attrition.org · Domains · Slashdot Mirror

Re:That's predictable. Solaris isn't a total dog. by linzeal · 2000-07-25 02:45 · Score: 1 · on Linux Distribution Security Reviewed

The link on attrition's site

Defacements by OS

Re:Moderation - Troll-be-gone by lobos · 2000-07-16 10:39 · Score: 1 · on Sun May GPL StarOffice

Wow. That has to be one of the lamest things I've read for a long, long time.

Check this out.

Take that Tux by Anonymous Coward · 2000-07-10 19:17 · Score: 2 · on Tim O'Reilly Confirms BSD Publications

Take that Tux

Re:the IRC logs by Stonehead · 2000-07-06 17:27 · Score: 1 · on Understanding Script Kiddies

Use a fixed font, not variable width. Magazines are usually text, "l33t" instead of "elite" came out of ascii art. </trivia>

hacker pages. by crovax · 2000-07-06 11:14 · Score: 3 · on Security - How Can you Learn Internet Self-Defense?

L0pht Heavy Industries
Cult of the dead cow
Happyhacker.org
Infiltration.org
hackers.com
Hacker news
attrition.org
AntiOnline
AntiCode
phrack
2600
Many of these pages contain arhives that have documents on cracking networks and such.
Vast documents on cracking NT servers.
A few of these are not really related but fun any how.
And the archives also contain many documents on system defence.
-----
If my facts are wrong then tell me. I don't mind.

Re:Heh. Social Engineering at it Finest. :) by Anonymous Coward · 2000-07-06 01:04 · Score: 1 · on Understanding Script Kiddies

This is actually very old and has probably nothing to do with this particular AC - apart from the fact that he copied and pasted it.

It's from an old 31337 H4X0R group called BoW (Brotherhood of Warez)

You can find that particular newsletter here.

Three Fingered keyboard by lanner · 2000-07-05 22:33 · Score: 1 · on One-Finger Keyboarding?

The Microsoft Keyboard;

http://www.attrition.org/gallery/m s/win2k-kbd.jpg

This obligitory Microsoft slam brough to you by attrition.org.

Re:a good reason not to use *nix by nemoc · 2000-06-12 01:45 · Score: 1 · on How To Secure A Cracked Box

Take a look an

any

hacking sites archive (i recomend attrition.org. Go to the defaced archive, and it'll tell you what operating system the hacked b0x was running. The vast majority of the hacking sites are running nt. Windows NT has security holes --they're just not as well documented. Security through obscurity. [is your friendly neighborhood hackers installed there software as an NT service, you might not have noticed.]

A gram of prevention is worth a Kg of cure.... by fluffhead · 2000-06-12 01:41 · Score: 5 · on How To Secure A Cracked Box

Try securing your systems BEFORE they get cracked. A good few places to start:

Insecure.org, especially this top 50 security tools page.
SecurityFocus the disseminators of the BUGTRAQ list among others.
Attrition.org, especially their security page.
And of course 2600, the l0pht, and Phrack for the latest tasty street info....

#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak

A gram of prevention is worth a Kg of cure.... by fluffhead · 2000-06-12 01:41 · Score: 5 · on How To Secure A Cracked Box

Try securing your systems BEFORE they get cracked. A good few places to start:

Insecure.org, especially this top 50 security tools page.
SecurityFocus the disseminators of the BUGTRAQ list among others.
Attrition.org, especially their security page.
And of course 2600, the l0pht, and Phrack for the latest tasty street info....

#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak

Some informed opinion on the subject... by mav[LAG] · 2000-06-01 22:05 · Score: 5 · on CNN Asks "Can You Hack Back?"

can be found at Attrition's page on the subject. In a nutshell, it's much harder than it looks, legally questionable and more often than not ends up screwing around with innocent third parties.

Re:Inventing the Internet by Mr.+Flibble · 2000-05-30 23:42 · Score: 1 · on Scott Reents, Online Political Activist

Does Vice President Al Gore have an unfair advantage in the online campaign of the presidency since he invented the Internet? Will the FEC step in to level the playing field for G.W. Bush so he can compete online against Al Gore?

Absolutely. Since Gore wrote the specs on TCP/IP and was the main instigator of all the RFC's in existance he has a major advantage. Bush is probably going out and secretly hiring all the "SkR1p7 K1DDi3z" once he has them on their side he will have a more level playing field.

Bush probably wants the L0pht on his side as well being as they are top notch, and of course they wrote the one book that prevents the one father of the internet from sleeping at night.

;)

Re:They found a hole and patched it... by Platinum+Dragon · 2000-05-17 01:54 · Score: 4 · on Office Assistant: Yet Another Security Hole

Most Linux/*NIX holes aren't so glaringly stupid, and are a hell of a lot harder to exploit. Why should arbitrary script code be able to affect the registry (only one of the most important files on a Windows 9x system), overwrite files, and e-mail itself without telling the user? And why in hell is the Office "assistant" usable in resetting security permissions?

"But, but, but, someone could write a script for Linux too! Ha, got ya there!"

No, you don't. If a user sets up sh to run scripts automatically in Netscape, or downloads and sets the executable bit, it would still only affect that user's files unless they were dumb enough to run Netscape or the script as root. The user would lose the files they own, but binaries and pretty much anything outside /home/$USER would remain unaffected. This is assuming the user didn't bother to at least read through the script first, or find out what the heck it actually is.

"But, but, but, there are bugs in Linux! And some can lead to a root compromise!"

No denying that; they still require some level of actual skill, either in programming or ingenuity, to take advantage. Once again; arbitrary code should not be able to affect anything; it should be contained (like the Java sandbox), and never run as an administrator. NT at least takes steps in this direction, though a cursory look through the Attrition page crack archives should show how much NT is like Swiss cheese.

The point: Windows 9x, and to a lesser extent NT, is inherently insecure, allowing arbitrary code and even scripts to affect important system files and take actions without the user's knowledge. The Morris Worm forced *NIX to shape up; perhaps dragging Windows into the light will force Microsoft to do the right thing for once.

Re:Gutenberg Project by Kabloona · 2000-04-24 23:07 · Score: 1 · on Where Is The Wiretap Archive?

Gutenberg is a great resource for books, but everyone should check out attrition.org

Attrition hosts the defaced web page archive seen on HNN, in addition to having zillions of text files. They also have a huge movie archive which includes every funny/disturbing movie that ever landed in your inbox.

Check it out, its a great resource.

peas,
-Nick

Re:Gutenberg Project by Kabloona · 2000-04-24 23:07 · Score: 1 · on Where Is The Wiretap Archive?

Gutenberg is a great resource for books, but everyone should check out attrition.org

Attrition hosts the defaced web page archive seen on HNN, in addition to having zillions of text files. They also have a huge movie archive which includes every funny/disturbing movie that ever landed in your inbox.

Check it out, its a great resource.

peas,
-Nick

blackhats or script kiddies by PotatoNO · 2000-04-16 23:44 · Score: 1 · on SecurityFocus Responds To ESR Column On OSS Security

Anyone who regularly looks at attrition's defaced mirror knows that a dominating portion of the blackhat crackers out there are using well known bugs and exploiting lazy (or overburdened, or unqualified) administrators instead. Most crackers are looking for noteriety first and everything else second. That's why web pages are defaced, credit card numbers are posted, etc. etc. How many blackhats do you think are looking for the bugs and keeping their mouths shut about it? I'm not saying it never happens, but certainly having open-source does more good than harm.

And another thing, if its so easy to grep for strcpy then why hasn't it been done to the code in the first place? Why isn't it automatic?

"Leave Napster alone" - Metallica site cracked by vaxer · 2000-04-14 01:55 · Score: 1 · on Napster, Gnutella, Bans, Lawsuits And More

See for yourself -- looks like someone decided to counterattack.

Re:Down right criminal... by coolgeek · 2000-04-13 20:15 · Score: 2 · on Backdoor In Microsoft Web Software?

about 21% are Microsoft based, or 2,742,931 servers - that's the good news.

Another interesting info point: with such small marketshare, IIS consistently accounts for 50-70% of reported defacements on attrition.org OS Statistics

good sources for info by Ken+Williams · 2000-04-06 01:14 · Score: 2 · on Information On Cryptography And Effects On Society?

http://www.cryptome.org
http://jya.com/crypto-free.htm
Learning About Cryptography
Ritter's Crypto Glossary and
Dictionary of Technical Cryptography
Encryption & Security Tutorial
N.A. Crypto Archives
International PGP site
NSA National Cryptologic Museum
EFF
attrition.org crypto archive
Bruce Schneier's Crypto-Gram

and last, but not least (the archive i developed) ....

PacketStorm Crypto Archives

there are lots and lots of excellent tutorials, docs, glossaries, and links to many of the great crypto sites in the world at all of the URLs above.

for the best info on NSA, ECHELON, misc paranoia, you should first check out Cryptome/JYA. i archived quite a bit of stuff related to your questions at the packetstorm site too - packetstorm.securify.com/crypt/nsa/.

feel free to email me directly if you like too. over the years, i have had some interesting experiences with the NSA, BXA, etc - primarily regarding my hosting of crypto archives, and personal investigations of NSA, ECHELON. if you want to discuss these things, get the pgp key for ken.williams@ey.com from www.keyserver.net, and send your key(s) and crypted msgs to tattooman@genocide2600.com

Re:Why didn't Apple go with Linux? by soulhuntre · 2000-03-28 11:55 · Score: 1 · on Darwin Source Completely Available

The URL's are....

bsdgirl

linuxchiq

Re:Why didn't Apple go with Linux? by soulhuntre · 2000-03-28 11:55 · Score: 1 · on Darwin Source Completely Available

The URL's are....

bsdgirl

linuxchiq

Re:WebPage Layout ... by InS0MnIaC · 2000-03-28 02:27 · Score: 1 · on Interview: Lynda Weinman

OK. I agree with your "rose by any other name" philosophy to a point. But what happens when it's a story about a really big-ass potato? Most people would like to see a picture. Of course people like eye-candy...you can only do so much with words - especially when you have little time to update a constantly changing article (which would be made easier by a cgi-script so you don't have to put in the HTML formatting).

Sure. Getting "just the news" from Attrition is fine if that's your bag, but you're comparing apples to oranges. CNN is by no means a "just the news" type of web site.

The real question is ... how much more impressive is an article about potatoes with images tables javascripts php perl cgi and whatever ...

Tables? Look at the source of Attrition's main page - it is one big table.
perl & cgi? - Shame on you.

Don't throw in a bunch of buzz-words to make a point.

Re:WebPage Layout ... by InS0MnIaC · 2000-03-28 02:27 · Score: 1 · on Interview: Lynda Weinman

OK. I agree with your "rose by any other name" philosophy to a point. But what happens when it's a story about a really big-ass potato? Most people would like to see a picture. Of course people like eye-candy...you can only do so much with words - especially when you have little time to update a constantly changing article (which would be made easier by a cgi-script so you don't have to put in the HTML formatting).

Sure. Getting "just the news" from Attrition is fine if that's your bag, but you're comparing apples to oranges. CNN is by no means a "just the news" type of web site.

The real question is ... how much more impressive is an article about potatoes with images tables javascripts php perl cgi and whatever ...

Tables? Look at the source of Attrition's main page - it is one big table.
perl & cgi? - Shame on you.

Don't throw in a bunch of buzz-words to make a point.

WebPage Layout ... by SuperDuG · 2000-03-27 12:14 · Score: 2 · on Interview: Lynda Weinman

Well webpage layout and techniques are being used everywhere. Let's contrast CNN and Attrition ... both are fairly visted websites. But attrition relies on what it writes unlike CNN that relies on images....

The real question is ... how much more impressive is an article about potatoes with images tables javascripts php perl cgi and whatever ... compared to the simple bare-minimum html page with nothing other than black text on a white background. The article doesn't change ... The potato still grows ... so what's the need for extra space? People like eye candy ... just look at microsoft.

Re:2600 [offtopic] by drix · 2000-03-20 08:46 · Score: 1 · on DeCSS To Be Broadcast Over Oz TV

From one of the many 2600 FAQs:

Alt.2600 is a Usenet newsgroup for discussion of material relating to 2600 Magazine, the hacker quarterly. It is NOT for the Atari 2600 game machine.

It doesn't say it, but the inference is that neither is the magazine.

--

Analyze the content, not the type by stx23 · 2000-03-16 04:58 · Score: 1 · on German Censorware Targets Music

Basically, the German recording industry is selling the idea that they should have carte blanche to block any incoming packets they see fit, at the router.

OK, they want to block illegal mp3s. Whether or not you agree with this is a different issue.
How about they analyze the packets, and, in the case of an mp3, check the ID3 tag to ensure whether or not it is illegally distributed, *then* decide if it should be blocked or not?
The technology is there to acheive this properly, but it won't happen. It will come down to all or nothing, and Cowboy Neal's groovy tunes will be blocked, just because they are mp3s.
Sure, it's a shame, those are unexpected groovy treats, but if you're German, you won't get to hear them. Not without an offshore shell account and encryption, but how long until PGP packets are banned? Then they ban usenet, then email, then web. Welcome to the new net. An engineer's playground, brought into check by those who know better than you. You might have helped built it, but the goverment knows better.
'Think for yourself, and question authority.'
Timothy Leary vs. the Grid
Probably on Napster as an mp3, if you can't find it, get napigator and search for it. It's in there, and I doubt anyone involved would object to it's distribution.
Support freenet & blacknet, it's the only realistic way to can advance without interference.

Re:OT: "white hat" hacker training material? by Duke+of+URL · 2000-01-26 02:47 · Score: 1 · on L0pht Gives FAQ of @Stake Merger

Don't forget the other following security references:

Cert: http://www.cert.org/

Packetstorm: http://packetstorm.securify.com/index.s html

and Attrition has some stuff too http://www.attrition.org/

Re:Obligatory jokes... by aqua · 2000-01-21 12:43 · Score: 4 · on Smell Mail to Replace E-mail?

Also journalists using hot-paper smells, the inevitable reeking cacaphony of Usenet (a.s.r would smell of burnt silicon), the grotesque smell down{wind,stream} of AOL. Emacs would employ the olfactory port of the dissociation code. Editors would have to provide syntax highlighting and meta tags for smells. Ad filters (ijb et al) would be employed to make for a neutral experience.

Every corporate website would employ the olfactory equivalent of Muzak -- some superficial focus grouped scent of productivity and profit, mixed with some twinge of dynamism and excitement. Evil h4x0rs would break in and replace these smell files with the smell of pot (doubt that? Check the attrition hacked-sites archive and count the pot references).

We would receive spam offering us the usual "free pics delivered daily to your email box," augmented with "wee wiff of quim in the morning" offerings no discriminating connosieur (sp) could resist. [Rob Roy reference]

Mailbombs would become messier affairs.

Valentine's day (easy). cron jobs that produce the smell of toast and coffee (or other apropriate cues) at the right times of day.

Rather than spraying an aerosol about whilst cleaning a bathroom, you'd send mail to the e-toilet.

I pity those who got their moderator points on this one. :)

security-stats: Microsoft vs. Open Source by arnim · 2000-01-20 17:59 · Score: 2 · on Microsoft Vows Security Commitment on Win2K

the number of vulnaribilities which show up in securityfocus.com show that this is really necessary for MS to get back ANY reputation in security. the securityfocus-list shows 29 holes for microsofts IIS in the years 1998-1999. for apache there are two, both from 1996.

it's hard to use this list to compare linux vs. NT, because lots of the bugs listed for the operating systems are in add-ons and third-party products.

the nearest statistical comparison of openrating-system-security is on attritions web-defacement-counter. in the overall OS-count from august 1999 to present Win-NT is leading clearly with 55%, followed by linux with 19% and solaris with 13%. source: http://www.attrition.org/mirror/att rition/os.html

these total number of defacements should also take into account, that there are more webservers running on linux than on NT, as can be seen here.

open source brings a security-problem which is not as big in closed source: it's far easier to write trojans. but this risk is small compared to backdoors intentionally implemented by clodes-source software manufactures. a good example is the international version of lotus notes where the NSA knows 24bit of the 64bit-key.

security-stats: Microsoft vs. Open Source by arnim · 2000-01-20 17:59 · Score: 2 · on Microsoft Vows Security Commitment on Win2K

the number of vulnaribilities which show up in securityfocus.com show that this is really necessary for MS to get back ANY reputation in security. the securityfocus-list shows 29 holes for microsofts IIS in the years 1998-1999. for apache there are two, both from 1996.

it's hard to use this list to compare linux vs. NT, because lots of the bugs listed for the operating systems are in add-ons and third-party products.

the nearest statistical comparison of openrating-system-security is on attritions web-defacement-counter. in the overall OS-count from august 1999 to present Win-NT is leading clearly with 55%, followed by linux with 19% and solaris with 13%. source: http://www.attrition.org/mirror/att rition/os.html

these total number of defacements should also take into account, that there are more webservers running on linux than on NT, as can be seen here.

open source brings a security-problem which is not as big in closed source: it's far easier to write trojans. but this risk is small compared to backdoors intentionally implemented by clodes-source software manufactures. a good example is the international version of lotus notes where the NSA knows 24bit of the 64bit-key.

Rebooting by dattaway · 2000-01-08 21:12 · Score: 3 · on Microsoft Certified Professional Action Figures

CTRL-ALT-DEL must be a real pain for those little guys, what with their fingers all stuck together! They must have to work as a team to do it!

No, it doesn't take a whole team, when you have the proper tool to do it.

Re:B. Gates figures by Anonymous Coward · 2000-01-08 21:06 · Score: 0 · on Microsoft Certified Professional Action Figures

Hmm... of course, it also would be quite cool to use this Bill figure as some sort of voodoo doll with needles and that kind of stuff... (OK, that was quite sick)

I like that! A Bill Gates Stick Pin Action Figure!

Other uses for cases by Anonymous Coward · 2000-01-07 02:38 · Score: 0 · on The Quest For Cool Cases Continues

Here is a case being used as /dev/null, the bit bucket, the recyclotron, the idea bin . . .

Re:Dan's Crack by Anonymous Coward · 1999-12-26 23:03 · Score: 3 · on Crack.LinuxPPC.org Cracked

In response to all the posts on this, I felt it would be best to give people a bit of a timeline of what happened when. Please note, I am a Fine Arts Major with hardly any low-level computer experience, so even though he talked about *how* he was doing it frequently enough, I didnt understand more than 2% of it.

Wednesday Dec 15th:

Finals are over: Dan gets started.

Friday Dec 17th:

Dan sucessfully cracks the Machine. Increments Number of Cracks, adds name to Credits, and waits to see how long it takes for someone to notice. Leaves self back door in form of open port to telnet to.

Thursday the 23rd:

I notice the change of the website to what is currently hosted here, and emailed Dan about it. (on a side note, I'm not trying to take credit for notifying him first. I'm just stating what I saw)

by Friday the 24th:

Dan resecured the site.

Signed,
Mike
The guy who lives next to Dan.

Check out the archived version's HTML by Oscarfish · 1999-12-26 21:29 · Score: 1 · on Crack.LinuxPPC.org Cracked

From the HTML of Attrition.org's mirror :

meta name="GENERATOR" content="Microsoft FrontPage Express 2.0"

I wonder if this is how Attrition.org created the page, or if the hacker but up the "I won" message with it. That would be awful, wouldn't it, a version of Linux hacked on a Microsoft machine? And posted via FrontPage, arguably the worst HTML program available? Just give me pico :)

Corrections and clarifications by bons · 1999-12-20 23:59 · Score: 3 · on ABC TV Does Two Major Cracker Stories

First: L0pht

Second:Attrition.org

Of special note is the Attrittion Mirror of defaced sites. This will allow you decide how much "damage" is actuall done and how much "help" was actually done. Please not that this varies greatly by individual.

The problem that exists is that these people, often under 21, see big giant gaping holes in the security systems and this bothers them. If they report it, nothing happens because no one has, or ever will, listen to them. (Some sites have been defaced repeatedly, without ever having fixed the holes, even after the fix was placed in the HTML!)

So they make a mistake. They try to draw atttention to the fact before someone less kind, (for example a rival organization) uses the same holes to download actual sensitive information. (Warning, this kind of thought process can occurr to you when you've read too much cyberpunk.)

I'm older and wiser now. I realize that people REALLY DON'T care about security. Normally they just want something to rant about. The status quo is to lock your car door for security but if you lock the keys in your car you expect a locksmith to get them out in under a minute.

Think about it. If the locksmith can do it in under a minute, so can I.

They may not be adults, they may be fools, and they may annoy the computer professionals that are responsible for security but let's look at it this way.
If some kids can take down whitehouse.com, why couldn't Zhirinovsky hire someone to do the same, only with a lot more creativity and subtleness. (Wouldn't the media just love it if someone found a collection of porn jpegs on whitehouse.gov?)

They're criminals. They view themselves as unsung heros. In short, they're the Chicago Seven of a new generation. Even Richard Daley's famous quote could still apply:

"Gentlemen, let's get something straight. The police aren't in the streets to create disorder; they are in the streets to preserve disorder." -- Mayor Richard Daley