Slashdot Mirror

Ah, finally we hear the voice of the Cult of $cientology, as filtered through one of their loyal members. At least it's better than all the 'Natalie Portman' sporgery that's been going on.

Well, duh! The Catholic Church and the German State are, of course, quite innocent of such motives; the Inquisition and the NAZI (most regrettable) excesses didn't really happen.

Well, duh! yourself. Please remember that those happened years (at least 50) ago and aren't really relevant to the issue at hand. Then again, if your policy is "allways attack / never defend", I guess it's more important to you to hit back than to make your arguement relevant. If relevance is an issue, the Cult of $cientology has been busy much more recently with such things as Operation China Shop, Operation Orange Juice, Operation Funny Bone, Operation Freakout, Operation Snow White, the murder of Lisa McPherson (as well as many others), and far too many other acts of pure evil to mention here (but that you can find here). And while were on the subject of $cientology and the Nazi-ism (you brought it up), don't forget to look here.

At least the Scientologists put out a good product

Matter of opinion. I've used both Diskeeper and Norton Utilities. It's my opinion that Norton Utilities is a much better product. I think it's pretty clear where your opinion comes from.

waged their war for the planet by reason and by legal means

Haha. Yeah, right. 'Reason'? From the people who brought you Xenu (Galactic Overlord of Distinction). And 'legal'? It sure doesn't look that way from where I'm sitting. Once again, what about Operation Snow White etc.?

for the real betterment of humanity

I think these people would disagree. Too bad they can't in person because they're dead.

Every organization screws up from time to time.

Thank god the Cult of $cientology screws up from time to time. Think of the evil they could accomplish if they weren't so incompetent.

But Scientology's screw-ups have been strategic rather than morally flawed.

Um. No. Maybe by the Cult of $Scientology's own special definition of ethics, but not in the real world. Once again, look at Operation Snow White etc.

Whatever you may think of proprietary religion, it is certainly no worse than proprietary software

It is when it kills people. And no, we don't like proprietary software around here either. Choose your arguements more carefully in future.

Scientology is not a threat to democracy.

Not while the Cult of $cientology can use the tools of democracy to press it's own totalitarian agenda. Once they do get control, though, watch out! The Germans have special experience with totalitarianism, and they know it when they see it.

Although Scientology admits to a plan for world domination, so does a certain cabal of OS programmers

But when we say it, it's a joke. When the Cult of $cientology says it, they mean it. Personally, I'd much rather have Linus in charge if I had to choose. And judging from how it treats its own members I'd have to say the Cult of $cientology is my last choice.

"Battlefield Earth"? I loved it. So did my 12 yr old son.

Really? I thought it kind of sucked. Well, actually I though it really sucked. I would think the average 12 year old would have better taste. At 12 years old, I was reading (and enjoying) Heinlein.

Oh, and before you start branding me as some anti-religious bigot or pawn of the anti-$cientology movement, don't. I like most religions. Comparative theology is one of my hobbies. $cientology is just one of the many religions I've studied, and not even the most evil one at that. It's just currently on topic.

What do you use your internet connection for?..... It seems that you dont know anything about them... Research, research, research first....... Click here to see the light...

No they're not! There's some troll on noew claiming that a load of linux developers are scientologists... They're not! He's just making it up. Ignore him... www.xenu.net

A couple bunch of cocksuckers and motherfuckers...
Click here to know more about this suckazz

They did. But today they would be forbidden.

At least the Scientologists put out a good product and, for the most part, have waged their war for the planet by reason and by legal means, and for the real betterment of humanity.

Ha! I see ! You are joking.

(See also www.xenu.net (1) for information about the CoS).

That's true. But by definition a disk defragmenter can (must) access any single file on the filesystem, and the applications are not to be running (so it can change anything silently). If your chess programs tries to open /etc/lilo.conf and then makes a read+write of your /vmlinuz, you can strace it and catch it. And you are not expected to run it as root anyway. But if it is a defragmenter program, then it is expected to run with full privileges for read/write on the entire disk, and if it changes the content of some random file, you'll have a hard time catching it.

t's hardly likely to be in Windows2000, do you really think that Microsoft would risk that kind of liability for the CoS?

I don't know. It was just pointed that the "defragmenter" is the best place to put a trojan that could run for years unnoticed, not that this is actually likely to happen.

Why don't you try spreading your FUD somewhere else?

The problem is not about Microsoft. It is about Microsoft using a product that will have free access to maybe 5% of the entire content of all the hard drives of the planet , a product coming from a company related to the CoS which is known for 1) targeting at making the most money possible ("More money, more money, more money"), 2) suing and harassing anyone who dares to say anything against them, 3) infiltrating any organization 4) have so ridiculous "belief/ves", that most of its dirigeants must be dishonnest (see http://www.xenu.net/).

Yes it can happen with Linux, FreeBSD, ... but then you'll have the source code, so the trojan could be found, if you want to check for one.

The Co$ is pretty much a terrorist cult that uses money, lawsuits, and worse to silence opposition. They basically prey on weak minded people and exploit them for money, work, you name it.
Basically, they are a corporation pretending to be a religion to get tax breaks. There are lots of sites on the net dealing with these people, the largest of which is Operation Clambake. An interesting note is that the Co$ distributes internet software to it's drones that have nearly all of these sites, newsgroups, and such filtered out.

Finkployd

I'm very fuzzy, but I seem to remember that LRH coined the phrase, referring to how cute and fuzzy squirels will steal nuts from people. Something like that. I talked to a few back when I hung out on alt.religion.scientology. They didn't seem like criminals to me, actually _most_ of them were very nice, just a little wierd. (There was one guy, Homer something that kept drawing me into flame wars.... :) )

A bunch of them have banned together and formed a free society (the name of which I can't remember), that persues LRH's ideas w/o the oppressive leadership of the {ahem} Church. (They even liken them selves to the heretics during the Spanish Inquisition.

I think there might be more info on xemu.net , but I can't be sure.

RobK

Scientology isn't a religion, it's a cult, pure and simple. If you're willing to see the light, see here: http://www.xenu.net/

It seems that www.xenu.net is back up! No idea why...I started mirroring the remains about an hour ago and just noticed that index.html is up again! Hrm...go figure...

--

This software, described in http://www.xenu.net/archive/events/c ensorship/ (www.xenu.net is back on the air BTW), has been variously dubbed 'clamnanny' or 'scienositter'. It only works on Windows systems and is believed to be a purloined copy of CyberSitter (who's owners denied any knowledge of it). Co$ members had it slipped into their systems under the guise of a tool to help them create personalised web pages - as part of a larger attempt to create so many 'scientology' web sites that the critical sites like xenu.net would be drowned out in the search engines.

I was one of the scientology critics that cracked the encryption on the work lists (with help from some of the other anti-censorware people) and produced the list of words and names that are banned. Who knows maybe slashdot will be on the next list :-)

This software, described in http://www.xenu.net/archive/events/c ensorship/ (www.xenu.net is back on the air BTW), has been variously dubbed 'clamnanny' or 'scienositter'. It only works on Windows systems and is believed to be a purloined copy of CyberSitter (who's owners denied any knowledge of it). Co$ members had it slipped into their systems under the guise of a tool to help them create personalised web pages - as part of a larger attempt to create so many 'scientology' web sites that the critical sites like xenu.net would be drowned out in the search engines.

I was one of the scientology critics that cracked the encryption on the work lists (with help from some of the other anti-censorware people) and produced the list of words and names that are banned. Who knows maybe slashdot will be on the next list :-)

PS: No, I do not have to change my metatags, seems like they bought the argument. :)))

Best wishes,
Andreas Heldal-Lund
heldal@online.no
http://www.xenu.net/

http://www.xenu.net/images/

Maybe other parts too?
--
AC

Hello,

I've been involved with computer security for over 10 years and currently am a developer for a commercial vulnerability scanner and intrusion detection system. I also produce a set of free tools that help secure Unix hosts. I say this as a brief introduction to my qualifications, not as an ego booster. Regardless, I have some comments:

Using CT, how easy or otherwise is it to bring down or attack vital systems?

This question is difficult to quantify as every organization has a different definition of what is "vital" and what is not. Since attackers typically do not know this information, they make it their task to break into every system they can on a target network and see what looks interesting. Even worse, focused attackers may actually plan what sub-systems they want to control and may have different objectives that fall outside of what someone may deem "vital."

For instance, a bank may assume their electronic funds transfer system is the most vital system to protect, but a terrorist may only want access to the financial records of persons or groups that are the bank's customers. This may not even involve destruction of data (which is what most people think is the end goal but isn't always), rather the pure information which is often much more valuable than simply destroying random records. Reconnaissance attacks like these are difficult to stop but extremely damaging. In the case of the bank, the terrorist may simply choose to track sources of funding based on deposit records to harm the person or group who is the target. In a situation like this, going into the bank to destroy the information is only a temporary setback and will raise attention. Why completely destroy a valuable point of information gathering by doing something silly like disrupting operations? It's rare that a single offensive has any lasting effect, you must attack from different levels and leverage all available resources for maximum impact. Only dispose of resources that you need to.

What sort of skills would be needed to do so, and are they common/teachable?

The skills are easily teached and commonly available. Anyone can learn to hack systems it is not hard and the people who deface web pages are not "computer geniuses" (as commonly portrayed), they just know where to look for the exploits. As with any information, exploits can be used for good or bad. Personally, I don't distribute attack code and probably never will.

There was a time (back in 1994-95) when I ran an extensive exploit archive on a low-bandwidth connection. The archive contained quite a number of useful tools, attacks, dictionary lists, etc. and was publicly available, but not advertised. It came to be one evening that I discovered a lot of activity on my MODEM (a lot of download activity). I looked at the server logs and caught a system from scientology.org that was mirroring my *entire* archive. For the un-initiated, Scientologists are an extremely destructive group and their intentions are rarely good (see http://www.xenu.net). I immediately unplugged the MODEM and took the archive offline. Since then I have refused to contribute to the problem by distributing attack code. It was an interesting lesson, one that taught me that some information needs to be *earned* and not just *given away*.

If this story doesn't send chills down your spine I don't know what will. There *are* groups of people who are gathering this information for purposes unknown to anyone. They are *surely* not out to deface websites, but you can be certain whatever it is they are up to is not good. People need to take more seriously the consequences of their actions when they release code that makes it easy for anyone to compromise a network.

Commercial-off-the-shelf software: can it really do CT?

I'm a developer on a vulnerability scanner called NetSonar. It is a COTS vulnerability assessment tool from Cisco Systems, Inc (I speak for myself, not my employer). I can say with fair certainty that these tools are not ideal for "cyber-terrorism" because they are designed with a different purpose in mind. For one, they are very "noisy" on a network during a scan because they are literally trying hundreds of different attacks and consuming a huge amount of bandwidth. From our experience, even totally clueless admins will probably notice a problem if any of the commercial scanners are used just because they are so incredibly hard on a network (causing errors, crashes, performance problems, user complaints, etc.). Also COTS tools aren't designed to gain remote access to a host as much as they are to tell you that someone *could* gain access to a host if so inclined. This is a significant difference because most scanners don't provide purely automated access mechanisms. In otherwords you still have to work a little once the scanner has found a hole. In most cases you need to run a third party exploit to gain access. If this is the case, why not just run the attack to begin with and see if it works to get in? Using a scanner is just another step you can eliminate as an attacker. This is what most intruders do: Blindly run an attack and see if it works. Unfortunately network security is so bad that this is more than enough. Now there *are* tools that exist that would be wonderful for offensive operations, we even have some ourselves that our consultants use. These tools are made to be quiet, quick, and targeted. They facilitate remote access, but that is what they are designed to do from the beginning. Tools like this exist in the underground too and will surely find a wider distribution in the next year or two.

Which systems are actually attackable?

Assume anything you have connected to a network is attackable, even if not immediately obvious why a person would want to attack it.

Can a recovery be made from such attacks?

Of course. It depends on what your backup and recovery strategies are. It is very hard to remove an attacker from your network once they gain access though. There are simply too many ways for them to dig in and spread. The best way to recover is to not let the person in to begin with. This is cliche, but true. Most times you'll need specialized personnel to help you recover from a bad infestation, even then there are no guarantees.

Is it likely to improve/get worse?

It's going to get worse. The software industry is introducing new code and new bugs everyday. They even manage in re-introduce old bugs solved years ago. Additionally, the industry still relies on antiquated languages such as C and C++ to do mission critical and general purpose coding. These languages are incredibly dangerous for most programmers and promote bugs and vulnerabilities through a lack of internal protection mechanisms. Bad code can be written in any language, but C and C++ are especially *good* at promoting *bad* code. As the Internet becomes an indispensible part of everyday life new programs (and attacks) will emerge that provide new opportunities for abuse. This is the problem for any technology and is not unique to the Internet.

What sort of preventitive work would you recommend them to carry out?

For one, take security seriously. Few organizations take security seriously until they've been compromised. At this point it is very hard to recover and truthfully you never will know you got rid of the problem. COTS vulnerability scanners, Intrusion Detection, anti-virus products, and maintaining current on patches for operating systems and application software are all critical. These four areas alone can stop most all hackers cold.

-- Craig

http://www.psionic.com

Exactly. Western Europe/Scandinavia is much more liberal in its culture than the puritanically based U.S., but the one reason I still like this country is the First Amendment.

Every time I read about the limits of free speech in England or the limits of free religion in Germany (despite the evilness of the Church of Scientology), it makes me realize why I put up with the Religious Right in this country. I know that even with their current power, it'll take a LOT for them to topple that First Amendment, and in the long run, basic freedoms are far more important than current liberties.

I mean, sure, they're making more sense now by allowing pot (i.e. Netherlands) and whatnot.. but what about when my beliefs fall under the few things they find unacceptable?

Of course this sets no precedent in the US ... but you may never know when you're pointing to a site that happens to be situated in Holland and find yourself under their juristiction (where's the /. server for example - anyone know or care? maybe we would if one state in the US created such a precedent in a state court).

For more information on the (now very long running ) Scientology vs. the Net free-speech fight check out www.xenu.net [hint: it gets wonderfully funny at times such as when their lawyers are trying to determine the real identity of "Major Domo" so they can supoena him ... and when they discover that their opponents know of an FTP site that has all their secret files (ftp://127.0.0.1)]

Try this page out.

This web site is run by Scientologists!
This web site is not.