Slashdot Mirror

This couldn't have anything to do with idle scanning could it?
Idle scanning doesn't require a valid source IP address.

I have many qualms about MS and if you read my nmap-hackers list archives you'll see I make no secret of that. I just feel that a different strategy is called for in that case.

-Fyodor (posting anon cause not logged in and just got a phone call)
Concerned about your network security? Try the free Nmap Security Scanner

I have many qualms about MS and if you read my nmap-hackers list archives you'll see I make no secret of that. I just feel that a different strategy is called for in that case.

-Fyodor (posting anon cause not logged in and just got a phone call)
Concerned about your network security? Try the free Nmap Security Scanner

> I call upon all slashdotters who maintain opensource products to remove support for UNIXWARE in all future version.?

For what it is worth, I thought refusing Nmap support for SCO
products might generate a firestorm of flames from angry users. In
fact, the opposite has happened! Obviously Linux/AIX users praised
the move, but even the occasional SCO users seemed pleased. The one
or two complaints were more than offset by pleasant emails like this
one that just came in (name removed for his privacy):

Date: Wed, 18 Jun 2003 17:41:07 -0700
To: <fyodor@insecure.org>
Subject: I'm the one user affected by a lack of SCO support and i'm happy

I'll be sure to report with great delight of your choice to no longer
support UnixWare to the one company I do contract work. The choice to use
SCO isn't mine, it's simply what Mas90 runs on, and in the past has been
adquate for the job. It's my hope others follow your example so I can
report to management that useful applications will no longer be supported
for this overpriced platform.

I appricate your lack of support for the SCO platform and look forward to
future unsupported products.

With great respect...

-- End email paste

Anyway, I thought this datapoint might be useful to people considering
such a move.

-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner

I am not "punishing" SCO users, just refraining from spending my free time supporting a platform whose vendor has taken Linux hostage as part of their scorched-earth greenmail campaign. Why should I? Also note that I have not (as of now) intentionally broken Nmap on that platform. I just won't spend my time providing free support. Nmap is Open Source, so SCO users can support/maintain it themselves if they care enough.

Like many Slashdot readers, I have been following the SCO updates, their press releases, SEC filings such as their latest 10Q, etc. The more I read, the more absurd their case seems. Yet despite the utter lack of evidence from SCO and their increasing signs of desperation, Wall Street is still believes in them(!). Why? Now I realize the market isn't always rational, and certainly has no conscience. But the disconnect is still surprising. Many people obviously still believe SCO has a case. For this reason, I believe continued publicity and research is called for. Removing Nmap support for SCO systems is just one of my tiny efforts in this area.

-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner

Admittedly, I have only perused the draft, but it does appear to be another attempt to prevent large companies from being "outed" when they choose to release software that is not ready or is poorly designed. Bugtraq, the Internet Storm Center and the Insecure.org Mailing List Archive do a fine job of lighting a fire under the responsible buttocks when necessary.

I have yet to hear of a posting to one of these lists that could be considered responsible for actual "trouble".

I would assume that if someone were planning on taking advantage of a vulnerability, they would look for one that hasn't yet made it to these lists.

Slashdot has an interview [slashdot.org] with security legend Fyodor [kitetoa.com], admin of the famed insecure.org [insecure.org] and author of the world's most affordable port scanner, nmap [insecure.org].

The best part of this interview is that Slashdot does not often interview criminals. Many Slashdot readers know that Fyodor used his tool to illegally attack a college student in 2002, for his personal amusement but also to the benefit of Slashdot's admins. For those that don't know the story, I will present a brief summary.

*Those individuals interested in independently verifying the facts presented in this article should skip to the "Verification" section near the end.

Sdem [slashdot.org] had created a hoax account entitled electricmonk [slashdot.org], and used it to post this comment [slashdot.org] pronouncing that we was actually a cute Linux booth babe. "electricmonk" left an email at Yahoo and encouraged Slashdot readers to get in touch.

Fyodor proceeded to do so, boasting of his previous exploits with women he'd met online. He was even helpful enough to attach a picture.

This is where the story turns ugly. Sdem responded with a truthful email, in which he advised Fyodor that the whole thing was a hoax. After that, sdem posted a log of his exploits to sid=20721 (trolltalk), mentioning that he had tricked Fyodor and referring to many of the biters as "wankers". This apparently really set Fyodor off, and he began to plot criminal revenge.

First, Fyodor dug through insecure.org's referrer logs to find what IP address had requested the picture of Fyodor & his paramour. Using this information (and the logged User-Agent), Fyodor knew from the get-go Sdem's IP address and O/S. From this point, he launched nmap against Sdem's box and was greeted with the holy grail of sorts for BlackHats: an open X windows server on port 6000.

Sdem had been running an X-windows server for Windows on his Win2k box. Fyodor was able to bypass the authentication on the X-windows server and used the X-windows server to take complete screen captures of Sdem's machine whilst sniffing and recording keystrokes.

Fyodor proceeded to take hours worth of screen captures, including information on a "secret troll irc server" that sdem was using. Fyodor wrote a detailed writeup of what he observed, including an irc robot used on the server to detect new Slashdot stories for the purpose of early posting. Fyodor also mined and posted as much information about Sdem as he could find, including his real name and contact information. Jamie McCarthy used this illegally obtained information shortly after it was posted to log on to the irc server, monitor the bot, and modify Slashdot in order to break the story monitor.

Fyodor even submitted his "troll hunting" story to Slashdot, though it was rejected.

After he was done hacking Sdem's computer, Fyodor posted his screen captures and a log of his breakin to www.insecure.org/tmp/trolls [insecure.org]. The content was removed 24 hours later. He went on to boast in sid=20721 about his "troll hunting finale". While sid 20721 is regularly cleaned, a cache of Fyodor's boasting about his illegal break-in is available here [trollaxor.com]. Very interesting reading.

So, while Fyodor's interview is no doubt very interesting, I think that, as an accomplished (and due to the lack of prosecution very successful) criminal, the nature of questions given to Fyodor in the interview don't do justice to the type of expertise thi

Slashdot has an interview [slashdot.org] with security legend Fyodor [kitetoa.com], admin of the famed insecure.org [insecure.org] and author of the world's most affordable port scanner, nmap [insecure.org].

The best part of this interview is that Slashdot does not often interview criminals. Many Slashdot readers know that Fyodor used his tool to illegally attack a college student in 2002, for his personal amusement but also to the benefit of Slashdot's admins. For those that don't know the story, I will present a brief summary.

*Those individuals interested in independently verifying the facts presented in this article should skip to the "Verification" section near the end.

Sdem [slashdot.org] had created a hoax account entitled electricmonk [slashdot.org], and used it to post this comment [slashdot.org] pronouncing that we was actually a cute Linux booth babe. "electricmonk" left an email at Yahoo and encouraged Slashdot readers to get in touch.

Fyodor proceeded to do so, boasting of his previous exploits with women he'd met online. He was even helpful enough to attach a picture.

This is where the story turns ugly. Sdem responded with a truthful email, in which he advised Fyodor that the whole thing was a hoax. After that, sdem posted a log of his exploits to sid=20721 (trolltalk), mentioning that he had tricked Fyodor and referring to many of the biters as "wankers". This apparently really set Fyodor off, and he began to plot criminal revenge.

First, Fyodor dug through insecure.org's referrer logs to find what IP address had requested the picture of Fyodor & his paramour. Using this information (and the logged User-Agent), Fyodor knew from the get-go Sdem's IP address and O/S. From this point, he launched nmap against Sdem's box and was greeted with the holy grail of sorts for BlackHats: an open X windows server on port 6000.

Sdem had been running an X-windows server for Windows on his Win2k box. Fyodor was able to bypass the authentication on the X-windows server and used the X-windows server to take complete screen captures of Sdem's machine whilst sniffing and recording keystrokes.

Fyodor proceeded to take hours worth of screen captures, including information on a "secret troll irc server" that sdem was using. Fyodor wrote a detailed writeup of what he observed, including an irc robot used on the server to detect new Slashdot stories for the purpose of early posting. Fyodor also mined and posted as much information about Sdem as he could find, including his real name and contact information. Jamie McCarthy used this illegally obtained information shortly after it was posted to log on to the irc server, monitor the bot, and modify Slashdot in order to break the story monitor.

Fyodor even submitted his "troll hunting" story to Slashdot, though it was rejected.

After he was done hacking Sdem's computer, Fyodor posted his screen captures and a log of his breakin to www.insecure.org/tmp/trolls [insecure.org]. The content was removed 24 hours later. He went on to boast in sid=20721 about his "troll hunting finale". While sid 20721 is regularly cleaned, a cache of Fyodor's boasting about his illegal break-in is available here [trollaxor.com]. Very interesting reading.

So, while Fyodor's interview is no doubt very interesting, I think that, as an accomplished (and due to the lack of prosecution very successful) criminal, the nature of questions given to Fyodor in the interview don't do justice to the type of expertise thi

Slashdot has an interview [slashdot.org] with security legend Fyodor [kitetoa.com], admin of the famed insecure.org [insecure.org] and author of the world's most affordable port scanner, nmap [insecure.org].

The best part of this interview is that Slashdot does not often interview criminals. Many Slashdot readers know that Fyodor used his tool to illegally attack a college student in 2002, for his personal amusement but also to the benefit of Slashdot's admins. For those that don't know the story, I will present a brief summary.

*Those individuals interested in independently verifying the facts presented in this article should skip to the "Verification" section near the end.

Sdem [slashdot.org] had created a hoax account entitled electricmonk [slashdot.org], and used it to post this comment [slashdot.org] pronouncing that we was actually a cute Linux booth babe. "electricmonk" left an email at Yahoo and encouraged Slashdot readers to get in touch.

Fyodor proceeded to do so, boasting of his previous exploits with women he'd met online. He was even helpful enough to attach a picture.

This is where the story turns ugly. Sdem responded with a truthful email, in which he advised Fyodor that the whole thing was a hoax. After that, sdem posted a log of his exploits to sid=20721 (trolltalk), mentioning that he had tricked Fyodor and referring to many of the biters as "wankers". This apparently really set Fyodor off, and he began to plot criminal revenge.

First, Fyodor dug through insecure.org's referrer logs to find what IP address had requested the picture of Fyodor & his paramour. Using this information (and the logged User-Agent), Fyodor knew from the get-go Sdem's IP address and O/S. From this point, he launched nmap against Sdem's box and was greeted with the holy grail of sorts for BlackHats: an open X windows server on port 6000.

Sdem had been running an X-windows server for Windows on his Win2k box. Fyodor was able to bypass the authentication on the X-windows server and used the X-windows server to take complete screen captures of Sdem's machine whilst sniffing and recording keystrokes.

Fyodor proceeded to take hours worth of screen captures, including information on a "secret troll irc server" that sdem was using. Fyodor wrote a detailed writeup of what he observed, including an irc robot used on the server to detect new Slashdot stories for the purpose of early posting. Fyodor also mined and posted as much information about Sdem as he could find, including his real name and contact information. Jamie McCarthy used this illegally obtained information shortly after it was posted to log on to the irc server, monitor the bot, and modify Slashdot in order to break the story monitor.

Fyodor even submitted his "troll hunting" story to Slashdot, though it was rejected.

After he was done hacking Sdem's computer, Fyodor posted his screen captures and a log of his breakin to www.insecure.org/tmp/trolls [insecure.org]. The content was removed 24 hours later. He went on to boast in sid=20721 about his "troll hunting finale". While sid 20721 is regularly cleaned, a cache of Fyodor's boasting about his illegal break-in is available here [trollaxor.com]. Very interesting reading.

So, while Fyodor's interview is no doubt very interesting, I think that, as an accomplished (and due to the lack of prosecution very successful) criminal, the nature of questions given to Fyodor in the interview don't do justice to the type of expertise thi

Slashdot has an interview [slashdot.org] with security legend Fyodor [kitetoa.com], admin of the famed insecure.org [insecure.org] and author of the world's most affordable port scanner, nmap [insecure.org].

The best part of this interview is that Slashdot does not often interview criminals. Many Slashdot readers know that Fyodor used his tool to illegally attack a college student in 2002, for his personal amusement but also to the benefit of Slashdot's admins. For those that don't know the story, I will present a brief summary.

*Those individuals interested in independently verifying the facts presented in this article should skip to the "Verification" section near the end.

Sdem [slashdot.org] had created a hoax account entitled electricmonk [slashdot.org], and used it to post this comment [slashdot.org] pronouncing that we was actually a cute Linux booth babe. "electricmonk" left an email at Yahoo and encouraged Slashdot readers to get in touch.

Fyodor proceeded to do so, boasting of his previous exploits with women he'd met online. He was even helpful enough to attach a picture.

This is where the story turns ugly. Sdem responded with a truthful email, in which he advised Fyodor that the whole thing was a hoax. After that, sdem posted a log of his exploits to sid=20721 (trolltalk), mentioning that he had tricked Fyodor and referring to many of the biters as "wankers". This apparently really set Fyodor off, and he began to plot criminal revenge.

First, Fyodor dug through insecure.org's referrer logs to find what IP address had requested the picture of Fyodor & his paramour. Using this information (and the logged User-Agent), Fyodor knew from the get-go Sdem's IP address and O/S. From this point, he launched nmap against Sdem's box and was greeted with the holy grail of sorts for BlackHats: an open X windows server on port 6000.

Sdem had been running an X-windows server for Windows on his Win2k box. Fyodor was able to bypass the authentication on the X-windows server and used the X-windows server to take complete screen captures of Sdem's machine whilst sniffing and recording keystrokes.

Fyodor proceeded to take hours worth of screen captures, including information on a "secret troll irc server" that sdem was using. Fyodor wrote a detailed writeup of what he observed, including an irc robot used on the server to detect new Slashdot stories for the purpose of early posting. Fyodor also mined and posted as much information about Sdem as he could find, including his real name and contact information. Jamie McCarthy used this illegally obtained information shortly after it was posted to log on to the irc server, monitor the bot, and modify Slashdot in order to break the story monitor.

Fyodor even submitted his "troll hunting" story to Slashdot, though it was rejected.

After he was done hacking Sdem's computer, Fyodor posted his screen captures and a log of his breakin to www.insecure.org/tmp/trolls [insecure.org]. The content was removed 24 hours later. He went on to boast in sid=20721 about his "troll hunting finale". While sid 20721 is regularly cleaned, a cache of Fyodor's boasting about his illegal break-in is available here [trollaxor.com]. Very interesting reading.

So, while Fyodor's interview is no doubt very interesting, I think that, as an accomplished (and due to the lack of prosecution very successful) criminal, the nature of questions given to Fyodor in the interview don't do justice to the type of expertise thi

Slashdot has an interview [slashdot.org] with security legend Fyodor [kitetoa.com], admin of the famed insecure.org [insecure.org] and author of the world's most affordable port scanner, nmap [insecure.org].

The best part of this interview is that Slashdot does not often interview criminals. Many Slashdot readers know that Fyodor used his tool to illegally attack a college student in 2002, for his personal amusement but also to the benefit of Slashdot's admins. For those that don't know the story, I will present a brief summary.

*Those individuals interested in independently verifying the facts presented in this article should skip to the "Verification" section near the end.

Sdem [slashdot.org] had created a hoax account entitled electricmonk [slashdot.org], and used it to post this comment [slashdot.org] pronouncing that we was actually a cute Linux booth babe. "electricmonk" left an email at Yahoo and encouraged Slashdot readers to get in touch.

Fyodor proceeded to do so, boasting of his previous exploits with women he'd met online. He was even helpful enough to attach a picture.

This is where the story turns ugly. Sdem responded with a truthful email, in which he advised Fyodor that the whole thing was a hoax. After that, sdem posted a log of his exploits to sid=20721 (trolltalk), mentioning that he had tricked Fyodor and referring to many of the biters as "wankers". This apparently really set Fyodor off, and he began to plot criminal revenge.

First, Fyodor dug through insecure.org's referrer logs to find what IP address had requested the picture of Fyodor & his paramour. Using this information (and the logged User-Agent), Fyodor knew from the get-go Sdem's IP address and O/S. From this point, he launched nmap against Sdem's box and was greeted with the holy grail of sorts for BlackHats: an open X windows server on port 6000.

Sdem had been running an X-windows server for Windows on his Win2k box. Fyodor was able to bypass the authentication on the X-windows server and used the X-windows server to take complete screen captures of Sdem's machine whilst sniffing and recording keystrokes.

Fyodor proceeded to take hours worth of screen captures, including information on a "secret troll irc server" that sdem was using. Fyodor wrote a detailed writeup of what he observed, including an irc robot used on the server to detect new Slashdot stories for the purpose of early posting. Fyodor also mined and posted as much information about Sdem as he could find, including his real name and contact information. Jamie McCarthy used this illegally obtained information shortly after it was posted to log on to the irc server, monitor the bot, and modify Slashdot in order to break the story monitor.

Fyodor even submitted his "troll hunting" story to Slashdot, though it was rejected.

After he was done hacking Sdem's computer, Fyodor posted his screen captures and a log of his breakin to www.insecure.org/tmp/trolls [insecure.org]. The content was removed 24 hours later. He went on to boast in sid=20721 about his "troll hunting finale". While sid 20721 is regularly cleaned, a cache of Fyodor's boasting about his illegal break-in is available here [trollaxor.com]. Very interesting reading.

So, while Fyodor's interview is no doubt very interesting, I think that, as an accomplished (and due to the lack of prosecution very successful) criminal, the nature of questions given to Fyodor in the interview don't do justice to the type of expertise thi

Slashdot has an interview [slashdot.org] with security legend Fyodor [kitetoa.com], admin of the famed insecure.org [insecure.org] and author of the world's most affordable port scanner, nmap [insecure.org].

The best part of this interview is that Slashdot does not often interview criminals. Many Slashdot readers know that Fyodor used his tool to illegally attack a college student in 2002, for his personal amusement but also to the benefit of Slashdot's admins. For those that don't know the story, I will present a brief summary.

*Those individuals interested in independently verifying the facts presented in this article should skip to the "Verification" section near the end.

Sdem [slashdot.org] had created a hoax account entitled electricmonk [slashdot.org], and used it to post this comment [slashdot.org] pronouncing that we was actually a cute Linux booth babe. "electricmonk" left an email at Yahoo and encouraged Slashdot readers to get in touch.

Fyodor proceeded to do so, boasting of his previous exploits with women he'd met online. He was even helpful enough to attach a picture.

This is where the story turns ugly. Sdem responded with a truthful email, in which he advised Fyodor that the whole thing was a hoax. After that, sdem posted a log of his exploits to sid=20721 (trolltalk), mentioning that he had tricked Fyodor and referring to many of the biters as "wankers". This apparently really set Fyodor off, and he began to plot criminal revenge.

First, Fyodor dug through insecure.org's referrer logs to find what IP address had requested the picture of Fyodor & his paramour. Using this information (and the logged User-Agent), Fyodor knew from the get-go Sdem's IP address and O/S. From this point, he launched nmap against Sdem's box and was greeted with the holy grail of sorts for BlackHats: an open X windows server on port 6000.

Sdem had been running an X-windows server for Windows on his Win2k box. Fyodor was able to bypass the authentication on the X-windows server and used the X-windows server to take complete screen captures of Sdem's machine whilst sniffing and recording keystrokes.

Fyodor proceeded to take hours worth of screen captures, including information on a "secret troll irc server" that sdem was using. Fyodor wrote a detailed writeup of what he observed, including an irc robot used on the server to detect new Slashdot stories for the purpose of early posting. Fyodor also mined and posted as much information about Sdem as he could find, including his real name and contact information. Jamie McCarthy used this illegally obtained information shortly after it was posted to log on to the irc server, monitor the bot, and modify Slashdot in order to break the story monitor.

Fyodor even submitted his "troll hunting" story to Slashdot, though it was rejected.

After he was done hacking Sdem's computer, Fyodor posted his screen captures and a log of his breakin to www.insecure.org/tmp/trolls [insecure.org]. The content was removed 24 hours later. He went on to boast in sid=20721 about his "troll hunting finale". While sid 20721 is regularly cleaned, a cache of Fyodor's boasting about his illegal break-in is available here [trollaxor.com]. Very interesting reading.

So, while Fyodor's interview is no doubt very interesting, I think that, as an accomplished (and due to the lack of prosecution very successful) criminal, the nature of questions given to Fyodor in the interview don't do justice to the type of expertise thi

First, the quote from today:

I did not actually break into any troll boxes, although I did imply that in a misguided attempts to use some of their trolling rhetorical devices against them.

And now, the quote from yesteryear:

Incidently, Sdem is also incompetent at securing his computer. That is a glaring deficiency for someone who spends most of his time annoying and harrassing others. Thus, our investigation was able to progress well beyond simply viewing his public Internet posts. We were monitoring his system in real time, and are providing dozens of (somewhat) interesting screen shots below. We were also going to post some of his files, passwords, and full keystroke logs, but that would be gratuitously mean. After all, he is only a high school kid, so maybe he will mend his ways. Sdem: if you are reading this, change your passwords before we change our mind :).

So, not only did Mr. Fyodor illegally access the victim's PC (18 U.S.C. 1030(a)(2)), but he also unlawfully intercepted and disclosed the contents of communications on that machine (18 U.S.C. 2511(1)(b), (1)(c), et al) and threatened to make further disclosures to injure the victim's property and/or reputation (18 U.S.C. 875(d)).

In other words, if word of your exploits makes it up to the Justice Department, you are going to be fucked. We know full well that the Bush administration likes to make examples, especially of slimy Russian hackers. What reason do you have to believe you won't be next in line?

Well Fyodor I think we're all in agreement that you're not a terrorist (-:

I remember when you posted those pictures on http://www.insecure.org/tmp/trolls/trolls.html from your break-in to that guy's machine. I still have them around: I show them to people to show them just how skilled some people are at hacking.

What I guess I don't know is how you got them. Your statement above seems to say that you weren't involved with hacking into this kid's computer, yet the narrative you posted reads like you were watching this kid's screen for hours?

Could you tell us more about this story of how you were able to witness this break-in and post it to your website without, well... breaking in?

The whole thing fascinates me.

I know that the best approach is to ignore you trolls, even as your slander becomes more and more outrageous. I will admit that I did some trolling of the trolls last year. Big mistake - they have much more of an appetite and time for this than I do. It has been a year and they still continue to write new stories that are more and more absurd. Perhaps I should be flattered that they consider me so important. The troll journal you linked accuses me of "illegally penetrating computers across state lines" and that "Fyodor even submitted his "troll hunting" story to Slashdot, though it was rejected". Another page includes a fake interview with me, a fake Nmap bug, and notes that I have been "pushing crystal meth on the street for a few months." It has also been said that I am "obviously a terrorist" and that Nmap "is spyware to spy on the american people". So I have learned to deal with abusive criticism. Another Slashdot journal currently says "Fyodor is ... a depraved, insidious hacker hell-bent on criminal intrusions into systems owned by minors!" Even I couldn't help but chuckle at that one :). Replying is useless, since the trolls are just looking for attention and care nothing of accuracy. But I will make a few points lest anyone else take the trolls seriously:

• I am not a terrorist, and have never sold drugs.
• I did not actually break into any troll boxes, although I did imply that in a misguided attempts to use some of their trolling rhetorical devices against them. I stand by my posting history.
• Much of the content in the journal you posted is an outright fabrication and the lies and accusations change by the minute! This (currently score 5) post quotes text that I saw in this journal an hour ago. Now it is gone, and many other changes have been made as well. Be careful of linking to Troll journals, or they may turn into goatse links.
• Some of his lies are self-evident. How could he possibly know much of this stuff, such as that I submitted this as a Slashdot story? I have never submitted any story whatsoever to Slashdot. If there is some sort of public interface to the submission queue that I am unaware of, please post it. You will not find any submissions from me. Note that these were all submitted by other people.
• I have not been "advised by legal counsel not to speak about it in public." If I was to speak with lawyers, it would be about their slander campaign. But they aren't even close to being worth the effort.
• They claim I hacked a troll named Sdem who is a member of Trollaxor.Com. That page currently admits that he has moved on to harassing other security folks - he is now impersonating Theo de Raadt, the leader of OpenBSD.

I could go on, but I have a much more important project to work on today. I won't post further on this troll topic, no matter how much you trolls slander and attack me in your journals and replies to this post. And don't bother posting "YHBT," I know. Hopefully Slashdot moderation will eventually catch up with your games and we can focus on interesting security subjects rather than troll gossip and manufactured scandals.

Cheers,
-Fyodor

I know that the best approach is to ignore you trolls, even as your slander becomes more and more outrageous. I will admit that I did some trolling of the trolls last year. Big mistake - they have much more of an appetite and time for this than I do. It has been a year and they still continue to write new stories that are more and more absurd. Perhaps I should be flattered that they consider me so important. The troll journal you linked accuses me of "illegally penetrating computers across state lines" and that "Fyodor even submitted his "troll hunting" story to Slashdot, though it was rejected". Another page includes a fake interview with me, a fake Nmap bug, and notes that I have been "pushing crystal meth on the street for a few months." It has also been said that I am "obviously a terrorist" and that Nmap "is spyware to spy on the american people". So I have learned to deal with abusive criticism. Another Slashdot journal currently says "Fyodor is ... a depraved, insidious hacker hell-bent on criminal intrusions into systems owned by minors!" Even I couldn't help but chuckle at that one :). Replying is useless, since the trolls are just looking for attention and care nothing of accuracy. But I will make a few points lest anyone else take the trolls seriously:

• I am not a terrorist, and have never sold drugs.
• I did not actually break into any troll boxes, although I did imply that in a misguided attempts to use some of their trolling rhetorical devices against them. I stand by my posting history.
• Much of the content in the journal you posted is an outright fabrication and the lies and accusations change by the minute! This (currently score 5) post quotes text that I saw in this journal an hour ago. Now it is gone, and many other changes have been made as well. Be careful of linking to Troll journals, or they may turn into goatse links.
• Some of his lies are self-evident. How could he possibly know much of this stuff, such as that I submitted this as a Slashdot story? I have never submitted any story whatsoever to Slashdot. If there is some sort of public interface to the submission queue that I am unaware of, please post it. You will not find any submissions from me. Note that these were all submitted by other people.
• I have not been "advised by legal counsel not to speak about it in public." If I was to speak with lawyers, it would be about their slander campaign. But they aren't even close to being worth the effort.
• They claim I hacked a troll named Sdem who is a member of Trollaxor.Com. That page currently admits that he has moved on to harassing other security folks - he is now impersonating Theo de Raadt, the leader of OpenBSD.

I could go on, but I have a much more important project to work on today. I won't post further on this troll topic, no matter how much you trolls slander and attack me in your journals and replies to this post. And don't bother posting "YHBT," I know. Hopefully Slashdot moderation will eventually catch up with your games and we can focus on interesting security subjects rather than troll gossip and manufactured scandals.

Cheers,
-Fyodor

Slashdot has an interview with security legend Fyodor, admin of the famed insecure.org and author of the world's most affordable port scanner, nmap.

The best part of this interview is that Slashdot does not often interview criminals. Many Slashdot readers know that Fyodor used his tool to illegally attack a college student in 2002, for his personal amusement but also to the benefit of Slashdot's admins. For those that don't know the story, I will present a brief summary.

*Those individuals interested in independently verifying the facts presented in this article should skip to the "Verification" section near the end.

Sdem had created a hoax account entitled electricmonk, and used it to post this comment pronouncing that we was actually a cute Linux booth babe. "electricmonk" left an email at Yahoo and encouraged Slashdot readers to get in touch.

Fyodor proceeded to do so, boasting of his previous exploits with women he'd met online. He was even helpful enough to attach a picture.

This is where the story turns ugly. Sdem responded with a truthful email, in which he advised Fyodor that the whole thing was a hoax. After that, sdem posted a log of his exploits to sid=20721 (trolltalk), mentioning that he had tricked Fyodor and referring to many of the biters as "wankers". This apparently really set Fyodor off, and he began to plot criminal revenge.

First, Fyodor dug through insecure.org's referrer logs to find what IP address had requested the picture of Fyodor & his paramour. Using this information (and the logged User-Agent), Fyodor knew from the get-go Sdem's IP address and O/S. From this point, he launched nmap against Sdem's box and was greeted with the holy grail of sorts for BlackHats: an open X windows server on port 6000.

Sdem had been running an X-windows server for Windows on his Win2k box. Fyodor was able to bypass the authentication on the X-windows server and used the X-windows server to take complete screen captures of Sdem's machine whilst sniffing and recording keystrokes.

Fyodor proceeded to take hours worth of screen captures, including information on a "secret troll irc server" that sdem was using. Fyodor wrote a detailed writeup of what he observed, including an irc robot used on the server to detect new Slashdot stories for the purpose of early posting. Fyodor also mined and posted as much information about Sdem as he could find, including his real name and contact information. Jamie McCarthy used this illegally obtained information shortly after it was posted to log on to the irc server, monitor the bot, and modify Slashdot in order to break the story monitor.

Fyodor even submitted his "troll hunting" story to Slashdot, though it was rejected.

After he was done hacking Sdem's computer, Fyodor posted his screen captures and a log of his breakin to www.insecure.org/tmp/trolls. The content was removed 24 hours later. He went on to boast in sid=20721 about his "troll hunting finale". While sid 20721 is regularly cleaned, a cache of Fyodor's boasting about his illegal break-in is available here. Very interesting reading.

So, while Fyodor's interview is no doubt very interesting, I think that, as an accomplished (and due to the lack of prosecution very successful) criminal, the nature of questions given to Fyodor in the interview don't do justice to the type of expertise this man has in illegally penetrating computers across state lines and getting away with it. I'm sure that many companies would

Slashdot has an interview with security legend Fyodor, admin of the famed insecure.org and author of the world's most affordable port scanner, nmap.

The best part of this interview is that Slashdot does not often interview criminals. Many Slashdot readers know that Fyodor used his tool to illegally attack a college student in 2002, for his personal amusement but also to the benefit of Slashdot's admins. For those that don't know the story, I will present a brief summary.

*Those individuals interested in independently verifying the facts presented in this article should skip to the "Verification" section near the end.

Sdem had created a hoax account entitled electricmonk, and used it to post this comment pronouncing that we was actually a cute Linux booth babe. "electricmonk" left an email at Yahoo and encouraged Slashdot readers to get in touch.

Fyodor proceeded to do so, boasting of his previous exploits with women he'd met online. He was even helpful enough to attach a picture.

This is where the story turns ugly. Sdem responded with a truthful email, in which he advised Fyodor that the whole thing was a hoax. After that, sdem posted a log of his exploits to sid=20721 (trolltalk), mentioning that he had tricked Fyodor and referring to many of the biters as "wankers". This apparently really set Fyodor off, and he began to plot criminal revenge.

First, Fyodor dug through insecure.org's referrer logs to find what IP address had requested the picture of Fyodor & his paramour. Using this information (and the logged User-Agent), Fyodor knew from the get-go Sdem's IP address and O/S. From this point, he launched nmap against Sdem's box and was greeted with the holy grail of sorts for BlackHats: an open X windows server on port 6000.

Sdem had been running an X-windows server for Windows on his Win2k box. Fyodor was able to bypass the authentication on the X-windows server and used the X-windows server to take complete screen captures of Sdem's machine whilst sniffing and recording keystrokes.

Fyodor proceeded to take hours worth of screen captures, including information on a "secret troll irc server" that sdem was using. Fyodor wrote a detailed writeup of what he observed, including an irc robot used on the server to detect new Slashdot stories for the purpose of early posting. Fyodor also mined and posted as much information about Sdem as he could find, including his real name and contact information. Jamie McCarthy used this illegally obtained information shortly after it was posted to log on to the irc server, monitor the bot, and modify Slashdot in order to break the story monitor.

Fyodor even submitted his "troll hunting" story to Slashdot, though it was rejected.

After he was done hacking Sdem's computer, Fyodor posted his screen captures and a log of his breakin to www.insecure.org/tmp/trolls. The content was removed 24 hours later. He went on to boast in sid=20721 about his "troll hunting finale". While sid 20721 is regularly cleaned, a cache of Fyodor's boasting about his illegal break-in is available here. Very interesting reading.

So, while Fyodor's interview is no doubt very interesting, I think that, as an accomplished (and due to the lack of prosecution very successful) criminal, the nature of questions given to Fyodor in the interview don't do justice to the type of expertise this man has in illegally penetrating computers across state lines and getting away with it. I'm sure that many companies would

Slashdot has an interview with security legend Fyodor, admin of the famed insecure.org and author of the world's most affordable port scanner, nmap.

The best part of this interview is that Slashdot does not often interview criminals. Many Slashdot readers know that Fyodor used his tool to illegally attack a college student in 2002, for his personal amusement but also to the benefit of Slashdot's admins. For those that don't know the story, I will present a brief summary.

*Those individuals interested in independently verifying the facts presented in this article should skip to the "Verification" section near the end.

Sdem had created a hoax account entitled electricmonk, and used it to post this comment pronouncing that we was actually a cute Linux booth babe. "electricmonk" left an email at Yahoo and encouraged Slashdot readers to get in touch.

Fyodor proceeded to do so, boasting of his previous exploits with women he'd met online. He was even helpful enough to attach a picture.

This is where the story turns ugly. Sdem responded with a truthful email, in which he advised Fyodor that the whole thing was a hoax. After that, sdem posted a log of his exploits to sid=20721 (trolltalk), mentioning that he had tricked Fyodor and referring to many of the biters as "wankers". This apparently really set Fyodor off, and he began to plot criminal revenge.

First, Fyodor dug through insecure.org's referrer logs to find what IP address had requested the picture of Fyodor & his paramour. Using this information (and the logged User-Agent), Fyodor knew from the get-go Sdem's IP address and O/S. From this point, he launched nmap against Sdem's box and was greeted with the holy grail of sorts for BlackHats: an open X windows server on port 6000.

Sdem had been running an X-windows server for Windows on his Win2k box. Fyodor was able to bypass the authentication on the X-windows server and used the X-windows server to take complete screen captures of Sdem's machine whilst sniffing and recording keystrokes.

Fyodor proceeded to take hours worth of screen captures, including information on a "secret troll irc server" that sdem was using. Fyodor wrote a detailed writeup of what he observed, including an irc robot used on the server to detect new Slashdot stories for the purpose of early posting. Fyodor also mined and posted as much information about Sdem as he could find, including his real name and contact information. Jamie McCarthy used this illegally obtained information shortly after it was posted to log on to the irc server, monitor the bot, and modify Slashdot in order to break the story monitor.

Fyodor even submitted his "troll hunting" story to Slashdot, though it was rejected.

After he was done hacking Sdem's computer, Fyodor posted his screen captures and a log of his breakin to www.insecure.org/tmp/trolls. The content was removed 24 hours later. He went on to boast in sid=20721 about his "troll hunting finale". While sid 20721 is regularly cleaned, a cache of Fyodor's boasting about his illegal break-in is available here. Very interesting reading.

So, while Fyodor's interview is no doubt very interesting, I think that, as an accomplished (and due to the lack of prosecution very successful) criminal, the nature of questions given to Fyodor in the interview don't do justice to the type of expertise this man has in illegally penetrating computers across state lines and getting away with it. I'm sure that many companies would

This is no coincidence. GNU/Linux parallels Unix because I chose that
design in 1983. It is foolish to focus on innovation when you are
starting a race with a multi-year handicap. The first task is to
catch up.

This is no coincidence. GNU/Linux parallels Unix because I chose that
design in 1983. It is foolish to focus on innovation when you are
starting a race with a multi-year handicap. The first task is to
catch up.

Based on this useful reference from cowmix (10566) I must retract and correct my statement that SCO was only quoting RMS. Cowmix is correct and SCO's page does misattribute the quote, which does not contain the words of RMS. Instead, it is a quote from Larry McVoy.

Based on this useful reference from cowmix (10566) I must retract and correct my statement that SCO was only quoting RMS. Cowmix is correct and SCO's page does misattribute the quote, which does not contain the words of RMS. Instead, it is a quote from Larry McVoy.

Linux is a copy of UNIX. There is very little new stuff in Linux.

Richard Stallman didn't write this.

Larry McVoy wrote this while insulting Linux. Richard Stallman quoted Larry McVoy when replying to his inflamatory posting.

Linux is a copy of UNIX. There is very little new stuff in Linux.

Richard Stallman didn't write this.

Larry McVoy wrote this while insulting Linux. Richard Stallman quoted Larry McVoy when replying to his inflamatory posting.

All very good for the beginner, for sure.

Don't forget tripwire, nmap and Nessus. I find Nessus particularly interesting, especially if you have more than a modicom of network experience under your belt.

I think security is the one area of the IT industry that's growing. Thanks, Microsoft!

Soko

And naturally, the "terorists" are using 'nix...

• set up a network of very cheap boxes with old software you know to be vulnerable, and try using exploits against them.
• Try hardening and patching those boxes so the exploits don't work anymore. (You'll frequently be patching/protecting obsolete boxes in the real world, so this is actually realistic.)
• Try adding tripwire and snort to stop/detect attacks. Configure snort with database logging, with syslog/swatch, etc. Clients will want it done in a variety of ways, so it is good to be able to do it in different ways.
• Familiarize yourself with as many of the tools in Fyodor's list as possible. Using them will be the bread an butter of your work. That includes scanners like nessus.
• Read an ultra paranoid book that will give you an overall view of the field (e.g. John M. Caroll's "Computer Security, Third Edition").
• Practice security. As you install and register software, watch what is happening to the box.
• Pick an area of security that you want to specialize in...there are too many bugs and holes each week to know all of them...just the PHP code injection stuff will keep you swamped.
• Don't be afraid to ask more advanced people security questions, but do your homework first, and make sure that they know you have. They will take your more seriously if you say "I've already read the FAQ and the man page, but I'm not clear on...." than if you say, "Dude, how do I do...". This can make your learning experience far less painful

• set up a network of very cheap boxes with old software you know to be vulnerable, and try using exploits against them.
• Try hardening and patching those boxes so the exploits don't work anymore. (You'll frequently be patching/protecting obsolete boxes in the real world, so this is actually realistic.)
• Try adding tripwire and snort to stop/detect attacks. Configure snort with database logging, with syslog/swatch, etc. Clients will want it done in a variety of ways, so it is good to be able to do it in different ways.
• Familiarize yourself with as many of the tools in Fyodor's list as possible. Using them will be the bread an butter of your work. That includes scanners like nessus.
• Read an ultra paranoid book that will give you an overall view of the field (e.g. John M. Caroll's "Computer Security, Third Edition").
• Practice security. As you install and register software, watch what is happening to the box.
• Pick an area of security that you want to specialize in...there are too many bugs and holes each week to know all of them...just the PHP code injection stuff will keep you swamped.
• Don't be afraid to ask more advanced people security questions, but do your homework first, and make sure that they know you have. They will take your more seriously if you say "I've already read the FAQ and the man page, but I'm not clear on...." than if you say, "Dude, how do I do...". This can make your learning experience far less painful

• set up a network of very cheap boxes with old software you know to be vulnerable, and try using exploits against them.
• Try hardening and patching those boxes so the exploits don't work anymore. (You'll frequently be patching/protecting obsolete boxes in the real world, so this is actually realistic.)
• Try adding tripwire and snort to stop/detect attacks. Configure snort with database logging, with syslog/swatch, etc. Clients will want it done in a variety of ways, so it is good to be able to do it in different ways.
• Familiarize yourself with as many of the tools in Fyodor's list as possible. Using them will be the bread an butter of your work. That includes scanners like nessus.
• Read an ultra paranoid book that will give you an overall view of the field (e.g. John M. Caroll's "Computer Security, Third Edition").
• Practice security. As you install and register software, watch what is happening to the box.
• Pick an area of security that you want to specialize in...there are too many bugs and holes each week to know all of them...just the PHP code injection stuff will keep you swamped.
• Don't be afraid to ask more advanced people security questions, but do your homework first, and make sure that they know you have. They will take your more seriously if you say "I've already read the FAQ and the man page, but I'm not clear on...." than if you say, "Dude, how do I do...". This can make your learning experience far less painful

• set up a network of very cheap boxes with old software you know to be vulnerable, and try using exploits against them.
• Try hardening and patching those boxes so the exploits don't work anymore. (You'll frequently be patching/protecting obsolete boxes in the real world, so this is actually realistic.)
• Try adding tripwire and snort to stop/detect attacks. Configure snort with database logging, with syslog/swatch, etc. Clients will want it done in a variety of ways, so it is good to be able to do it in different ways.
• Familiarize yourself with as many of the tools in Fyodor's list as possible. Using them will be the bread an butter of your work. That includes scanners like nessus.
• Read an ultra paranoid book that will give you an overall view of the field (e.g. John M. Caroll's "Computer Security, Third Edition").
• Practice security. As you install and register software, watch what is happening to the box.
• Pick an area of security that you want to specialize in...there are too many bugs and holes each week to know all of them...just the PHP code injection stuff will keep you swamped.
• Don't be afraid to ask more advanced people security questions, but do your homework first, and make sure that they know you have. They will take your more seriously if you say "I've already read the FAQ and the man page, but I'm not clear on...." than if you say, "Dude, how do I do...". This can make your learning experience far less painful

I couldn't disagree more. While it is true that network security is more than an engineering discipline, there are certainly major areas of security knowledge that fall within the realm of engineering. The poster asked specifically about technical tools for practical security.

Iptables is not a bad place to start for some practical, technical knowledge about security in IP networks. Take a look at the HOWTOs at www.netfilter.org. Another good tool to work with as you explore Iptables is nmap.

http://www.insecure.org/tools.html

An overlooked point is that fyodor did not compromise a random connection, but the stanford.edu network. Perhaps he used one of his collected exploits?

I did a little research to see if I could validate or invalidate A Proud American's claims. While he is marginally correct on the facts, his interpretation is very far off.

First and foremost, I learned that the FBI and other similar anti-crime organizations of the U.S. government will not (I repeat, will not) prosecute or even attempt to investigate computer-related security crimes that involve less than $5,000 in liabilities.

Semi-true. There is a technical $5,000 threshold in order for the FBI to have federal jurisdiction over cybercrimes. State law still applies. Additionally, the FBI can probably gain jurisdiction to charge with other laws (they've mentioned RICO) if the crimes cross state lines (and there is judicial precedent that sets the bar merely at passing through an out-of-state router, in the case of a threat delivered over AIM with both perpetrator and victim in the same state).

Also, the $5,000 threshold is not particularly strict under new guidelines in the USA PATRIOT Act, so that they encompass summed damages from different attacks, damages in downtime and time responding, etc. In other words, the bar is very low and easily met with semi-probably damages; $5,000 is more of a requirement to prevent people from being charged for, say, portscanning. See here: http://www.astalavista.com/technologies/library/cr ime/usa.shtml.

And civil suits are always an available alternative.

Prison is actually fairly easily awarded; often we complain just as much about the strict jail time for such minor crimes as the lack of jail time.

Other measures of prosecution are becoming much harsher and stricter now, too, especially with all our terror enforcement (er, I mean anti-terror, Mr. Ashcroft, sir) measures. I mentioned RICO above (see here: http://lists.insecure.org/lists/isn/2000/Feb/0029. html.

So prison is a real possibility; federal prosecution is pretty easy to get; but you should all still make sure you keep up to date with security. Just don't rely on A Proud American for your information.

Oh, yah. And befriend me. Please? Pretty please? I'll be your friend!

Let's say you're somebody (maybe Fyodor) and you break into someone's system and subsequently monitor it through screenshots. This is a rather clearcut case, is it not? The wiretapping is bad no matter which sides you place the two parties on.

Furthermore, this smacks of vigilanteism. If people start taking the law into their own hands, what happens to the whole idea of a codified system of justice? Or, indeed, justice at all? Wiretapping is best left to the justice system.

If you're, say, Fyodor and you're running a honeypot (like he does, he's involved w/ the project), you can more or less count on the fact that the perp is some poor minor or college student who won't be able to bring suit in court. Hell, if you're Fyodor, this works when you're on the other side, too.

It's not entirly acurate...

Pictures can be found on Fyodor's site.

Oh, and I must say, that Trinity freakin' kicks ass. As you can see from the pictures, nmap says "No exact OS matches for host". Trinity goes ahead and throws the sploit anyway without knowing the system's architecture AND IT WORKS!

That just kicks ass.

A big Eartha-Kitt-Cat-Woman growl for Trinity.

Pictures can be found on Fyodor's site.

Oh, and I must say, that Trinity freakin' kicks ass. As you can see from the pictures, nmap says "No exact OS matches for host". Trinity goes ahead and throws the sploit anyway without knowing the system's architecture AND IT WORKS!

That just kicks ass.

A big Eartha-Kitt-Cat-Woman growl for Trinity.

So perhaps some of you gray hats in the audience have a quality DivX/MPG of the movie [Matrix Reloaded] already?

Slashdot has an interview with security legend Fyodor, admin of the famed insecure.org and author of the world's cheapest port scanner, nmap.

The best part of this interview is that Slashdot does not often interview criminals. Many Slashdot readers know that Fyodor used his tool to illegally attack a college student in 2002, for his personal amusement but also to the benefit of Slashdot's admins. For those that don't know the story, I will present a brief summary.

*Those individuals interested in independently verifying the facts presented in this article should skip to the "Verification" section near the end.

Sdem had created a hoax account entitled electricmonk, and used it to post this comment pronouncing that we was actually a cute Linux booth babe. "electricmonk" left an email at Yahoo and encouraged Slashdot readers to get in touch.

Fyodor proceeded to do so, boasting of his previous exploits with women he'd met online. He was even helpful enough to attach a picture.

This is where the story turns ugly. Sdem responded with a truthful email, in which he advised Fyodor that the whole thing was a hoax. After that, sdem posted a log of his exploits to sid=20721 (trolltalk), mentioning that he had tricked Fyodor and referring to many of the biters as "wankers". This apparently really set Fyodor off, and he began to plot criminal revenge.

First, Fyodor dug through insecure.org's referrer logs to find what IP address had requested the picture of Fyodor & his paramour. Using this information (and the logged User-Agent), Fyodor knew from the get-go Sdem's IP address and O/S. From this point, he launched nmap against Sdem's box (he didn't have the money for a more effective port scanner) and was greeted with the holy grail of sorts for BlackHats: an open X windows server on port 6000.

Sdem had been running an X-windows server for Windows on his Win2k box. Fyodor was able to bypass the authentication on the X-windows server and used the X-windows server to take complete screen captures of Sdem's machine whilst sniffing and recording keystrokes.

Fyodor proceeded to take hours worth of screen captures, including information on a "secret troll irc server" that sdem was using. Fyodor wrote a detailed writeup of what he observed, including an irc robot used on the server to detect new Slashdot stories for the purpose of early posting. Fyodor also mined and posted as much information about Sdem as he could find, including his real name and contact information. Jamie McCarthy used this illegally obtained information shortly after it was posted to log on to the irc server, monitor the bot, and modify Slashdot in order to break the story monitor.

Fyodor even submitted his "troll hunting" story to Slashdot, though it was rejected.

After he was done hacking Sdem's computer, Fyodor posted his screen captures and a log of his breakin to www.insecure.org/tmp/trolls. The content was removed 24 hours later. He went on to boast in sid=20721 about his "troll hunting finale". While sid 20721 is regularly cleaned, a cache of Fyodor's boasting about his illegal break-in is available here. Very interesting reading.

So, while Fyodor's interview is no doubt very interesting, I think that, as an accomplished (and due to the lack of prosecution very successful) criminal, the nature of questions given to Fyodor in the interview don't do justice to the type of expertise this man

THE MATRIX RELOADED SPOILER ALERT

.

.

.

.

I saw The Matrix Reloaded yesterday and, at that pivitol moment, yelled "Holy SHIT! Trinity's using nmap!".

Other's in the theater were less than pleased.

In this message, you say you did the "r00t dance". Can you please demonstrate the r00t dance for the Slashdot audience?

Make sure to take a look at the images here when reading that article...

Name some good H4X0R t00lZ for windows. Not so easy, is it? All the portscanners, eggdrops, warbots, and other bullshit is linux based.

Nah, man, you just gotta if you know where to look for it. Some nice folk out there in the "H4X0R t00lZ" community stopped being *nix 1337ists and ported stuff over to Windows. ;)

http://www.insecure.org/tools.html

Enjoy.

Did you have a look at the insecure.org site? OpenBSD is in the Top 75 Security Tools list

Here is the list.

I have just read your top 75 security tools list. Thank you for posting all this information, which I am going to study very carefully.

One question though: in all these tools, which one is your personal favourite? (This excludes Nmap, of course).

Thanks in advance!

AIDE only received 4 votes, while 10 were needed to place #75. But I agree that it is a useful free tool that potential Tripwire users should know about. And so I have added an AIDE link to that entry.

Thanks,
-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner

AIDE only received 4 votes, while 10 were needed to place #75. But I agree that it is a useful free tool that potential Tripwire users should know about. And so I have added an AIDE link to that entry.

Thanks,
-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner