
2. Internet.com
3. RedHat's yet to be revealed journalistic venture

The truth is the largest-trafficked Linux/Open Source sites are being bought up by Andover and Internet.com in order to increase their value to their stockholders and to charge advertisers more for banner ads.

So, since JP alleges AntiOnline is more than twice as heavily-trafficked as HNN, (whose content is 500 times better), you can bet your keyboard, AntiOnline is being viewed as a potential acquisition by one of the aforementioned acquirers, regardless of the fact that Attrition.org's excellent analysis has already thoroughly exposed JP as a charlatan. But who cares, right? Just look at all the page views AntiOnline gets.

It is a sad day when you realize that a site's hitcount means more than the value of its content. Face, it. You are nothing but eyeballs-to-dollars for someone else's pocket.

So I guess my question would be, who has expressed interest in buying AntiOnline? But I bet that's one question to which we won't get a truthful answer.

Go ahead, moderate this comment down as far as possible, God knows we wouldn't want other readers to know the truth.

I just checked out your site for the first time in quite some time, and I had to wonder something. First off, I'd think that a security related site would value privacy of it's visitors. But then, when i came across the LinuxPPC box that you adopted, you've posted hackers IP addresses and Host Names. I recall you doing that with a "hack attempts" page logging all the alleged hack attempts against your site.

This one puzzles me because the "attackers" aren't doing anything wrong. You've invited them to "attack" that computer. Yet you treat them with the same level of respect as you do any other "cracker"...

--------------

I tried to keep this nice and just address the issue at hand. Please, nobody start lecturing the difference between hacker and cracker! It's just he's got all this info posted here and, though it's one thing to make alleged attacks public, I feel it's another thing entirely to reveal the identies of people whom he's invited to attack his site.

That's all.

attrition.org, not someone else who normally got called by the media in the past.

RedHat 5.2 is ancient, apache 1.3.3 is buggy (insecure? quite possibly)... so thanks for the information!

Just an idea... I wouldn't have let loose what it was running on, myself - but then again, it would be interesting to see if they have crack-attempt logs in the manner of antionline, and so on...

AntiOnline, who apparently acted as consultants for the MTV Special, Posted A Story about Shamrock's statement.

I think that it's just too profitable to sue nowadays--in most cases the victim of a lawsuit just gives in, rather than face a possible multi-million dollar judgement against them. It works out to be cheaper that way.

It's the exact moral equivalent of a protection racket: buy your "fire insurance" for $100 a week, or your store mysteriously burns down. Oh, and don't bother with the cops, or you might fall down some stairs. Settle out of court, or we'll tie you up in litigation for years, and you'll probalby lose in front of some soft-headed jury, anyhow.

What can be done about it? Heck, I dunno. Maybe I can scrape up some cash and sue someone...

Anti-Online has posted an artical applauding, MTV for their excellent, and accurate portral of what "real hackers" are like.

LINK

Well not really but its said there isnt any kind of post regarding it. :P

This in itself is not surprising. Computers have played a large role in the shaping of twentieth-century America. (If I keep talking like this they'll put me on the Discovery Channel.) Computers are everywhere. In the corner of every billboard is a world wide web address. You can not go through a box of frozen waffles without being berrated at to "Visit www.cyberwaffles.com for the digiwaffles experience pushing binary envelope!" (I do not know if it exists. If it does, please run to your local establishment of religion and _pray_!). Schools, the establishment where those of the noted age spend hours of each day, are now inseperably intertwined into the ubiquitous (Yeah, that's right kid, reach for your dictionary.) computer-culture of networks, servers and databases.

Another facet of life that teenagers often experience is rebellion. Everyone wants to be James Dean. Marilyn Manson, Korn and Ozzy Ozzbourne* are all examples of rebellious outlets. Others include shoplifting, cigarettes, and flavor crystals in Cinn*a*burst gum. I know people who will commit pointless, but incriminating feats of idiocy in school and then revel in pride when they are called to the assistant principle's office. It's a stage for most people. Most people experience it some time. Beyond this, you can read the volumes of psychiatry on adolescent rebellion ( Cheesy psychiatrist voice: Do you do this to your parent's because it makes you feel like you're getting back at them, Bobby?).

This combination breeds a special type of teenager. It is easy to tell who is and isn't. Let's see here... People of this type often...

o Claim to be "Hackers, Hax0rz, etc."
o Use Microsoft Windows (And every now and then a Mac user.)
o Pirate Software ("Warez")
o Have simple knowledge of the way that MS-DOS and Windows systems work. (i.e. Modify Autoexec.bat, win.ini, etc.)
o Have interest in "anarchy"-type information. (Jolly Roger-Anarchist cookbook, etc.)
o Use AOL or SLIP/PPP type network connection.
o May use viruses, trojans, etc.
o Use simple "hacking" programs

Let me explain these points. First, everyone has some definition of what a hacker is. (A definition which is mostly wrong.) There is all kinds of media surrounding these misconceptions. I will list a few:

o Movies : _Hackers_ (The worst of them), _The Net_, _Masterminds_, the movie in the works by Miramax about Kevin Mitnick, many, many made-for-tv-movies.
o Books: _Secrets of A Superhacker_, _The Happy Hacker's Handbook_ (please whatever you do, don't read this), _Cyberpunk_ (Kevin Mitnick has been in jail a long time unneccassarily and John Markoff helped put him there.), _The Cyberpunk Handbook_ (to the point of hilarity), and many, many "cyber-novels" (a phrase of Upright Citizen's Brigade Fame).

So everyone is pretty sure a hacker is someone who breaks into computers, right? Wrong. See the _Jargon File_ or _The New Hacker's Dictionary_. Anyway, these troubled youths choose to identify themselves as "hackers", because in their definition, "hacking" is what they do.

On to the flawed existence of Microsoft Windows. Windows is the most common operating system on the face of the earth if I am not mistaken. Real hackers, whenever remotely possible, do not concern themselves with Windows. Go get Linux. The fact that the these who claim to be "elite" are using a operating system that is the equivalent of a sanitarium with padded walls and crayons for writing letters can be used to prove that these "hackers" are really technically inept.

Software piracy, a.k.a. "warez" is a common activity of these faux "hackers" because it gives them a sense of doing something that is wrong and more importantly, illegal. This is easily attributable to their rebellious nature, which was discussed earlier. Here I will note the importance of flashy graphics. I have seen many, many "hax0r" webpages that are done entirely in Adobe Photoshop with nothing but selection and Alien Skin Software EyeCandy plugins. Most of these pages (probably yours if you used lots of EyeCandy) have *no* element of graphic design whatsoever. It is easy to impress these so-called "hackers" with this kind of design. They thrive on social support for self-confidence and attempt to impress each other with these pointless images. This is why Adobe Photoshop is a common item on "warez" pages.

Everyone has used computers. Some people know more than others. In this case with the kids I am discussing, they may or may not know more, but by only a thin margin. It is even possible that they may know BASIC programming. Their peers see that they have (slightly) surperior knowledge and may express admiration. This is what builds up the whole "elite" attitude. No one likes an egomaniac.

Anarchy files is a simple extension of the need for rebellion. No one really needs to know how to make napalm. No one reading this, at least. Intrest such as these are purely childish and even less justifiable than software piracy. If the government ever makes an organized attempt at complete totalitarianism, the only thing you will be able to do is insert your head between your legs and kiss your sorry ass goodbye.

The single most popular isp among these wannabes is probably aol. AOL is a terrible company (although they did score points with the Netscape open-source issue) and is the least desirable access provider anywhere. I would rather live in North Korea and eat dog than show up on someone's server log as coming from an aol ip address. Aol isn't always the way modus operandi, though. But reagrdless, they will, with few exceptions, always use a SLIP/PPP networking connections. Why is this relevant? Because it shows their technical hopelessness. I garauntee you that you can sit any of these "hakz0rs" down at a bash shell and the first thing they will try to do is type "win" or maybe "dir *.exe" and finally "help". They need their precious gui interfaces because without them they will drown in their sea of bad MS-DOS syntax. This is statement can be supported by their love for cheesy graphics. Do you think most "31337 d00dz" optimize their sites for Lynx? I didn't think so.

Computer viruses. Personally, I think that anyone that has taken the time to learn assembly should write themself a microkernel so they can network their toaster ovens or electric toothbrushes or do something at least semi-productive. But alas, it appears some insist upon pointlessly annoying innocent computer users. Not that these people that are capable of producing such programs are common in "hak3r" culture. Virus distribution is just another way to feel rebellious and badass while in reality it's the equivalent of setting random people's homes on fire. Pretty cool, huh?

AOHell, WinNuke, port scanners, Back Orifice, the list goes on. It appears that every now and then one of these kids actually figures out the winsock control in Visual Basic and in a malevolent orgy of simplemindedness produces another one of these idiot machines. (My sincere apologies to the l0pht; I don't care how many CERT advisories you've caused, you still can't spell.) I program. In C. No, not Visual C++, that doesn't count. Try the GNU compiler for a real programming experience. Lost without your anarchy symbol pointer and some buttons to push, huh? All of these programs are simple to design. WinNuke is something like five winsock.dll calls, I believe. Back Orifice isn't the genius it's made out to be. Wow guys, I'm in this guys hard drive! Remote access utilities are very common. Back Orifice is not the first or the best,, by any measure. The only difference is that Back Orifice makes a few registry calls, uses datagrams and runs transparently. The people who use such programs think that their designers are really "l33t", when in truth they are just simple socket programming exercises. No magic. The vast majority of the so-called "hacking" population does not know how to program anything at all and uses these programs without caring how they work. Where's the hacker spirit at?

If you meet any two of those conditions (with possible exception to numbers two, four and six) I would immediatly seek out psychiatric help for your immaturity.


Kspett

"There's a reason why malicious hackers around the world hate Vranesevich, now here's your chance to learn how to make them hate you too."

Sounds like fun. More details about his workshop can be found here.

The whole affair sounds as useful as Dr. Nick Riviera from The Simpsons lecturing would-be physicians.

The times I've visited AntiOnline (and that not often, but still), it has struck me as being much more of an information clearing house than a source for original content, which Forbes seems to be insinuating. Visiting today, it really still is. Which isn't a bad thing, either (look at /.)

Any reader of Brill's Content will note that most journalists aren't formally or practically educated in the fields which they cover. Whether this should be so is grounds for another post, of course, but I'd think that Vranesevich, as operator/publisher/editor of AntiOnline would qualify as a journalist. Not a great one, either, but still.

Any attack on AntiOnline should be made regarding AntiOnline's quality of reporting. Has AntiOnline (rather than Vranesevich) been incorrect? Has it disseminated false information? Have the scoops, such that they are, been important? And so on, and so forth. Instead, Forbes has taken the easy way out: slam AntiOnline by insisting that Vranesevich has insufficient "street cred" and that he's litigious.

No doubt Forbes would shy away from the same argument, applied to themselves: since Steve Forbes is a trust-funded, socially conservative wingnut, Forbes Magazine is obviously a rag.

Well, it is a rag, but that's not why.

--

The only problem is that this only shows the resiliance to script-kiddies. Most of the serious intruders (you know, the ones who do this kind of thing for PROFIT) would never be so stupid as to take part in such a contest.

So basically, you're saying the Linux box is capable of being cracked by someone with pretty much no skills whatsoever.

Well, now that must certainly be a comforting thought to the IT managers of the world. Gee, I'd hate to see what kind of disaster would result if a hacker who actually had an ounce of skill decided to go after a Linux box. Oh wait -- I have .

:-) :-)

Cheers,
ZicoKnows@hotmail.com

The problem we have with that is that, increasingly, I've seen sites who use a bit of javascript to open the link in a new window - eg http://www.antionline.com/. The problem is that if you open the javascript in a new window, you get a window with a javascript "location", and no content.
Otherwise, definitely, it should be possible (and probably encouraged) to use both open-in-new and use of the Back button.

So actually, disabling javascript might still be a good thing - it's one of those time-to-decide moments as to whether you javascript your 'open in new window' links or not.

(FWIW I hate these 'return to top of page' or 'back to index.html' links on redundancy grounds alone - if your browser doesn't do ctrl+home or some equivalent, get a new one!)

The guy supposedly founded antionline (whatever the hell that's supposed to mean), his document has a link to his own jargon mirror , and yet he still doesn't know what "hacker" means. That's a whole new kind of stupidity.

Ok I'm not an expert on this but here's what I understood to be the situation. JP, or "gaypee" as he seemed to be refered to often (NOTE: i think this nick name is distastefull, it just shows what people thought of him), is the head of anti-online, a supposed security consulting site, or something along those lines. He claimed that packetstorm had several things about his wife and family, including personal information, and other offensive material, such as a nun covered in semen. Whether this material was there or not I really do not know. There were several pages that were very critical of him, with racist and other quotes of the sort. From what I understand to the security community JP is regarded as a fraud who really knows nothing about security, dimes on fellow (cr,h)ackers, and basically abuses the (cr,h)acking scene in anyway he can. Supposedly he also deals with any critisism very poorly. Some people have speculated that JP tried (and for a while succeeded) to shutdown PacketStorm because he saw the site as competition, and the worst kind at that, free competition (sound like a certain evil empire we all know and love?). From what I could gather from the situation before, JP is an all around dick. Anti-Online's site is here http://www.antionline.com/ but you won't be able to just click the link, they have blocked referals from slashdot, because apparently slashdot is a cracker site. Atleast this was true when the last story was posted, I don't know if it still is. Go figure.

i disagree with the framing issue. mostly because there are very simple ways to prevent that exact type of situation. you can configure a web server to restrict certain content only if the referer is your own page. if it comes from some other page put up something like "you can't access this material blah blah blah"

for an example click here http://www.antionline.com (asuming the site even works at this point)

I don't think that was it. AntiOnline seems to be back (for the moment). There's an editorial at http://antionline.com/archives/editorials/packetst orm.html that includes a copy of the letter JP sent to Harvard. There's some explicit descriptions of the alledged sexual and libelous content. -Jennifer

Umm, this seems like it would have been a fairly easy thing to verify before taking action, wouldn't it? Am I right to assume that PacketStorm never contained anything of that sort?

From www.antionline.com, coming from the article WWW page. The Site You Visited Before AntiOnline Is On The Denied Referer List The site that you visted before AntiOnline is a Denied Referer. What does this mean? Basically, it means that AntiOnline does not allow the site that you just came from to link directly to AntiOnline content, or to utilize any resources that may be part of the AntiOnline Network.
To find out how you can stop malicious hackers, visit AntiOnline's Fight Back!
For the latest security news, views, and information, visit the Main AntiOnline Website.

US Senate Website Hacked Thursday, May 27, 1999 at 19:42:37
The hacker "counter strike" continues, as the the official website of the United States Senate is defaced.

For their link click here. Although it may not work... hmmm....

I suggest everyone go read anti-online's coverage of this.

If some of those items, specifically the article
about the FBI directives sent to ISPs, are true,
it is a VERY disturbing situation...

here are some excerpts....

AntiOnline Receives Directives
Thursday, May 27, 1999 at 11:59:27
by John Vranesevich - Founder of AntiOnline

AntiOnline has recieved directives given to
several ISPs listing the groups of hackers and
hackgroups that they're currently targeting.
Sources faxed AntiOnline the 6 page directive
which begins:

-snip-

The request then goes on for 6 pages listing
hacker, groups, and media currently under
investigation by the FBI. The list contains
not only the hacker's handles, but in most
cases, their real names. For the privacy of
those involved, AntiOnline is only publishing
their aliases. Here is a partial list of the
individuals on that list:

-snip-

Notice an important section from the above
paragraph: "...and media currently under
investigation by the FBI."

Now I REALLY have to wonder...what MEDIA is under
investigation by the FBI...and more importantly,
in what way are media services related to crackers
and their activity?

I am wondering if the FBI is attempting to "get
some dirt" on those media outlets that they
detest...(this may be completely off base but it
deserves some attention...).

Another interesting(and disturbing) part is listed
later on:

The directive goes on to request information to:
Directories, files, logs, records, information or
any data concearning IRC Channels visited by
Hackers or individuals listed in paragraph 1,
specifically:

It goes on to list the following IRC Channels:

#creep
#j00nix
#tk
#pascal
#ex0dus
#faggotsex
#gayfagsex
#gaysex
#hackunix
#hax0r
#lezbiandsex
#linux
#sex_gay
#sex_pl
#shellx.log

-snip-

It concerns me that some of those channels have
*NOTHING* to do crackers at all...
#PASCAL?!?!

Again, maybe this is not important...
but I am certain many people have visited #linux
for non-cracking reasons(I know I have on
EFNET).

Just some thoughts...

dCf

--"They go around loooking younger for a few days,
then they need more...."

...they found a hole in the FBI webserver, and i think it's better to talk about that instead of the eternal war about hack/crack...
antionline also have a new story about FBI, ISP, and hackers right here.
--

...they found a hole in the FBI webserver, and i think it's better to talk about that instead of the eternal war about hack/crack...
antionline also have a new story about FBI, ISP, and hackers right here.
--