Slashdot Mirror

I go to a number of sites for "news" news; I find that the "same" news is very different coming from different countries:
BBC News, which everyone's familiar with;
CNN, the epitome of US government-sanctioned news;
The Economist, of course;
The Times of London,
Japan Today,
Pravda,
The Beijing Review,
Le Monde, and
The Tehran Times

...and a couple of sites for tech and science news:
EurekAlert, a great site for science and medicine press releases,
the former, but still running, Hacker News Network,
BottomQuark,
the phenomenal journal Nature,
Science magazine,
and, of course, The Source.

Some good comics, most of which you will all know, but which I love; here are a couple you might not know:
Helen, Sweetheart of the Internet, a comic that actually features a female sysadmin/techgoddess, and
Bateman Political cartoons, a fun political comic updated regularly.

And, of course, take a look at my sig... Click every day.

The l0pht's decision to remove detailed advisories from bugtraq, and instead use links to their site containing the detailed reports is just business as usual. I was a regular reader of www.hackernews.com until they merged with @stake.
It seems to me as though Weld Pond and the rest who used to be so dedicated to the security community have succumbed to the almighty dollar, as so many others have. Hackernews.com went seriously downhill when it turned into a revenue source. I find it hardly suprising though. If you owned @stake, wouldn't you be willing to sacrifice some respect for increased web traffic and advertising dollars? Probably.
-

If two men in a boat can sail up to the side of a miltary vessel and blow a fucking great hole in it, I'm sure that if anyone that dedicated wanted to, they could make a real mess of the Internet. But physical damage is going to be reasonably easy to fix as most major net nodes should have disaster recovery plans in place.

To really make a mess, why not write a nice virus or worm that would be much harder to react to and recover from.

Of course the ultimate would be to combine a few pieces into one large puzzle :- mass client infections, Root DNS DDOS attacks, email hijinks, and take out a few key cables/bottlenecks with backhoes. The trick is to create cascading failures that individually could be fixed, but the presentation of all problems at the same time makes the response and recovery that much more difficult.

Best Practice dictacts that anti-virus and firewall vendors get hit as well, just to highlight the point.

The weekend did not manage to quell the massive amounts of coverage the Microsoft infiltration continues to garner. Virtually every news organization has its own version of the Microsoft debacle, of which we've provided a sampling below. Meanwhile, we are left wondering why the crown jewels of Microsoft were left at the mercy of passwords. There are all sorts of other authentication technologies that we have no doubt Microsoft will be investigating. Perhaps utilizing the smart card support in Windows 2000 wouldn't be a bad idea. It's a shame it takes negative incidents like this to get people to consider security as a strategic business issue. Shame on you, Microsoft.

• The Wall Street Journal via MSNBC
• CNET
• MSNBC via ZDNet
• Reuters via Yahoo
• The Register

ou've heard it before and you'll hear it again. Threats are evolving. We've seen viruses retrieve and forward passwords before on a large scale, now they are becoming targeted and fast. Threat evolution is something that cannot be dealt with reactively; it must be part of infrastructure planning and design. Today, all attention is focused on Microsoft. The world's favorite target has fallen victim to a password-stealing virus that got a hold of passwords that can access the source code to upcoming versions of Windows and Office. It is unclear whether or not the perpetrators were able to use the passwords to actually access and manipulate the source code, however if the source code was accessed two questions remain. 1. Was the code manipulated in some way that could open the door for later attacks or other problems? Microsoft claims no, the code has maintained it's integrity. Other than to trust Microsoft's word we may never know the answer. 2. Does the ability for a criminal group to view the source code destroy the security by obscurity that is key to so many commercial software products? In the open source community, numerous hackers examine products and contribute solutions to flaws in the products. In the commercial world, many companies rely on their development team to produce secure code and then keep the source code secret to not only protect their intellectual property, but also to minimize potential attacks that could be launched against the product. In this case, the loss of security by obscurity could result in a criminal having intimate knowledge of the product development cycle to be able to develop targeted attacks on future Microsoft products. Regardless of the quality of Microsoft products, the mere fact that the company was able to recognize that this incident occurred is unfortunately unique. Many corporations might never know this had happened to them. In fact the ability to isolate the incident to specific networks or machine is quite difficult in many environments. The other interesting thing going on here is the Trojan horse attack. These attacks have been discussed for several years now and the current solution has been to use content filtering software to detect the attack. If you are one of the world's favorite targets, the Trojan horse writer will write the attack specifically at you. By the time the anti-virus companies know about the Trojan horse and are able to detect and stop it, it's too late. Unfortunately, it has taken a high profile incident like this for awareness to spread. One solution is to seperate general purpose computing such as internet surfing and email from sensitive computing such as accessing source code or controlling IT infrastructure. This is what the military does. They run 2 networks that are physically isolated from each other. A less expensive solution is to keep all executable content from reaching workstations such as executable programs, active HTML content, or documents that contain macros. This is difficult to acheive in reality so physical seperation is the the only way to be sure you are secure. The Wall Street Journal broke this story and pretty much everybody is currently running it. Look for more information and speculation to filter out through the rest of the day.

• Wall Street Journal via MSNBC
• Reuters
• CNNfn
• CNET
• Newsbytes
• AP via ABC News
• Reuters via Excite re: Microsoft Stock Price
• http://www.symantec.com/avcenter/venc/data/w32.hll w.qaz.a.html
• F-Secure's Qaz description via datafellows.com

The weekend did not manage to quell the massive amounts of coverage the Microsoft infiltration continues to garner. Virtually every news organization has its own version of the Microsoft debacle, of which we've provided a sampling below. Meanwhile, we are left wondering why the crown jewels of Microsoft were left at the mercy of passwords. There are all sorts of other authentication technologies that we have no doubt Microsoft will be investigating. Perhaps utilizing the smart card support in Windows 2000 wouldn't be a bad idea. It's a shame it takes negative incidents like this to get people to consider security as a strategic business issue. Shame on you, Microsoft.

• The Wall Street Journal via MSNBC
• CNET
• MSNBC via ZDNet
• Reuters via Yahoo
• The Register

ou've heard it before and you'll hear it again. Threats are evolving. We've seen viruses retrieve and forward passwords before on a large scale, now they are becoming targeted and fast. Threat evolution is something that cannot be dealt with reactively; it must be part of infrastructure planning and design. Today, all attention is focused on Microsoft. The world's favorite target has fallen victim to a password-stealing virus that got a hold of passwords that can access the source code to upcoming versions of Windows and Office. It is unclear whether or not the perpetrators were able to use the passwords to actually access and manipulate the source code, however if the source code was accessed two questions remain. 1. Was the code manipulated in some way that could open the door for later attacks or other problems? Microsoft claims no, the code has maintained it's integrity. Other than to trust Microsoft's word we may never know the answer. 2. Does the ability for a criminal group to view the source code destroy the security by obscurity that is key to so many commercial software products? In the open source community, numerous hackers examine products and contribute solutions to flaws in the products. In the commercial world, many companies rely on their development team to produce secure code and then keep the source code secret to not only protect their intellectual property, but also to minimize potential attacks that could be launched against the product. In this case, the loss of security by obscurity could result in a criminal having intimate knowledge of the product development cycle to be able to develop targeted attacks on future Microsoft products. Regardless of the quality of Microsoft products, the mere fact that the company was able to recognize that this incident occurred is unfortunately unique. Many corporations might never know this had happened to them. In fact the ability to isolate the incident to specific networks or machine is quite difficult in many environments. The other interesting thing going on here is the Trojan horse attack. These attacks have been discussed for several years now and the current solution has been to use content filtering software to detect the attack. If you are one of the world's favorite targets, the Trojan horse writer will write the attack specifically at you. By the time the anti-virus companies know about the Trojan horse and are able to detect and stop it, it's too late. Unfortunately, it has taken a high profile incident like this for awareness to spread. One solution is to seperate general purpose computing such as internet surfing and email from sensitive computing such as accessing source code or controlling IT infrastructure. This is what the military does. They run 2 networks that are physically isolated from each other. A less expensive solution is to keep all executable content from reaching workstations such as executable programs, active HTML content, or documents that contain macros. This is difficult to acheive in reality so physical seperation is the the only way to be sure you are secure. The Wall Street Journal broke this story and pretty much everybody is currently running it. Look for more information and speculation to filter out through the rest of the day.

• Wall Street Journal via MSNBC
• Reuters
• CNNfn
• CNET
• Newsbytes
• AP via ABC News
• Reuters via Excite re: Microsoft Stock Price
• http://www.symantec.com/avcenter/venc/data/w32.hll w.qaz.a.html
• F-Secure's Qaz description via datafellows.com

Hacker News (operated by @stake) had a story on this yesterday. Interesting point: the government will higher criminals, but the security industry won't. Hacker News also points out that the article implies that anyone who has used a handle (Do slashdot IDs count?) must be a gray hat hacker.

Monday Jul 31, 2000 Relive the sloth-like speed, nightmarish user interfaces, and new-car smell of the web browsers of yesteryear, at Dejavu.org.

U.S. scientists have collaborated to describe why it is that the net is resilient to random failures but highly vulnerable to deliberate attacks. As the net has sprawled in many directions, its growth path has not led to a random or exponential network. Rather, the pattern that has taken shape resembles the ordered hierarchy of a tree whereby a few nodes are highly connected and lead to scores of less connected nodes. While this design allows the net to chug its way through random hiccups, it makes an attack on one of the key nodes particularly damaging.

ZDNet Story
MSNBC Story
Information Week Story
CNN Story
SANS Story

Also : Microsoft security bulletin (irony)
Microsoft FAQ + Patch

Sadly this says it all.

Malk-a-mite

L0pht Heavy Industries
Cult of the dead cow
Happyhacker.org
Infiltration.org
hackers.com
Hacker news
attrition.org
AntiOnline
AntiCode
phrack
2600
Many of these pages contain arhives that have documents on cracking networks and such.
Vast documents on cracking NT servers.
A few of these are not really related but fun any how.
And the archives also contain many documents on system defence.
-----
If my facts are wrong then tell me. I don't mind.

I believe this came from HNN (Hacker News Network). www.hackernews.com

Where they got it from I don't know.

didn't HNN just do a story on this potential problem. I think they actually ran that story today. I wonder if this is just a coincidence. As I recall, they were reporting the potential for a problem, but not an actual virus in the wild. Hmmmm....

Jaeger
http://334.se2600.org
http://jump.to/jaeger

A worm with minimal malicious activity is infecting Gnutella users at an alarming rate. Gnutella is similar to Napster in that it allows peer to peer filesharing. The worm, which has as many as twenty file names, contains a message from the author "if I was a naughty boy, I could use scripting to get name, email, whatever files." Users are cautioned to be wary of files within Gnutella that have .vbs extensions.

The Hacker News Network is running a nice round-up of this "Catch that Spyder" clusterfuck. Funny.

The Hacker News Network is running a nice round-up of this "Catch that Spyder" clusterfuck. Funny.

At the same time, smaller organizations like eff are working hard on this stuff, and making a difference. I'll read the eff site again. Last time a looked, a long time ago, they didn't look very effective, but it seems that may be changing.

A few years back the CDA came around and threatened to take my net away. I joined CIEC and put a "free speech online" ribbon up on my site. CIEC went to court, and we won, partly because there were hundreds of thousands of names of voters like me on our petition. My personal contribution took less than an hour of my time, but it was because of little things like that that the CDA didn't stick. This brings me back to my original point.

If we take some time to support the causes we believe in, with money, petition signatures, calls to congressmen, and whatever else we have at our disposal, our time is much better spent than if we hide our views in the back annals of a slashdot discussion forum. Legislators don't read slashdot comments every day for advice on what to do at voting time, but they do listen if you call their office.

As an aside, the reason I included the link to the buffer overflow article on deCSS in my original post is because it outlines an interesting and innovative tactic for legally butting pressure on a large rich corporation, when you're a small poor .org. It's a little ambitious, but worth thinking about.

*sing* my soma has a first name, it's m-o-n-e-y...

Attrition hosts the defaced web page archive seen on HNN, in addition to having zillions of text files. They also have a huge movie archive which includes every funny/disturbing movie that ever landed in your inbox.

Check it out, its a great resource.

peas,
-Nick

HNN is reporting today
"contributed by Brad
It was only a matter of time. After all the bruhaha over DeCSS someone has finally created a legal DVD player for the Linux platform. LinDVD has been created and will be marketed by Intervideo for $29.95 and will be available this spring."Related links: Wired and Intervideo

www.hackernews.com

Look at today's (Mary 27) HNN: http://www.hackernews.com/arch.html?0327 00

I'm failing to understand something. Why does it take monay to save iridium? Is there no way we could somehow get the company their tax write-off and have them just open up the network for public use instead of directing them all to suicide?

Furthermore, The guy who pulled out of buying it--how much bandwidth is actually available on these things? If we're talking 56k or somesuch for uplink, then we need to rethink this. Sure, it could be the absolute cooooolest text-based orbital BBS, but really. Beyond the coolness value, I'm doubting the iridiums have that much to offer. Certainly not security.

But it would be cool.

This was reported by HackerNewsNetwork.com a few days ago. Apparently (according to hackernewnetwork.com) Sprint intends to change their policy. Check out the article.

On a whim, I decided to dial out with an old modem laying around (bypassing the proxy) and check out the site for myself. On the main page, there were nine stories dealing with internet crime, and two about the MPAA lawsuit against the CSS crack, and none covering what I would expect from a "true" Hacker (tm) site; namely, programming tips, new compilers, clever tricks and solutions, Linux news... At that point, I gave up my attempt to get the block on hackernews.com removed; no-one would ever believe that such a site is about harmless "hacking".

hnn says that there seems to have been an attack on excite this mornning.

[an error occurred while processing this directive]

[an error occurred while processing this directive]

Those of you without the Hacker News Network slashbox on your front page might want to take a look at this story, which has a bit more information as well as links to a number of media stories about it (Wired, NYTimes, etc.).

Today, February 4 will also be a day of action planned against motion picture association. Protests are scheduled for today at movie theaters around the world, in over 100 cities. You can find more information here.

Go and tell people the truth about DeCSS! You can find flyers in multiple languages here.

If your site is down over New Years, think seriously about hiring a new IS manager.

If your web site is vulnerable today it will be vulnerable tomorrow. This tells me that you are not confident enough in your own web sites ability to fend off attack but you expect the American public to remain calm during the Y2K rollover

I'm a security specialist so I've dealt with this already in my company:

It is ridiculous to shut down sites as a precaution against "hacker" or virus attacks. Ask yourself this question:

When I bring the site back up, has the risk of compromise gone away?

The answer is a resounding "NO". There is always a risk of compromise. If the Internet is so dangerous that you have to occasionally disconnect from it to protect yourself, then why do you even reconnect?!?! When you reconnect, nothing has changed except the calendar. Also, how do you know that the hacking hype wasn't designed to get you to disconnect now, and then reconnect days later only to have a false sense of added security since y2k is over and get 0wn3d on the 5th?? Isn't this an unknown, unsubstantiated risk too? You'd better never reconnect then...

The idea of disconnecting due to a y2k virus trigger is equally as ridiculous. April 1 is a more common day for virus and hoax triggers. Should every company disconnect then as well? Also, out of the thousands of viruses, only a handful have been very widespread. A massive virus infestation is historically unlikely.

Disconnecting due to some unknown, unsubstantiated threat is especially ridiculous (look at Seattle shutting down the y2k party...). It's CYA for lame IS and security people, IMHO. There are always going to be unknown, unsubstantiated threats. IS and security folks' jobs are to set up defenses to protect from day to day--that will work regardless of the amount of attacks. Shutting a site down for fear of someone breaking in is a self-induced DoS. E.g. the military sites that are being shut down (see http://www.hackernews.com for yesterday and today) during y2k are still going to have the same holes they did on the 1st....

Check out more specific information on y2k virus hype, "precautionary disconnects", etc. at the following links and see what:

"Precautionary disconnect" -- a disturbing new trend

OVERBLOWN: "Y2k Viruses"

Y2K viruses: "It's Orson Wells all over again"

Fearmonger vs. skeptic: a Y2K virus conversation

The virus grinches who tried to steal Christmas

-core

Full Ruling

Hacker News Network coverage of Ruling

well hmm, x-empt (lvhc at urban-a (dot) net)

Making machines available for attack on the net does nothing to increase the security of a product.

In a perfect world, it would, but the fact is that the people with the smarts to find the security holes in a product are not the ones that respond to such "cracker challenges". Every once in a while, the Hacker News Network has a news item on some (cr|h)acker challenge, in which they decry such activities much more eloquently than I can. I'm pretty sur ethey have a Buffer Overflow about it too....

The Hacker News Network has been asking much the same question. Anti Virus companies have been labelling some programs that allow remote undetected monitoring of a computer as virusses (e.g. BO2K) while other products released by "mainstream" software companies,(such as Softeyes) are not scanned for at all.

What makes an anti virus company label one program as a vrius, while another program with similar uses is unlabelled?

HNN ask the question at http://www.hackernews.com/orig/avind ustry.html

Prehaps he should have had a look at this article before handing the feds a confession...

Anyway - 15 months for a defacement??? OUCH...

A few things came up from reading this - the guy seems to think "the punishment is harsh for what he did".
I don't agree with this punishment for computer intruders, but the law is the law until it is changed by your elected representatives. And if you got caught, then tough tittie. You knew the risks. HNN has an excellent article about it.
Basically, this type of activity is like trespass & vandalism. In the UK, that's more like a slap on the wrist community service type punishment. I'm not going to go on about ethics or morals; that's been done to death and everybody has a different standpoint.
What would ultimately benefit society more - imprisoning this kid for a year, or making him teach (under supervision) underpriveleged kids how to use computers?

I was this over on HNN a while back, related to Echelon and a patent the NSA has for "document retrieval" which would, according to the information on their site, ignore the type of stuff people were sending for "Jam Echelon Day".

Basically, it can figure out what a document is about in spite of things such as keywords being planted in the document (ala the Jam Echelon plan), and is not dependant on the language of the document. It works by relating the document to a database of other document fragments, they say.

The NSA's website has some information about it, and this is the patent itself.

If this stuff exists and works, then Jam Echelon was a waste of time on the technical side - but I think the main point was to raise awareness, and that it has done.

Eschelon doesn't use a keyword search, instead it works like this. Eschelon does not use a dictionary search, but instead searches based on a very elegant but simple method which utilizes the frequency of occurances of unique strings of characters. Also check out this link to the NSA on their searching technology.

Jam Eschelon day is a really good idea, but using keywords is the wrong way to go about it. Instead, a story generator which generates subversive letters would be better.

(Thanks to Hacker News Network for the links.)

Yes, passport is the reason for the hotmail security hole.

When passport was first announced more than a year ago looking for early implementers, the serious hackers targetted it with an intensity unseen in recent years. Imagine a service with all the quality of a M$ product, the track record of M$ for lax security, holding thousands or millions of credit card numbers.

This is an infocriminals dream, because just one copy of this database could be exploited for billions of $$$ of bogus charges. There are organized crime groups around the world already set up to rip off the credit card companies with thousands of electronic scams. All they need is a valid credit card number, expiration date, and the holders name.

So when the hotmail hack was discovered, it was by a group probing every aspect of the passport service, and all the connections MICROS~1.OFT was making into other web sites.

Now there are hundreds of sites with an end point leading into passport. What do you want to bet that one of them has some other security problems because they run IIS, and some crackers will be able to get thru the encrypted tunnel back into the passport service. Not likely they will get more than a handful of CC numbers before the hole gets closed. Crackers tend to be immature kiddies looking for some attention, so they will blab about their exploits. The serious infocriminals will milk any hole for all it is worth, and not make any announcements to HNN or attrition.

Microsloth's only publicly acknowledged security aspect of passport is they are going to seed the database with 'tripwire' records, which will trigger anti-fraud measures when someone tries to use them with the CC companies (oh, and they use encryption).

There are rumours it will be built into the desktop of millenium, so it will always be a click away, with annoying warnings to those lusers who are not using it. I doubt this service will become widespread, since it is bound to get abused at some point. Public confidence will go down when the press has a field day when the system is cracked once, even if it doesn't lead to the loss of any CC records.

the AC

--

I can think of better ways to use time than to piss off HNN, Slashdot, Attrition, etc. - some of us argue that they actually do a bloody good job. Before this came out, I did recall seeing a few days ago on Hacker News Network some stuff about the two groups being completely dissimilar: I'm wondering if this has been going on for a week or so and it just hasn't surfaced.

Joel.

Check If Hackers Were Smart at Hacker News Network . It expands a bit on the issue (mostly in the end of the article, but to understand you have to read everything).

In fact, if "them" can get into any box in the net, they could change our systems in a way we wouldn't be able to notice (read "Reflections on Trusting Trust"). Then any system we made from any of our systems would be compromissed too. "They" would have backdoors to any computer in the world, and there would be no way we could find out except out of sheer luck ("this system is acting strange, the foo feature is not working as the source says it should...").

See also Worst Nightmares Come Alive .

Check If Hackers Were Smart at Hacker News Network . It expands a bit on the issue (mostly in the end of the article, but to understand you have to read everything).

In fact, if "them" can get into any box in the net, they could change our systems in a way we wouldn't be able to notice (read "Reflections on Trusting Trust"). Then any system we made from any of our systems would be compromissed too. "They" would have backdoors to any computer in the world, and there would be no way we could find out except out of sheer luck ("this system is acting strange, the foo feature is not working as the source says it should...").

See also Worst Nightmares Come Alive .

Check If Hackers Were Smart at Hacker News Network . It expands a bit on the issue (mostly in the end of the article, but to understand you have to read everything).

In fact, if "them" can get into any box in the net, they could change our systems in a way we wouldn't be able to notice (read "Reflections on Trusting Trust"). Then any system we made from any of our systems would be compromissed too. "They" would have backdoors to any computer in the world, and there would be no way we could find out except out of sheer luck ("this system is acting strange, the foo feature is not working as the source says it should...").

See also Worst Nightmares Come Alive .

(Watch me get accused of being a troll...)

Troll! :)

For someone so concerned about research and fact checking, you sure seem to make a lot of grand statements about the nature of politics and epistemology without any evidence to back you up. Who made you the sole arbiter of knowledge?

freekevin is a good starting point, though granted it is biased. You can also sift through the archives of HNN, which has reliably documented the Mitnick case. They also have external links to various news organizations' stories on the issue. I speak based on having read those stories, read the website, and also read numerous newspaper articles over the years.

Well, there's an objective statement of fact. Nothing gets people going like an irrational fear that "they're next". I suppose you believe in slippery-slopes, too.

Yes. And my style of writing is persuasive, not informative. Keep that in mind while you critique.

OTOH, I've got to wonder where you've been. This sort of thing has been happening for decades (centuries, even).

I suppose that you're right, I mean, afterall.. if it's been going on for that long, it must be more OK than something that's only been going on for a few weeks... And as to where I've been - I've been in college, online, I've been through public schools, I've had an interesting life. And I also believe that other people are entitled to those same freedoms. That's where I've been.

--

You're both wrong. See freekevin.com

HNN debunked the story about how he "cost" the company millions with an internal memo requesting that companies up the amount as high as possible.

And the "love it or leave it attitude" for America is no longer in vogue. All progress depends on unreasonable men. And change is the only way to improve matters - go back to despotism if you want to "love it or leave it".

--

It's a tool, not a religion.

True.

But what Jon is getting at (or perhaps not, but what I feel anyways) is that capitalism these days, while based on sound principles, has led to an unfortunate exploitation of the consumer that can only be checked when the entrepreneur/business in question has a sound set of ethics.

Examples of exploitation that would be at least partially cured by ethics that take precedence over or modulate profit concerns are:
- spam
- truth in advertising issues
- perpetuating the use of anorexic models
- destruction/degradation of the environment

These are not small issues. CEOs don't have to be saints, but they shouldn't be inhuman either.

Katz' articles regularly annoy and frustrate me, since he tends to espouse the outlook of "the Net will change the world completely, and it should follow my ethical outlook".

There was an article linked off of HNN a couple weeks ago talking about how the net was founded as a place of mutual trust, hence its inherent lack of security structures. I don't think Jon is wrong for fighting for it to stay a place of socioethical purity, at least to a greater extent than the physical world. Acceptance of the world in all its toolishness is part of what's wrong with the world today.

And yes, I do believe the Net will change the world someday. It possesses enormous potential and a way for one individual to reach thousands in ways that they were never before empowered to. And if it is destined to be that important, then it becomes especially vital to fight for its purity -- privacy issues, free speech, and ethics included. Don't give in to the cynical temptation to let it degrade itself to the level of our present everyday affairs. The Net is wasted as such a place.

Ken Williams, author of packet strorm, claims that there never was any sexual explicit contents on his site. You can find his statement here.

Scary how the AntiOnline version is tweaked just enough to make Ken Williams seem vengeful and juvenile.

And what's funny is that the version on HNN is apparently PGP-signed (the signature is at the bottom of the message!), where the (edited, I assume) excerpt from AntiOnline is not. Gee, wonder which one I'm going to believe?

I think that qualifies as a Perry Mason moment...

Jay (=