Slashdot Mirror

http://methlabs.org/forums/login.php?do=lostpw you can recover your password there

Here is the front page of methlabs...not so much data, just a few hints all is not kosher...
I really like the first sentence, saying some member revolted against the whole P2P community...

Either the poster is really trying to cover his back, or he is rally in the middle of something...

"Methlabs Update
September 16th, 2005 by Administrator

Dear Methlabs and P2P Community,

Recently, we had several former staff members revolt against the entire P2P community as a whole. They tried to sabatoge Methlabs and attempted to wipe the Methlabs server of all its data.

Unfortunately, they gained access to site backups. In doing so, your passwords may have been compromised, although they are MD5 encrypted. We would like to you login to the Methlabs forums (http://methlabs.org/forums/) and change your password. We sincerely apologize for this issue.

As of right now, the Methlabs site is back online, although forum posts from the past month have been lost.

Since all the data was stolen by former staff members, YOU MAY RECIEVE FAKE EMAILS that look like they are from Methlabs. If they do not come from the Methlabs.org domain and from our email servers, DO NOT BELIEVE THEM.

We assure you that Methlabs development will continue, and ALL OFFICIAL PROGRAMS MUST be downloaded directly from Methlabs.org . Assume that all other sites contain spyware or malicious code which may not be directly trusted.

To update everyone on the current situation, there has been some news going around the Internet of a revolt which happened in Methlabs. This is hearsay. The current real news is that PeerGuardian development and Blocklist development is on schedule, and Blocklist should be out of Beta within the next week or so.

Please spread the word that Methlabs.org is ALIVE and DO NOT believe or TRUST any emails that do not come directly from Methlabs.org and our mail servers. These emails are from disgruntled staff members trying to hurt the P2P community as a whole.

We apoligize for the current situation. Please visit http://methlabs.org/ for OFFICIAL updates, and help us spread the word!

- The Methlabs Team
"

Here is the front page of methlabs...not so much data, just a few hints all is not kosher...
I really like the first sentence, saying some member revolted against the whole P2P community...

Either the poster is really trying to cover his back, or he is rally in the middle of something...

"Methlabs Update
September 16th, 2005 by Administrator

Dear Methlabs and P2P Community,

Recently, we had several former staff members revolt against the entire P2P community as a whole. They tried to sabatoge Methlabs and attempted to wipe the Methlabs server of all its data.

Unfortunately, they gained access to site backups. In doing so, your passwords may have been compromised, although they are MD5 encrypted. We would like to you login to the Methlabs forums (http://methlabs.org/forums/) and change your password. We sincerely apologize for this issue.

As of right now, the Methlabs site is back online, although forum posts from the past month have been lost.

Since all the data was stolen by former staff members, YOU MAY RECIEVE FAKE EMAILS that look like they are from Methlabs. If they do not come from the Methlabs.org domain and from our email servers, DO NOT BELIEVE THEM.

We assure you that Methlabs development will continue, and ALL OFFICIAL PROGRAMS MUST be downloaded directly from Methlabs.org . Assume that all other sites contain spyware or malicious code which may not be directly trusted.

To update everyone on the current situation, there has been some news going around the Internet of a revolt which happened in Methlabs. This is hearsay. The current real news is that PeerGuardian development and Blocklist development is on schedule, and Blocklist should be out of Beta within the next week or so.

Please spread the word that Methlabs.org is ALIVE and DO NOT believe or TRUST any emails that do not come directly from Methlabs.org and our mail servers. These emails are from disgruntled staff members trying to hurt the P2P community as a whole.

We apoligize for the current situation. Please visit http://methlabs.org/ for OFFICIAL updates, and help us spread the word!

- The Methlabs Team
"

"Recently, we had several former staff members revolt against the entire P2P community as a whole. They tried to sabatoge Methlabs and attempted to wipe the Methlabs server of all its data."

"To update everyone on the current situation, there has been some news going around the Internet of a revolt which happened in Methlabs. This is hearsay."

Say what? Was there a revolt or wasn't there? The other side's story isn't self-contradictory.

"We assure you that Methlabs development will continue, and ALL OFFICIAL PROGRAMS MUST be downloaded directly from Methlabs.org . Assume that all other sites contain spyware or malicious code which may not be directly trusted."

This looks suspicious to me. Isn't it possible to do a DNS spoof or a simple web server attack and get access to methlabs.org? Shouldn't any site worth anything have reliable, trusted backups?

And shouldn't the site post hashes of several recent releases instead of simply saying "download from here only, honest!"?

"We would like to you login to the Methlabs forums (http://methlabs.org/forums/) and change your password."

Actually, go straight to the Methlabs forums and change your password to something completely random. And if you used your old Methlabs password somewhere else, get rid of it. Assume for your password's sake that Methlabs.org and Methlabs-Team-in-Exile are both able to compromise your password.

But still, it's good to recognize this position. We don't know what happened, and the fate of a site this crucial to security is not something to jump to conclusions about.

"Dear Member,

The majority of the Methlabs.org administration and development team have been forced out of their website following a series of threats and incidents. The member of the group that had been trusted to handle the finances and servers slowly managed to take over each individual part of the web site's assets, eventually claiming control over the entire group and locking out the majority of staff.

The organisation's founders, Tim Leonard and Ken McKelland, as well as the majority of the organisation's staff and developers (including the main developer of the PeerGuardian2 application, Cory Nelson and the staff members responsible for auditing the PeerGuardian Blocklists) have all been forcibly removed from the servers that were funded from donations given to the organisation by happy users, and from text advertising placed on the websites forum and project pages.

The money, which was to have been used to help fund the development and hosting costs of the group is now unavailable, stolen by the one who was trusted to keep it.

Development of PeerGuardian will resume, and the website will temporarily move to http://peerguardian.sourceforge.net/ until a new domain is registered and a new server found. The intention of the group is to register a non-profit organisation to handle the development of Methlabs applications and to promote open source projects that aid both security, privacy and peer-to-peer technologies, in order to prevent a repeat of this incident.

The team wish all their users the best through this difficult time, but promise that development will continue. Please visit http://peerguardian.sf.net/ for news as we make progress. All other sites, including http://methlabs.org/ and http://blocklist.org/ are under control of the rogue member and should not be trusted for safe updates to our applications or lists.

A new build of PeerGuardian will be released soon to reflect these changes. Until then we ask you to continue using Beta 6a but with caution as the update servers are no longer under our control.

All staff are available in irc.freenode.net, channel #methlabs if you wish to chat.

Thanks, The Methlabs Staff (looking for a new home) -----

Adam Hoier, Cory Nelson, Eric Mayuk, Fox Lowe, James Shanelec, Joseph Farthing, Ken McKelland, Steffen Tuzar, Tim Leonard

aka

braindancer, D3F, fox, FuRiOuS1, JFM, KuKIE, method, phrosty, r00ted"

Without knowing any details, it's hard to know which party in this situation is the malicious one (possibly both). But this message on the methlabs.org blog is causing the Lost-In-Space-Robot in my head to wave its arms madly:

Unfortunately, they gained access to site backups. In doing so, your passwords may have been compromised, although they are MD5 encrypted. We would like to you login to the Methlabs forums ([url redacted]) and change your password. We sincerely apologize for this issue.

If the webmaster is telling the truth, this is an innocuous request. [Of course, sufficiently strong passwords will survive precomputed hash attacks, and it's still pretty hard to brute-force MD5 hashes (even given recent weaknesses).] However, if the webmaster is malicious, this is no different than a PayPal phishing scam: "Come visit our website (the legitimacy of which is, at best, in doubt) and enter your old password on a Web form. Go ahead, enter a new one, too. Thanks."

The right thing to do in this case, where you have multiple parties which may all be malicious and some of which may have your passwords, in plaintext or hashed format, is probably to stop using those passwords immediately. If you use that forum password elsewhere, change it elsewhere. As for methlabs.org, the safest course of action is probably to wait and see who the good guys are before typing any passwords in, old or new.

http://www.slyck.com/news.php?story=913

Methlabs Update

September 16th, 2005 by Administrator

"Dear Methlabs and P2P Community,

Recently, we had several former staff members revolt against the entire P2P community as a whole. They tried to sabatoge Methlabs and attempted to wipe the Methlabs server of all its data.

Unfortunately, they gained access to site backups. In doing so, your passwords may have been compromised, although they are MD5 encrypted. We would like to you login to the Methlabs forums (http://methlabs.org/forums/) and change your password. We sincerely apologize for this issue. As of right now, the Methlabs site is back online, although forum posts from the past month have been lost.

Since all the data was stolen by former staff members, YOU MAY RECIEVE FAKE EMAILS that look like they are from Methlabs. If they do not come from the Methlabs.org domain and from our email servers, DO NOT BELIEVE THEM.

We assure you that Methlabs development will continue, and ALL OFFICIAL PROGRAMS MUST be downloaded directly from Methlabs.org . Assume that all other sites contain spyware or malicious code which may not be directly trusted.

To update everyone on the current situation, there has been some news going around the Internet of a revolt which happened in Methlabs. This is hearsay. The current real news is that PeerGuardian development and Blocklist development is on schedule, and Blocklist should be out of Beta within the next week or so.

Please spread the word that Methlabs.org is ALIVE and DO NOT believe or TRUST any emails that do not come directly from Methlabs.org and our mail servers. These emails are from disgruntled staff members trying to hurt the P2P community as a whole.

We apoligize for the current situation. Please visit http://methlabs.org/ for OFFICIAL updates, and help us spread the word!

- The Methlabs Team"

http://www.slyck.com/news.php?story=913

Methlabs Update

September 16th, 2005 by Administrator

"Dear Methlabs and P2P Community,

Recently, we had several former staff members revolt against the entire P2P community as a whole. They tried to sabatoge Methlabs and attempted to wipe the Methlabs server of all its data.

Unfortunately, they gained access to site backups. In doing so, your passwords may have been compromised, although they are MD5 encrypted. We would like to you login to the Methlabs forums (http://methlabs.org/forums/) and change your password. We sincerely apologize for this issue. As of right now, the Methlabs site is back online, although forum posts from the past month have been lost.

Since all the data was stolen by former staff members, YOU MAY RECIEVE FAKE EMAILS that look like they are from Methlabs. If they do not come from the Methlabs.org domain and from our email servers, DO NOT BELIEVE THEM.

We assure you that Methlabs development will continue, and ALL OFFICIAL PROGRAMS MUST be downloaded directly from Methlabs.org . Assume that all other sites contain spyware or malicious code which may not be directly trusted.

To update everyone on the current situation, there has been some news going around the Internet of a revolt which happened in Methlabs. This is hearsay. The current real news is that PeerGuardian development and Blocklist development is on schedule, and Blocklist should be out of Beta within the next week or so.

Please spread the word that Methlabs.org is ALIVE and DO NOT believe or TRUST any emails that do not come directly from Methlabs.org and our mail servers. These emails are from disgruntled staff members trying to hurt the P2P community as a whole.

We apoligize for the current situation. Please visit http://methlabs.org/ for OFFICIAL updates, and help us spread the word!

- The Methlabs Team"

That's supposed to be legal. Well we could apply the same logic to bittorrent/eDonkey etc, Somebody broadcasts it and we time shift it. As long as your not selling/redistributing the product for profit your on firm legal ground. However the programs being what they are they do distribute outward as well. So your best defense is Peer Guardian. You know what they say; No Cop No Stop.

I tried methlabs' http://methlabs.org/projects/peerguardian-linuxosx / but it almost brought my box to a grinding halt while loading some 18.000 rules into iptables. After that the box was virtually useless as the load average was around 20.0!
The blurb on the methlab site advertises a very low CPU usage, but that's obviously only for the PG software itself as all the work seems to be done by iptables... YMMV.

but its a video right? Be careful! the XXAA might be watching!

download peerguardian here

Makes enough sense. But, that is the exact opposite of what the agreement says when you install it, right?

Actually, I noticed that after Service Pack 2, you needed to download a new version of Windows Update, just do download the updates. Is this "new version" just French for "new, more imposing license agreement?" That would probably be the best way to change the contract terms without drawing much attention to the specific change.

Anyway, what I'm more so worried about is if they start squealing if you have pirated versions of AutoCAD, MATLAB, etc. Cause believe me, even at a 'discounted price', you still cannot afford those. Of course, in any other industry, if any company started pulling this crap, all their customers would simply switch to a competitor. Sigh.
Oh well, I think I'll just stop downloading Windows Updates. I actually haven't updated my system since last fall, and haven't been running Antivirus in quite some time. Good old trusty Peerguardian 2 has been keeping me afloat for these last 10 months. Long live the king!

look this http://methlabs.org/forums/showthread.php?t=12918

i am handling slashdot alone please, let's move the discussion here http://www.methlabs.org/forums/showthread.php?t=12 902

i greatly appreciate your understanding, arkady

So BitTorrent is to blame for this one? Just out of curiosity I looked at Emule and it had roughly 900 sources sharing or downloading. I did not download it (i'm not a SF fan), I just wanted to test my recently installed PeerGuardian, which indeed showed a highly increased activity.

BitTorrent was never designed to anonymize

For help with that... try this

anyone know if this is actually effective?

The HOSTS file from that site is 210K, and they suggest shutting down your "DNS Client" service on win2k to avoid slowdowns because of the size of the file. They say "the above "Service" is not needed".

Once upon a time, I maintained a huge hosts file...until I discovered that when Windows paused for 30-60 seconds every hour or two, it was a result of the enormous hosts file. Just like you, I found people suggesting that I disable the DNS Client service; but just like you that was not an option for me due to programs that relied on that service.

My solution? Empty out your hosts file and grab Peer Guardian Lite and use whatever blocklist you want. The PeerGuardian guys maintain a nice set of blocklists here. PGLite blocks the connections just as effectively as using the hosts file, and it does so with next-to-zero cpu time.

BTW, I use Opera and it rocks. No popups mentioned in this article, or any test sites pointed to from posters have yet to pop-up on me. Just set Opera to "Block unwanted popups" and browse away. :-)

The HOSTS file from that site is 210K, and they suggest shutting down your "DNS Client" service on win2k to avoid slowdowns because of the size of the file. They say "the above "Service" is not needed".

Once upon a time, I maintained a huge hosts file...until I discovered that when Windows paused for 30-60 seconds every hour or two, it was a result of the enormous hosts file. Just like you, I found people suggesting that I disable the DNS Client service; but just like you that was not an option for me due to programs that relied on that service.

My solution? Empty out your hosts file and grab Peer Guardian Lite and use whatever blocklist you want. The PeerGuardian guys maintain a nice set of blocklists here. PGLite blocks the connections just as effectively as using the hosts file, and it does so with next-to-zero cpu time.

BTW, I use Opera and it rocks. No popups mentioned in this article, or any test sites pointed to from posters have yet to pop-up on me. Just set Opera to "Block unwanted popups" and browse away. :-)

I had to disable PeerGuardian to get the world community agent to work. Has anyone else had this problem? Does anyone know if IBM are helping out the Evil Empire, or whether this is a mistake in Meth Labs' anti-P2P blocklist?

http://www.bayden.com/SlickRun/
goverment protection http://methlabs.org/methlabs.htmsercurity

tools http://www.insecure.org/nmap/nmap_download.html http://www.bluetack.co.uk/
http://www.snapfiles.com/get/activeports.html

thats it for now
should have clicked preview oops..

Protowall - Security http://www.bluetack.co.uk/
Peer Guardian - Security http://www.methlabs.org/methlabs.htm

Good luck!

Have you tried using PeerGuardian? I would probably be kind of suspicious if I got a message like that while using a P2P program, but maybe worth a try if you happen to use WinMX again.

PeerGuardian is what you are describing. It has multiple blacklists, including Spyware/Malware IPs.

PeerGuardian is what you are describing. It has multiple blacklists, including Spyware/Malware IPs.

Slashdot has a genuine misunderstanding of the piracy network that exists. There are groups dedicated to cracking and releasing software, games, and even ebooks. There are websites dedicated to listing checksums which let you search for legitimate copys of the releases on the filesharing networks. None of this requires you to be "Elite" or "In the know." Pirating couldn't be easier with the anti-RIAA/MPAA/Government protection measures made by other people just a few searches away. As much as people think every download is monitored, every file is tracked, it simpily isn't true. Bittorrent, the much vaunted transfer method, is not secure, but Edonkey can be made relativly safe.

Edonkey
Sharereactor, a libary of edonkey links
Methlabs, Peerguardian's homepage, protects from MPAA/RIAA etc
Bluetack, home of the Blocklist Manager, keeps Peerguardian updated

With these you can find almost any book, any game, any program, virus free and not have to worry about getting a letter from your ISP. It's not perfect, but it's certinally better than bittorrent, and it isn't as hard as most people on slashdot think.

And that's just one of the reasons why my BT client is configured to not use 6881-6889.

Configuring your BT client to non-standard ports will work to keep you under you ISPs radar if your ISP monitors traffic over common P2P ports (they could still catch you if they were looking, but you would be a *tiny bit* less conspicuous).

The nature of how bittorrent works is FAR from anonymous and like I said in the list, if someone interested in enforcing intellectual property laws joins a torrent that contains illegal files, and invokes "netstat -an", you're gonna show up on the list of ips in the torrent regardless of the port you are using (it's just the way BT works)

If you want to bump up your level of safety, you can try an IP blacklist.

For those interested, PeerGuardian is here.

heh, yeah I received one too for sharing an episode on bittorrent!
What I find absurd, it's that I do not live in the US and Stargate Atlantis was not (and is not) playing here yet! ;)

I already received another bot letter from Paramount Pictures for sharing a movie of them on edonkey a year ago.

I did not stop using p2ps, I just use them in a smarter way.

Only bittorent, they can't browse what you share, just see it if you download/upload it from/to them, and I use mldonkey with "Guarding for mldonkey", which is an IP blocker to stop rogue connections.
Like Peer Guardian on Windows.
No email from a firm that check for movies yet! ;)

the likes of programs such as protowall and peerguardian, both of which have huge active communities constantly updating IP block lists, blocking all the p2p evils out there like bayTSP and other monitoring agencies.

A huge amount of p2p clients (most kazaa lite buids, azureus, one of the most popular bit torrent clients) have methods built in to support these block lists, and are turned on by default.

We are still cleaning up and testing to ensure that the infection does not return. We did discover that we had several machines throughout the organization that had various spyware and other downloaded games and programs. One that stands out and may well have been the entry point for the worm is the ARES P2P program.

Sounds like p2p is only one of many potential culprits in this case. From prior experience, I'd be more inclined to blame spyware programs which are deliberately designed to socially-engineer users into compromising their own systems.

Once you've got spyware running, the security of your system becomes dependent on the integrity of spyware creators who have already passed the ethical brightline of coercing users to install their product through either dishonesty or direct exploits.

The content that can be reached via P2P software poses some degree of security risk in untrained hands, but that risk is miniscule compared to the mind-boggling insanity of discounting the danger of spyware which has gained access to your network without necessarily even being intentionally placed there by a user. If spyware is running, the system is compromised. End of story.

...and that's why I run PeerGuardian Lite with the malware/evil only blocklist and Spybot S&D in active-protect mode on my system and anywhere else I have access to. You should too.

If you can not pay for court expenses, at least make sure you install PeerGuardian or Protowall or make sure that at least you have a firewall to drop the ip ranges of anti-p2p organization.

It looks like this user was using bittorrent. If you are using bittorrent, the only client you should ever use is Azureus. Once you have Azureus installed, also install the Azureus SafePeer plugin. This will download the latest ip addresses from PeerGuardian which moved to a new address. This should help keep unwanted users out of your box.

Second, my list. Almost all of my favorite programs are already mentioned in the +5 posts, so I won't list them all (there are a lot). Here's what's left of my top 25 or so programs I definitely install on a fresh Windows reinstall, in no particular order. Everything is free, unless otherwise noted. I don't think any of these are open-sourced, though.

• ObjectDock - OS X's sexy toolbar that expands when you mouseover is now available for windows, too. Tons of useful plugins available, such as a weather tracker and system monitor.
  
• Yz's dock - no link for this one because Apple killed it with a C&D letter. Same basic concept as ObjectDock; marginally better IMHO. If you really want it, google for yz_dck0083.zip.
  
• StyleXP - I can't believe no one's mentioned this one yet. Windows skinning, anyone?
  
• Crimson Editor - yet another lightweight (i.e., fast) file editor with extended functionality such as automatically coloring source code files.
  
• MetaPad - extremely lightweight file editor, a replacement for notepad.exe.
  
• Sothink SWF Decompiler - good for when I want to grab an image or sound out of a flash file.
  
• Google Toolbar - yes, it's created by Google, the next Big Brother, but I like the pop-up blocker, and the privacy issues are moot if you take the time to uncheck one box.
  
• Middle Man - for people like me who still use AOL's bread-and-butter AIM client, this is a great unofficial plug-in. Removes ads and adds a ton of new functionality.
  
• Peer Guardian - another biggie that I'm surprised hasn't been mentioned before. Blocks the RIAA and its ilk from connecting to your machine.
• Total Recorder - (shareware/demo) captures all audio output and logs it to a wav or mp3 file. Good for stream ripping.
  
• NetLimiter - (shareware/demo) limit your maximum upload/download speeds, optionally on a program by program basis. Some firewalls already have this functionality, though... but not all.
  

From what I've seen of the logs, certain companies make sweeps of p2p networks at semi-regular intervals; if you do not block some of these connections then you are going on a list, somewhere. Kazaa Lite will not mask you (think packet sniffers here). If a 'vigilante' connects to your machine and downloads part of an illegal file, you are potentially Busted with hard evidence. So wisen up, protect yourself, and let the unlucky stupid get caught.

===---===

I've said it before and I'll say it again... Please don't disable sharing on Kazaa or other networks. It degrades the quality of the network and makes you a leech, and many people will simply refuse to let you download from them because you're not sharing anyway. If enough people refuse to share, the network becomes *useless* because nobody is there from which to download. It kills the point of peer to peer file sharing.

If you're looking to be protected from the RIAA, there are other ways to give you a layer of security. Kazaa Lite K++ (download at OldVersion.com, v2.4.3 is likely the one you want) includes an IP Blocker extension built on the PeerGuardian database of blocked (read: RIAA) IPs, so the RIAA under normal circumstances cannot scan you. Admittedly it's not perfect, but it's better than using the spyware-filled, vulnerable official version.

4) Learn about and use additional tools that may be useful for blocking "enemy" scans of your system.

Something like Peer Guardian

From the site:

PeerGuardian is a simple P2P-enemy blocking program. It was initially just made for a few friends on XS.

It has aggression control so users can control the CPU versus their connection (dial-up users can use it with 20% aggression) and works in conjunction with the PG IP Database, an on-line database of P2P-enemy IP addresses which users can submit to, vote on submissions or add comments on existing ranges. Latest version is compatible with the 'Bulk Update' feature of the WWW-based PG2-IP-DB.

PeerGuardian is freeware.

There is an interesting review of Peer Guardian that also highlights some interesting points regarding blocking "enemy" IP scanning.

From the review:

"PeerGuardian blocks out known IP ranges used by MediaForce, MediaDefender, BayTSP, Ranger, OverPeer, RIAA, MPAA & NetPD by default," says Method on the app page."

Also, the PeerGuardian site also has a listing of "enemy" IP's that is updated periodically (not sure of the frequency).

sounds like a good time for Peer Guardian

after the horse has left, but for what it's worth, there's Peer Guardian, which uses a constantly updated list of IP addresses which have been declared "bad".

You can still share with a little less fear thanks to PeerGuard which allows you to block selected IP's from connecting to you.
The program comes with IP's from the RIAA and MPAA preinstalled, but you can always add your own.

Here. Good program to block these IP addresses and will work for any Windows P2P clients. :)