Slashdot Mirror

The official response from Harvard (found at www.hackernews.com):


=======================
* S T A T E M E N T *
As a service to the Internet community, Harvard agreed to
host a Packet Storm Security Website for security-related
materials only. Without Harvard's knowledge, unrelated
content was put on the Harvard server, including
sexually-related material and personal attacks on an
individual not affiliated with the University. A Harvard
administrative site focused on security issues is not the forum
for this type of material. We are returning the
content on the site and hope that Packet Storm will make
its security tools available through its own Website.

Joe Wrinn
Director
Office of News and Public Affairs

Joe Wrinn
Director, Harvard News Office
1350 Massachusetts Ave., Rm. 1060
Cambridge, MA 02138

Posted by crunchberry wonderfuck:

HNN has an update; Harvard will return a copy of the site to Ken Williams. Also AntiOnline (JP's site) is uber-down. No DNS, no nuthin'. Figures, I suppose.

"We have word that the PacketStorm site has not been deleted and that Harvard University will be supplying Ken Williams with a back up copy of the site. "

-- as yet unconfirmed, from www.hackernews.com

The fixed link is over here.

Cracked servers from HNN on 6/30/99
http://www.hackernews.com/
look at the bottom of the page for the cracked servers

[drew@drew drew]$ queso www.georgeabbot.surrey.sch.uk
error: unknown host www.georgeabbot.surrey.sch.uk
[drew@drew drew]$ queso chef.fab.albany.edu
169.226.46.59:80 * NT (SP4)
[drew@drew drew]$ queso altpro.pdp.albany.edu
169.226.73.101:80 * NT (SP4)
[drew@drew drew]$ queso caster.gsfc.nasa.gov
error: unknown host caster.gsfc.nasa.gov
[drew@drew drew]$ queso www.umkc-efkc.org
209.153.94.66:80 * NT (SP4)
[drew@drew drew]$ queso www.spc.noaa.gov
error: unknown host www.spc.noaa.gov

Yes, this I tested every single server on the page, I left none out.
Some of the servers won't resolve, but it seems that there is a overwhelming appearance of NT that has been cracked lately. I do these tests almost everyday for a good laugh, and this is what I usually find.
And for all of you that ask, yes queso can distinguish between SP3 and SP4/5, I needed to add that entry into my queso.conf.

Check out http://www.hackernews.com/arch.html?0608 99 for their take on it. Seemed like more of an ad for ISS and I tend to agree. Though, they did get the terminology more correct than most articles.

Rather than claim to have an original bone in my body, I found Hacker News Networks description of the article a little less glowing. I also wonder if the Greg Shipley mentioned in the article is actually Pete Shipley.

From http://www.hackernews.com/arch.html?0608 99

ISS Gets Free Advertising
contributed by lamer
Here's a nice 'adverticle' for ISS. ISS must be really wonderful because they have "tangled" with cDc, that horrible hacker group that makes Microsoft's life "miserable". I don't suppose it's possible that MS makes its own life miserable by putting out 3rd rate software? Nah. And I don't suppose it is possible that the author of this article did any research other than contacting ISS? Nah.

Rather than claim to have an original bone in my body, I found Hacker News Networks description of the article a little less glowing. I also wonder if the Greg Shipley mentioned in the article is actually Pete Shipley.

From http://www.hackernews.com/arch.html?0608 99

ISS Gets Free Advertising
contributed by lamer
Here's a nice 'adverticle' for ISS. ISS must be really wonderful because they have "tangled" with cDc, that horrible hacker group that makes Microsoft's life "miserable". I don't suppose it's possible that MS makes its own life miserable by putting out 3rd rate software? Nah. And I don't suppose it is possible that the author of this article did any research other than contacting ISS? Nah.

There's more info at Hacker News Network . They say there's something strange with that information leak.

You're asking to be exploited. Our 31331 w4r3z b0tz will try every bug I've found in my recent reverse-engineering of its .exes and .dlls. And if you let me touch your console, I can gain admin at will with the famous 3xpl011 I named in the title of this comment.

Note: this is just a sarcastic comment showing what non-Open-Source can do for you. Be happy.

Call me backwards, but I don't buy it. Reading Hackernews on a daily basis makes me suspicious about statements like this. I wonder how hard it would be to make a 'replica eye' or some such. I think I'll stick to my ATM for now, thanks.

Read this.

It's basically the conscensus in the community that they're just adding a few firewalls. I think the DOD has more to worry about from internal threats than anything a bunch of adolescent l335 script kiddies could do.



--

This has been out for almost 2 months now. It was on HNN back in March. Funny how the mainstream just got a hold of this...

...and the bowling pins just keep falling. www.hackernews.com now has a wacky looking cracked front page.

I think I'll go back to bed and wait for tomorrow

Again, this doesn't seem to be an issue specifically with open source. As was shown with the ProMail thing for Windows (don't have a specific link; go check hackernews.com for info), a trojan can be slipped into a Windows program pretty easily, and running some sort of installation wizard is no safer than doing "rpm -Uvh *.rpm".

You say that it's more vulnerable because of the "highly configurable set of tools/packages that one can choose to put on one's system," but there are a wide range of tools available for Windows systems as well, so I wouldn't say it's vulnerable more often than Windows. Again, I'll point to ProMail, which got on download.com & simtel.net, huge, supposedly safe software archives, and was downloaded thousands of times before someone realized it was sending people's passwords to a net@ddress account.


-mike kania

J.