Slashdot Mirror
What Do You Think of Online Vigilantes?
gwoodrow asks: "I'm a member of the (primarily) Mac community Spymac. I originally joined for the 1 gb of email, but eventually found myself joining in on discussions in the forum. Today, I received an email from a supposedly anonymous Spymac member ("supposedly" because the smart guy didn't mask his IP). Basically, it said that he or she had harvested 10,000 member screen names/email addresses from Spymac's pages and that this, paired with the ability to view individual member's profiles, created a major problem because of the extent of information so readily available. The email this person sent out and the forum discussion that follow are available here. All cracks and personal opinion about Spymac aside, what do Slashdot members think of online 'vigilante' justice?"
"Some viruses are released with little notes within that say things like - 'this is why you need to do X or Y to fix your software' Some hackers have also gained infamy by hacking a major system allegedly to help. Do you support such actions and why? Are virus/trojan writers, hackers, and spammers doing a noble deed or going about things in the wrong way? If you don't agree generally, are there exceptions when online vigilantes are fully in the right? Is the accessibility of vulnerabilities a good excuse to partake in such actions, or should there be ethical bounds regardless?"
Please don't hack my computer at 127.0.0.1. Thanks!
Are they good or are they whack?
pretty funny actually.
Report it to the authorities. Alternately, post the info here on /. and then don't worry about it. Somebody will do something, and it won't be you.
Lasers Controlled Games!
no problem. They help by pointing out vulnerabilities as long as they don't actually exploit them to do harm to whoever.
wannabe mafiosos always click this link
your friendly neighborhood Spider-Mac!
"Dave, I stand still--the conclusions jump to me!" - Bill McNeal, NewsRadio
My take is that vigilantes should not do any damage. Poking around a system, finding a vulnerability and then reporting it to the responsible party (not immediately to the public) is ok in my book. Instead of mailbombing your enemy, use social tactics to discount/disprove your enemy's arguments. Oh, and first post! :)
to show you how much you need a deadbolt.
yeah, no, that sounds like a bad idea.
This is like me punching someone in the nose and saying "Why didn't you take karate lessons, for crying out loud? It's your own fault it's so easy for me to punch you. You should consider this assault a personal favor."
Am I part of the core demographic for Swedish Fish?
is probably just a flamewar where the stakes are much higher. Yeah, most criminals like the one you mentioned are pretty stupid, and if they try to strike back at all, it will be pretty lame. But for every 99 morons, there is 1 professional.
I dunno about you, but I personally would not be willing to piss off the Russian mob unless absolutely necessary...
Until you take anonymous proxy servers into consideration. ...then it all just goes to hell.
Why is it people expect to be anonymous online still? If you want to interact with people and have them know your name, birthday, address, etc then that's up to you. However no one is stopping you from using a fake last name/address/bday and still interacting on the same level. Why is it people put personal data in obvious places, and then get mad when someone shows how easy it is to discover that data.
Discovering weaknesses is good. Exposing them publicly without giving the vulnerable company time to fix them is bad.
Welcome my new vigilante overlords. I have to since they are blackmailing me for hosting midget pr0n.
You could easily do the same with Yahoo usernames (example, insert @yahoo.com after every username) and profiles or any other system based on the same scheme. Not impressive, since it is just collecting freely available information. It does raise a good point, barely, that people should be more aware of what they release in terms of information. As even want-to-be script kiddes like this individual can see.
My opinion has always been that if you stumble across somthing, then you should absolutely tell those that need to know, and NOT the general public (at the very least, not until those responsible have had a reasonable chance to repair whatever the problem was). However, purposely breaking in to private servers to show how much they need to beef up security (or similar such actions) is tantamount to breaking in to someone's home to show how bad their door locks are; it's breaking and entering, and it's a crime. If you want to do penetration testing, you really need to get permission from the owner before they start tearing in to their system.
NO - that's not ok. How is the victim (i.e. the one 'visited' by the vigilante) to know that the vigilante just poked around and didn't leave any nasty things behind? Who's to say it actually was a vigilante and not, say, a competitor faking to be one? General security best practices say: if a system is compromised, rebuild. Rebuilding systems cost time. Time is money. Vigilante actions result in monetary damage. It's not ok.
What do people on Slashdot think of sites like Vigilante Justice? Are they really protecting kids, or just entrapping people? Or a bit of both?
Because it seems like you don't. A vigilante is someone who tries to bring people to justice by working outside of the law. The key here is that they are doing something which they belive is moraly right.
From your description, it sounds like someone just... grabbed some published information and started threatening people with it. There's no indication in your writeup that this person was even trying to do something 'good'.
autopr0n is like, down and stuff.
That's no vigilante. What he/she does with this information could make them a vigilante. Generally the definition of vigilante requires that some crime be committed, and that the labelled punish it. Right now, this user looks to be just a responsible member of the community.
Reading further, I guess this email is annoying, but not really illegal. I wouldn't say that the definition of vigilante is (yet) warranted from anyone's actions so far.
funny munging
Although I tend to side with the vigilantes on most occasions, I believe actions like these should be judged on a case by case basis. The actions should be genuinely taken in good will and not for any form of personal profit. They should only be resorted to after reasonable attempts to spread the information through proper methods and channels, much like the issue of full disclose of potentially dangerous bugs and exploits.
How the fuck is this being a "vigilante"? Vigilantes run around beating up bad guys, often because of some tragic personal history. They work a bit outside the law themselves, but generally do not wish to harm innocents, only bad guys. Think "Batman" and you've got it.
This is just a guy who found a hole of sorts and decided to report it in a kind of stupid but not terribly harmful way. A mildly incompetent "white hat" hacker, perhaps, but no vigilante: he's not running around from website to website trying to "hack bad guys" or some bullshit like that.
In todays cyber culture, there are a variety of ways to look at so called vigilant justice. No one, and I do mean no one, would like there systems security to be comprimised, especially if it holds data that can be deemed confidential. On the other hand, it seems cruel to impose jail sentances on people like the recent example of Adrian Lamos. All these people are trying to do is make our confidential material safer. This brings up the White Hat/Black Hat debate. No matter what side of the line you sit on, you should be able to see the other sides points. I have personally sat on both sides of the debate, argueing in favor and against the hacker community. The problem that occurs is that there is no real awnser to the problem, and the laws are so weak and open to debate that it is pointless to look for a specific precedant. In conclusion, we as humans tend to point fingers like two year olds, and like we were then, the problems are usually unsolved. Just be careful, most of us have watched technology evolve, and we know how fragile it can be.
Reminds me of my proof of concept program I wrote for Slash.
Basically, there's a finite number of address obfuscation, and those are easy to find out - so all the program does (very slowly, to get past the checks) is de-obfuscate the email addresses, and puts them in a database along with UID, username, and info from the bio, etc.
It was quite trivial to do, offers up a highly targeted email list, and works on anything powered by Slash. And for all those k5 fans, I have one that works on scoop too. Next up - post & phpnuke ones and a phpbb/vbulletin suckers. Once I'm done I plan on writing up a little expose about it all - especially when you realize that:
A. People tend to actually post their real email addresses on these sites due to the supposed protections offered and
B. The overwhelming amount of websites that run these CMS - it's over 50%.
Working via proxies and multiple clients it would be very simple to put together lists that are more targetted then anything seen before.
So remember - ALWAYS obfuscate your email yourself, don't trust a website! At the very least, use something like SpamGourmet.Com.
anyone who uses p2p apps should join up. they request that you only report websites and stuff, but ips and timestamps are probably fine. all the reports are forwarded to the appropriate law enforcement agency.
Problem is, without downloading it, how do you tell what's child porn? Don't tell me you can tell by the filename, because you can't. There are people out there who label ordinary stuff as child porn. I don't know why, maybe because that makes more people download it (??).
And if I had downloaded some, I'd delete it quick and not tell anyone, just in case. Call me paranoid, but too many people have got themselves in trouble by trying to help out lately.
Considering the lack of speed and sometimes lack of ability when it comes to investigating cyber crimes, on line vigilante's may be the only option. This type of behavior does 2 things.
1. It provides some deterrant
2. It forces law enforcement to step up to the plate.
Example? There is an on line porn site that has pictures of a girl, about the ago of ten having hard core sex with an adult. I found out because a domain I admin with a catch all e-mail was recieving bounces from this sites spam. I reported it. Nothing happened for a few days so I traced the actual source of the pictures to a freeserver. The pictures were removed in minutes, I continued to follow the sites from free server to free server until it stopped working (I haven't checked in a while).
I made that persons life more difficult and hopefully caused him to leave more "trails". Each free server admin I talked to said that they would save any logs that they had. Now why couldn't the police do what I did for the 2 weeks or so?
cluge
AngryPeopleRule
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Maybe I'll misbehave a little to get some "punishment" ;-)
It's either on the beat or off the beat, it's that easy.
I moderate therefore I rule!
--
In a field in which government intervention rarely produces justness, vigilantes similarly fail to do so, but in contrast to government intervention, vigilantes make the system stronger, not weaker.
There are 100 people in society.
2 people are brilliant.
20 people are greedy.
20 people are gullible.
10 people are opposed.
48 people are sacked with taxes.
5 greedy people beat up 2 brilliant people to keep them quiet.
5 greedy people convince 20 gullible people.
20 gullible people make noise.
48 people sacked by taxes are distracted.
48 working people convince 10 who are opposed to appease the 20 gullible people.
5 greedy people, 20 gullible people, 20 working people, and 2 who are opposed go to the polls and vote.
5 greedy people sit back, enjoy the show, and profit.
This guy compiling databases of online user info without the express written consent of the user falls into the 20 gullible people category. Or he falls into the 5 greedy people convincing the 20 gullible people.
+++ATHZ 99:5:80
I give shout outs and props to Anti-slash for all of their work. Special props to faker, he says things like I would.
CB
free ipod and free gmail!
Isn't being slashdotted a form of vigilante justice?
+++ATHZ 99:5:80
That is a hacker, and they are putting their skills to use in the wrong way.
A vigilante is someone who rights wrongs without authorization from the law. That would be like someone who breaks into the spammer's computer and rewrites their BIOS with the contents of their spam or something.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
If a vigilante gets in, whats to say that someone more malicious hasn't? If anything it saves the expense of not losing data or being charged when the system is compromised by a more malicious attacker. Yes you must rebuild the sytem, but considering that the "attacker" told you the system was compromised, its not as critical a situation as one where you suddenly discover the host is compromised and must be taken down immeaditly.
That's the point of the vigilante--if he or she can get in, that means someone else could have ALREADY gotten in and left things in there. If the vigilante can get in, then you already have to rebuild--it's just a question of whether you KNOW whether you have to rebuild. No point in killing the messenger.
Ebay has a problem with fraud. Especially in electronics/computer auctions. They do, in fairness to them, attempt to monitor and control fraudulent auctions, but clearly they are losing the battle. There has been an individual lately trying to sell the new Motorola V710 on eBay. (It's is as yet unreleased.) A number of people have determined that beyond using the regular channels, such as registering a complaint with eBay, they (or one person in particular) need to take more aggresive action and have managed to "guess" the password to the AOL account that the auctioner is requesting correspondance to. He made it clear a couple of times that he "guessed" the password, but didn't "hack" the account. Despite what I may think about auction scammers, taking the law into your own hands is foolish. You are opening yourself to civil and possibly criminal liability. Is it worth it? Doubtful. In today's paranoid security landscape, regardless of your intent, you could easily wind up being the scapegoat. Last I checked, any attempt to access a service which you are not licensed to use is a crime. ie, You can "scan" whatever you want, but as soon as you connect... BLAMO! Off to the slammer you go!!! A word to the wise.
It is very good to be looking out for gaping security hole. Pointing them out to the owners of the site is a very good thing to do. Broadcasting them to the world is not. If you find something thats really bad, email it to the owners of the site or post it using the sensitive issues procedures. We all would hate t oget blasted with spam or hacked because some evil person heard about a gaping security hole.
But, as soon as a fix is available, all the users of the site should know about the hole and what to do about it.
PS: I think that this may be a little (very) redundant.
Back in The Old West, when the law was too week or two thinly spread out to control outlaws and bandits, various towns set up secret societies known as "Vigilance Committees." They took the law into their own hands, arrested felons and, when they had to, they executed them. Their members were known as vigilantes, and that's where the term came from. Today, mailbombing or otherwise DOSing spammers is a form of vigilante activity. Finding the electronic equiviant of a broken lock on a door and shouting out to the world, "Here's where you can get in for free!" is just plain stupid.
Good, inexpensive web hosting
Vigilance, watching for problems that affect our community, and then telling the community about noticed problems is what is known as "civic duty". Using authorized access to community resources, then notifying the community that such access creates risks greater than they accepted, or expected, is a community service. Especially when that access, authorized by the community itself (eg. via a webserver), has subtler implications than are discernable to most members of the community (eg. non-techs). If we see something going wrong, it's our responsibility to tell people about it. That makes everyone safer.
Vigilantes do more than just find problems. They act on their information, using their judgement to change the problem, supposedly into a solution. But justice is a specialized process, like science. When unqualified people engage in risky acts with dangerous consequences, they expose the rest of the community to unacceptable danger. Looking for problems, and telling us about them, protects us. Acting on one's own, especially without telling the rest of us, creates risks as severe as, or worse than, the "problem" being "solved".
Eternal vigilance is no vice.
(with no apologies to Barry Goldwater)
--
make install -not war
While stopping child porn is a 'noble cause', how far do you take this? Do you report everyone that you see anywhere that does anything you don't approve of, today?
..
Do you go out LOOKING for violations of your morals so you can feel good about turning them in?
Hate to tell you but you also do things that others disapprove of, and are illegal somewhere.. Do you want to be next?
Unless you directly are confronted with a violation of the law, in your face, I say keep your nose out of others business.. Lest it be cut off your face
"but its for the children' , ya right.. you just want to be nosy and cant mind your own business. You get what you deserve...
---- Booth was a patriot ----
The guy that found this did everyone a big favour and ought to be congratulated, but sadly the spammers will be doing the same.
"Some hackers have also gained infamy by hacking a major system allegedly to help. Do you support such actions and why?"
Alright, and tomorrow I'm gonna go kick in my neighbors door. Followed by, "Hey guy, I think your house is insecure." Then I will design him a new bigger and badder door, and keep a key for myself. Do you think I should charge $125 and hour or $250 for this "service"
is SO not cat woman.
it'snot going to be a cat women movie, it's going to ba a crappy actreee posing in an awfull looking cat suit movie.
If I just want to see hot looking babes in latex, I'd go to google.
The Kruger Dunning explains most post on
Generally speaking, if there's not an overt threat of violence or massive infrastructure damage, and no money is stolen, you just can't get anyone in law enforcement to listen. This is why I don't have a huge problem with SYN flooding someone who's mailbombing your server until the mailbombing stops. That's just self-defense. If you keep SYN flooding after the mailbombing stops, then you're just attacking an arbitrary IP address that could now belong to someone else, or could have belonged to a (now fixed) zombie, or whatever else. That's reckless.
Law enforcement is trying to get a better handle on internet fraud, but there's so much of it going on and they have so few resources to attack it that vigilante efforts to stop or mitigate the attacks are about our only options in many cases.
If I shoot a gun at a guy who's robbing a bank at gunpoint, I'm probably okay with the law. If I pull out my gun, close my eyes, wave it around, and pull the trigger several times at random, I'm not okay with the law.
If I get a guy in a headlock to break up a fight, I'm probably okay with the law. If he walks away from the fight and I put him in a headlock then, I'm not okay with the law.
You're generally allowed to do things to people you wouldn't otherwise be allowed to do if they weren't committing a crime, but you have to be certain that you're not doing these things to innocent people as well. The internet makes that quite difficult at times. You also have to restrain your response to be proportional to what you're trying to prevent. "Imperfect self-defense" can often get murder reduced to manslaughter, but you still do time for it.
WARNING: there is a trojan on your
Just what private information did this person discover? he got information from a bunch of public profiles, how is that a threat to privacy? I don't really under the gravity of this at all, if you're stupid enough to put your home phone number, or address in the the eyes of the public it's your own damn fault... Btw, why can't you do the same thing with yahoo? i mean, how many @yahoo addys start with hornychick####? or 2hot4u16 through 2hot4u82... maybe somebody can explain to me why this is worthy of my brain power?
I have always had my suspicions about SpyMac. It's just too much eyecandy to be perfect.
Compare SpyMac: It's like the shiniest used car in the used car parking lot - you know the one that's usually a lemon!
Am I reading the parent right? Someone harvested SpyMac email accounts?
I've done a few editorial articles on my website about this very thing. One on SpyMac problems and prediction that this kind of thing would happen and then another on how the SpyMac Community really latched on to a recent vigilante justice story concerning a PowerBook.
You've Not Mail
AND
Scamming Scammers & The Scheming Scammers Who Scam Them Back
Not tooting my own horn, but these articles give a clearerer picture of SpyMac and the problems it poses.
Yell & scream & rant & rave... it's no use... you need a shaaaave ~ Bugs Bunny
First, I agree with you, if you mean that it's better to hear the news from a typical vigilante that to only find out when your most sensitive information appears in the hands of a competitor or plastered all over the net.
Second, that's part of a larger picture. If you get hacked by a script kiddee, and he only appears to get to your web server, the same questions apply. Are you lucky to get the wake up call from a mere website defacement insead of finding a trojan that's been sitting for months in accounts recievable? Possibly, but how do you know the intruder only got in as far as it first appears, and how do you know no one else better than him hasn't done more? I'ts all a spectrum, from a vigilante who really didn't screw up anything, to one who accidentally did some damage, to a web site defacement that's easy to fix and relatively harmless, to harvesting personnel information for head hunters, to harvesting customer information for spam lists, to the most serious crimes that can cost a company millions.
Anybody who falls victim to one of the less serious sorts can breathe a sigh of relief that it wasn't one of the worse ones, and for their blood pressure's sake they probably should, but they still need to think about what it implies about their chances the next time will be successful, and for worse consequences.
Who is John Cabal?
Now, on to my answers on the vigilante question:
The bottom line is it's a case by case basis.
If illegal activity is going on and it's a law that's usually enforced like KP or cyber-blackmail, a virus-writing IRC channel, or what-not, alert the authorities. If the authorities don't take action, write your lawmakers and cc the press.
If there are organizations that work to derail that type of crime, such as Symantec for viruses, alert them also.
As far as taking direct action against the lawbreakers:
Don't break the law to do it. Don't hack or DDOS their machines. DO report them to their ISPs to get them TOSsed off the net, DO alert the media if the situation warrants it. Do NOT tell people you KNOW are LIKELY to "take the law into their own hands" about it, as that makes you an accomplice, in the moral sense if not in the legal one.
But what if the person is just annoying and not breaking any laws? For example, trolls who post 100 flames a day to a particular newsgroup?
If you can, just ignore him - that's what killfiles are for.
If that doesn't work, try to isolate yourself from him and alert others they should do the same.
If that fails, try slapping him around a little, but don't become annoying yourself:
If he's breaking his ISP contract, alert them. If he's doing it during work hours from his work computer, alert them.
If he's doing it from home though, don't bother his employer, they don't own his free time, and if they do take action against him, you could be on the wrong end of a lawsuit, sigh.
The bottom line:
Pick your battles, and be an adult about it. Get thicker skin if you need to. This is the Internet, it's not a place for 5 year old whiney kids who cry foul every time they get a "buy or product" solicitation in their email (even though we have EVERY RIGHT to cry foul :) ).
URL of the day: https://tips.fbi.gov
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Vigilantes are common where there is no effective law enforcement. This is not just on the web. In real-life, if there is no effective police force, people will grab a gun and use it to defend their home, work and friends and damn the law. People obey the law when they think it protects them and is fair. This is known as true anarchy. You could see this happening in the post-war looting in Iraq (and still today) where you had surgeons in hospitals wearing scrubs and totting guns. But it is generally true of any society. In crime-ridden areas where there is little effective law enforcement, people form gangs that enforce their own law outside of the proper legal system. People seek protection and order and if the law does not give this to them then they will take matters into their own hands. Hence vigilante actions on the web such as hunting people down are going to continue as long as there is no effective legal recourse that is easily and quickly available to everyone (such as dialing the police).
OTOH "vigilante" actions like writing viruses are a different matter. It's akin to street protests or graffitting public places with slogans. The first type of vigilante action is a matter of personal protection. The second type is to do with making a statement. Perhaps we should use as a yardstick the comfort level we have with street protests? When does a protest or making a statement go too far?
Didn't Pete Townsend ( The Who) get into a certain amount of trouble when his curiosity got the better of him? Vigilantism can result in unpleasant legal complications for the vigilante.
are servers of been compremised! ..the twinkie?
Time to turn on the hackerman signal!
Shines light of a diet coke and twinkies
[90 minutes alter]
I..puff...came..wheeaze..as fast...cough..as I could. Where's
ahhh, hackermenr, thats just the the signal.
WHat! no twinkie? stupid users...NI!
[Commisioner turns to police chief]
Damn, thats annoying.
The Kruger Dunning explains most post on
The internet is not centralized; there is no one central authority. It is like the Wild West. Good citizens keep to themselves and operate under common decency and common sense. But there are always some malcontents (spammers, virus creators etc) that feel they can do whatever they feel to whoever they want with small fear of retribution.
Some governments are just now awakening to the threats of these malcontents, and have passed laws against them. Of course, these laws are next to useless, because the net transcends international geopolitical boundaries.
So what is a decent net citizen to do? Nothing? Scream and cry until the lawmakers listen?
Until there is a real sheriff on the net, vigilante groups may be the only answer. Small groups of net-aware individuals who can root out the bad guys and administer some well-deserved justice. Some may call them net terrorists, but if they leave the good people alone, I would call them patriots.
Will the law go after these patriots? The law may turn a blind eye if these groups keep the peace. Besides, what can the law do to the net patriots that are trying to make things better when they can't even go after the malcontents?
I'm all for vigilantes, until we get a real sheriff in town.
My problem with these online vigilanties is that they would rather inform the public of these huge flaws then report them directly to the developers who can fix the bugs and save alot of people from trouble.
I understand that some do. Infact one of them works for me now. He reported a huge security hole in my program and I was able to fix it. Of course he had to first exploit it fully and then steal my script from my site... but after I tracked him down we became friends and I have learned so much about security.
If the developers don't want to listen then fine... Let the public know. But please contact the devs first. We care about our customers, and don't mean for our product to be flawed.
From what I hear, that person just took names from the forums and added @spymac.net. As noted by other people, you could do the same with Yahoo accounts. And, just like Yahoo, you could choose not to use the email, nor to enter any implicating information.
It doesn't really sound like vigilatism. I'd classify that message as spam, actually. It tells what should be obvious. At worst, it's awfully neglectful of the Spymac operators not to have a large privacy policy that explains such things. Sending email to everybody in the forums isn't a solution, and is likely to cause more confusion.
One serious objection that I have to Spymac, which can be checked out, is that it doesn't use SSL. Even for the paid webhosting and webmail. And all of the services are prone to failing without warning; it's been 7 months or so since the new services came out, and I'm still hearing complaints about their reliability.
Have a nice time.
and finding it unlocked. Leaving the door unlocked is a bad thing. It is an even worse thing to leave a door open when the things that could get stolen belong to other people.
...is that a bunch of people in that thread are actually whining about him telling them (by "sending spam") instead of a Spymac mod.
The way he went about doing it probably got a whole lot of people concerned about the problem.
So, what's going to get it fixed faster? One person mentioning the problem or thousands complaining about it?
And this way, he actually taught many of those people a valuable lesson and hopefully they will remember it the next time they sign up for a service like that.
That's the point of the vigilante--if he or she can get in, that means someone else could have ALREADY gotten in and left things in there. If the vigilante can get in, then you already have to rebuild--it's just a question of whether you KNOW whether you have to rebuild. No point in killing the messenger.
Well, except vigilantes are self-appointed messengers. It's not their duty to be poking into other peoples' system. That's the responsibility of law enforcement and only within certain boundaries.
In brightest day, against the blackest hat,
no evil shall escape my hack.
Let those who worship evil's might,
beware my power,
GREEN SCREEN'S LIGHT!
The Kruger Dunning explains most post on
many times, the punishments do not fit the crime. It would be like sentencing someone to life for just breaking a door to someone else's house.
// file: mice.h
#include "frickin_lasers.h"
19 pages in that thread and nobody has come up with the obvious solution.
In a forum the size of spymac, members viewing this thread/online is useless - needle in a haystack style.
To get a gauge of popularity, why not have "number of members viewing this page" rather than the whole list?
If users want to know when their friends are online, then they could implement a vBulletin style "buddy list" in the member's control panel.
Gamers Europe - Gaming News. Reviews.
If you step in the ring, you have no right to cry when you get punched. You may think you're doing some fair and noble deed when you, say, grab the IP out of some trolls email post, paste it into your web browser and use the default login credentials to turn off their SOHO router. But what happens if everybody does this sort of thing? What happens when you annoy somebody and they do this to you?
The network and the online society becomes less valuable and beneficial when people start throwing rocks at passersby. It's like that good mall that turned into the thug mall. Is that really the environment you want to promote? Do you want to drop your kid off in the gangsta food court to buy a spiked orange julius or a digital crack smoothie?
There are legal, civilized tools at our disposal to deal with these situations. Use your imagination to pick the best one. Society would be better served and preserved if you chose them.
And BTW, there is a GREAT book about vigilante justice called "Watchmen". It's one of the best comics ever.
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)
I just did a tracert 127.0.0.1 and the time was 1ms, you must be very close to my internet connection.
You sure are a talkative corpse.
censorship devise, & it's whoreabull implications?
.com (froogles) away from the disabled shopkeeper. eye gas maybe they are not quite as public spirited as they present?
lookout bullow.
robbIE the corepirate nazi execrable puppet? (Score:mynuts won, everybodIEs' got to make a living?)
by Anonymous Coward on Saturday July 24, @11:44AM (#9788965)
@leased that's what the pateNTdead eyecon0meter is saying, based on the whoreabull abuse buy robbIE of the infactdead PostBlock censorship devise.
this stuff (the eyecon0meter kode) is unbreakable, & wwworks on several (more than 3) dimensions.
what about google, trying to steal the
with 'sponsors/leaders' like that, all you need is the swastika?
Have you ever heard of the government doing that? They may investigate breakins that admins report, but they don't seem to do anything to confirm the security of the user's data that admins are trusted with.
No one likes a gadfly--but that's just how life works. Customers have a right to know if admins refuse to run secure systems.
Unfortunatly I'm starting to take the view that spammers will only understand violence. I don't mean like getting thier net connections removed. I mean like pounding the shite out of them.
No I'm not kidding. I don't think there is anything else that will stop spammers from doing what they do.
Hell in todays society I'd send spam but I don't feel it's worth the work to deal with network bans and finding valid proxy relays, etc.
Spymac is great. Nevermind the 1 GB email, the ftp space is very generous too. So along comes an article on Slashdot disparaging security while asking a disingenuous question about ethics. Oh man, this is not a public interest issue. It is trivial to retrieve every AOL profile, for example, just by dictionary guessing of screen names, so how is Spymac any less vigilant against attack, whether vigilante or otherwise?
It is so hard to get a submission accepted by Slashdot, one would think the standards were very very high. Apparently, it is a lot easier if one asks a polarizing question on a topic vaguely connected to OS choice and one that inflames debate.
The same can be done with services like AOL. Just go into a few chatrooms. Copy the list of users in the room, then add @aol.com and viola you have a list of thousands of people. This is old news, very old. Furthermore, public profiles can be added to the database as well from services like AOL. This is not a bug, it's not a blanted security hole, it's simply a person trying to think he is crafty. If the information is publicly available then it can be obtained a variety of ways and very easily. If it is private and can be obtained by means of exploiting the system then it is a security hole.
-illumina+us "I put on my robe and wizard hat..."
cool now I can report everyone I don't like. YEY!
Should there be a police organization specifically for the net which might have the authority to hack someone's machine if they are breaking the law with it?
GJC
Gregory Casamento
## Chief Maintainer for GNUstep
Who's got a rope?
It's Vigilante,
It mentions black hats,
Mentions old school technology,
It comes from a comic book,
and it's a pun!
It's not off topic. Funny? maybe, Irrelevant? yes, but not off topic.
The Kruger Dunning explains most post on
excuse me, but I always thought a vigilante was someone who performed duties of the court (investigation, apprehension, judgement, and/or punishment) without court authorization. e.g. roundin' up a posse an' lynchin' ol' Black Bart for horse theivin'. That was back in the days before words were allowed to end in 'g' or 'd'
What does vigilantism mean in an online context? 1) spying out the home address of some spammer outside detroit and then publishing it? 2) white-hat breaking-and-entering of security systems? 3) publication of embarassing facts about the in-security of systems? Probably so.
All of these actions seem rude (if not illegal). However they do benefit the public. That doesn't make it right, but it does make it hard to publicly condemn. I think what we term "vigilantism" is a response to some social problem after the institutions that SHOULD have solved it prove ineffectual. The argument is whether this ad hoc cure is worse than the disease. It certainly constitutes a strong signal to duly authorized institutions to get off their dead butts and get their acts together.
There are other means besides vigilantism to respond to broken systems. If one mail system doesn't take my privacy concerns seriously enough, switch to another. That's why monopolies are bad (warning: mod this post down to troll b/c i'm to the right of Mao Tse Tung) denying us a choice to an alternate system. e.g. Black Bart steals too many horses, vote out Judge Ito for hangin' Judge Roy Bean.
I don't OWE it to any company to fix their problems or even provide feedback telling them they've got a problem. As a courtesy I may inform someone in charge, but I won't bother much about it. Because they're getting the info for free, they may ascribe just about that much value to it. If I embarass them with a vigilante stunt, yeah, that'll help my karma, win friends and influence people, sure.
I suppose the righteous response is to gently inform whoever's in charge. If that doesn't work, the rational response, when tempted to perform some vigilante act, is to look around for how to benefit from the institution's demonstrable incompetence. e.g. starting/backing a competitor.
Doing what was described here is not being a "vigilante"--A vigilante is a private citizen (lacking official authorization--not a police officer or other governmental authority) who catches and/or punishes criminals for crimes outside of the established legal system. What this guy did was identify a security weakness and used it to make a point about it. That sounds either like civil disobedience, a technical infraction done to prove a point more than to cause actual damage or harm, or being a "good samaritan" in that he identified a problem and offers to help solve it even though he has no obligation to do so. Since (at this point) no law has been broken, there is nobody to catch, and no opportunity for a "vigilante" to act. If someone bad did get the list of members and sold it to a spammer, and I found out who did it and gave him a black eye in retribution, i'd be the vigilante.
I wondered if the '/.-effect' would be a legal form of DDOS -- especially if it was directed at sites using spam as advertising...
t -- maybe they would think twice about putting their web site in all those e-mails...
It would seem that posting the web address of a spam-ad-linked-site and letting the feeding frenzy begin would be a novel way of sticking it to the online pharmacies/annoying-purveyors-of-crap-I-don't-wan
We apologise for the fault in this post. Those responsible have been sacked. -- Signed RICHARD M. NIXON
spammers and spyware makers only!
Since you cant presume them innocent and find anyone gulty, we must assume them guilty and bring out the tar and feathers.....
Back in win95 days, I used to go onto IRC warez channels and knock peoples computers offline with a combination of WinNuke (port 139 attack i think) and click (allowed you to send an ICMP packet of yourt choiuce to signal a closed connection).
oH well people say XP isnt secure but you dont have to worry about easy to use programs crashing your computer floating around on the net anymore.
There is a point where it becomes invasion, and I guarantee that if someone was nosing around my personal life in order to try to get me busted, they would get more then they bargained for..
Not saying that we ignore our neighbors wife being beaten by the guy who broke into their house, but there is a line, and I think what was being discussed earlier on crossed that line...
---- Booth was a patriot ----
Honeypot operators watch for abuse rather than simply secure against it. They can take some actions (perfectly legal and legitimate) against the abusers (mostly spammers) they find, they can initiate actions against the abusers.
It continually amazes me that so many people are highly irate about net abuse and yet do so little to stop it when they could. Honeypot evidence could be used to convince ISPs that there's plenty they could be doing, too, without violating any laws and without violating any of their own restrictions.
Spam is abuse that goes through other systems (for the most part.) Just about every system with a permanent connection is a candidate "other system" for the spammers. The vigilante who operates a honeypot watches for that abuse and works to thwart it (if nothing else, captured spam stops dead at the honeypot. That in itself is good. Get enough doing it and the ones who pay to have their product or service spammed could be told that a large number of the spam messages never got delivered. The idea of that is to get them demanding a refund from the spammer. The idea behind not telling them the number is to make the negotiation between spammer and customer more difficult, more heated.
I watch a honeypot. It traps some oriental spam (from/to oriental email addresses), some US open relay tests. Even today there are spammers doing open relay abuse. You can learn a lot about the abuse using a simple trap. Knowing more about the abuse gives you greater power against the abuse.
Linux operators, in particular, can run open proxy honeypots ( "in particular" because a free download to do just that already exists.) There's probably much more open proxy abuse these days than open relay abuse. Create enough irritant sites (honeypots) and the spammers will be greatly inconvenienced.
If you've ever had a system abused by spammers to relay spam there may be no greater feeling of satisfaction than watching more spam come in and knowing that it stops dead with your system. The more the spammer gloats (you don't get to see it but you can assume it) that he's found a superb abusable system the more you gloat that he is wasting all the effort and bandwidth he's using to send the spam through your honeypot.
It doesn't hurt to run the honeypot like you're a greenhorn, either. Let the spammer think he's found a big fool. The more like a big fool you look to him the longer he'll actually be a big fool. Simulate a clogged system, simulate crashes, go offline for hours (or simply change IP address - that's offline as far as the IP address you were using is concerned.) how you do it and what you do aren't that important - the important thing is to create noise so that the spammer has a far more difficult time telling abusable systems from secure ones. If you could do anything about the abusable systems you'd secure them - but you can't. To confuse the spammer you have to make secure systems look insecure. Plus, the more obscure your location (that is, boonies.com vs. bigisp.net, for example) the more likely the spammer is to look at your IP addresss (the system attached) to see if it is abusable.
I completely agree. I have been both the stumblee, and the stumbler. When I accidently found all the social security numbers of everyone in my school, I emailed the teacher that posted the datafile to a public portion of our shared server (retard). He promptly fixed the problem, and never said anything else about it besides a humble 'thanks'.
/root. Says how he got in, and that I should close the hole. No rootkit, no security compromise (trust me, I looked for quite some time). This was quite possibly the best kind of vigilante. Saw the problem, exploited it to show that (s)he could, and left.
I also have done white-hat work. It is kind of polite to find those 'nice' hackers that will get in through a known hole and just put a HACKER_README in
I say this guy went a little far with 10k emails. I think 100 would have proven his point, but who am I to judge?
--If I said something interesting it probably wasn't correct
My first impression is that the original poster has no idea what a vigilante is...
But perhaps that is just semantic quibbling?
Neopets - the best free game on the Int
Vigilante justice is worse than the original crime. Let the proper authorities deal with it before it turns into one big mess.
I've been reading through the spymac forum thread, and people are talking about how they are "victims" of this spam, and that he should go to jail. WTF!?!? He sent one email to 10K people to illustrate a point. Yeah, he shouldn't have done that, but jail time? Give me a break. Of course not everyone in the thread was like that, but there sure were a lot of pansies. [Insert flaming comment about Mac users here ;-) ]
"No one likes working in a hamster wheel, and your shop smells of cedar shavings from here." - TaleSpinner
Ideally, the internet is a self-contained cyber
community; with the only laws regulating it are the
laws pertaining to real life activities that have
mutual affects with the internet.
Consequently, it should be an anarchic society where
possible, self regulating by the individual participants.
If this guy is trying to do something good, LET HIM!!!
P.S. Why you write like chinaman?
You read that right. I wrote an email/website harvester. Once. In PHP on PostgreSQL, just to see what it would take. It took me about 6 hours, including the expressions and a bit of performance tuning.
It wasn't very well tuned at all, but when run, it found about 1,000 email addresses every hour on a PII-400, after filtering out the bogus addresses.
It would get caught in a harvester trap every now and then - which was easily overcome - it would only look thru 100 pages in a particular domain. There's plenty more.
I never did anything with it. Once I'd proven the concept to myself, I deleted the database.
This is just a consequence of the "frictionless" digital world - information is transmitted, collected, and manipulated easily, including information you might not consider to be "public".
As Scott McNealy once said: "Privacy is dead. Get over it!".
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Mod that there funny! Them stoopid macolytes!
He doesn't apparently do anything illegal(though he doesnt disclose where the list of users came from exactly)
The extent of the damage caused seems to be an email sent to 10,000 of the users of spymac. I fail to see the problem. This isn't a 'hacking for good' or a 'worm to kill another worm'. It's a mass emailing telling people theres a problem. There is also nothing to suggest that someone in a position of power WASN'T contacted prior to the mailing.
So I'll say it again, what did this guy do wrong? Other than send a mass email which is hard to even call spam.
It seems to me that you're missing an important point of the guy's e-mail to you:
He sent you a warning.
And not only that; he probably sent it to everyone on his list of "thousands of member names". Don't you wonder why YOU of all people received it, having no previously existing relationship with him? It's because you *weren't* the only one who received it. At least two people who replied to your Spymac post had also received it, so you're obviously not the only one.
They guy was clearly concerned with a vulnerability at Spymac, not trying to take advantage of it. Don't you detect the mild sarcasm he used? They guy isn't recruiting accomplices; he's making a statement to members.
The guy says (paraphrased) that he just got hold of all this info. Coupled with [public member info] and [specific techniques], he could compile a very complete list of member data. Now, he says he could do [evil thing1], [evil thing 2] or [evil thing 3]... or, "or simply ask Spymac to GET THEIR ACT TOGETHER and FIX EXISTING PROBLEMS like this gaping security hole before they introduce ever new functions?? I should never have been able to get my hands on this!"
Uh, hello? That was a direct quote, with his emphasis, not mine. He's not a criminal (yet, anyway), and he doesn't deserve any kind of justice, vigilante or otherwise. He's simply made it blantently obvious to at least one user (you) of a service that their data is not secure.
Now, maybe it would be appropriate for you to contact the Spymac folks to make them aware of the issue. (If they aren't already, based on the fact that many of their employees probably have their own accounts, and that he's probably e-mailed quite a few people, if my assumption is not off.) It might also be appropriate to contact him directly (if possible) and make sure he's... "guided" to the proper methods for disclosure of the data to the applicable folks and deleting it. But to go after him for doing nothing more than producing an effective proof-of-concept... he doesn't deserve what you're asking about.
Of course, it's possible that he hacked their server... but it doesn't sound like it. He said "Played around the other day with Spymac and suddenly... I couldn't believe my eyes: A list with thousands of member names right there in front of me! " That *could* be hacking (perhaps some vigilante reconnaissance would be appropriate), but something makes me doubt it.
The problem with Internet vigilante activity is the size and anonymity of the posse. In non-electronic frontier justice, the mob knew its own members, its target and usually its consequences. Not so, online.
/.ers did to Alan Ralsky. Mobs are one vengeful ex-wife, one crooked real estate agent away from devestating the wrong guy.
Consider, say, perverted-justice.com campaigns, or what
Moreover, where's the incentive to call a job finished? In-person vigilantes face certain limits of time, space and scale that serve as checks on their hostility, in addition to the fact that it's just harder to hurt a guy whose face you've seen. And even then, there've been no shortage of abuses.
Online mobs are inherently imbalaced, and can result in the equivalent of beheading people for misdemeanors.
~ ac0lyte
Scenario 1:
1) System is vulnerable.
2) The vigilante breaks into the system
3) The vigilante tells the admin
4) System must be rebuilt as if it was broken into.
Scenario 2: :-P )
1) System is vulnerable
2) Evil Hacker X breaks into the system
3) Evil Hacker X installs a trojan
4) You b3 0wnz3d (or however the kids these days say it
5) 2 months later you notice the intrusion and have to rebuild your system
So, even though vigilantes are wasting their time and effort by doing this for free.. and they do cost the company time and effort, it is, in fact, time and effort that would have had to be spent anyway. For those of you who might say that "well, who says Hacker X would have broken in?" That is simply security through exception. That's like saying you don't want to have an alarm on your house becuase your neighbor doesn't have one and he'll get hit first. It's a possibility, but I'm not putting my house on that gamble.
"I am the Black Mage! I casts the spells that makes the peoples fall down!" ~8BT
[Off topic, but the grandparent started it]
The reason the regilious/anti-religious arguments are still going on is that neither side bothers to learn the other sides arguments, because - hey - they're wrong and its a waste of time.
Each side only learns enough of the other to see that the other side must be wrong.
So now the subject cropped up, lets take a look:
1) Just to cover the 6,000 year lark from the bible; its supposed to be 6,000 years since Adam and Eve left the harden of Eden after eating the fruit. No-one knows how long they were in there before they ate it, or what was outside the garden keeping the eco-system going.
2) And if good old Noah's flood did happen it might have screwed up the climate something rotton so there goes the basis for carbon dating (carbon ratios in the atmopshere).
Thats what you get when your theory damages someone elses premise.
So lets not fight about it; most people don't bother to learn "their sides doctrine" well enough to make a case anyway, or even enough to know if they actually believe it, so for both sides its not even a matter of belief but ignorant and partisan faith.
There's a difference between wanting truth and wanting to be right.
Sam
blog.sam.liddicott.com
I want to join an angry mob!
Damn, I cant join this one, I don't use a Mac
Since so many people are complaining that I allegedly misused the term "vigilante" - here's the Webster online definition that I was thinking of:
:)
vigilante:
(snip)
broadly: a self-appointed doer of justice
In case there is further confusion - you do realize that words can have differing definitions, right? So, sorry fellas - it seems that I used the term completely correctly.
Only way to stop this kind of thing.
Some script kiddie kept taking over the polish Star Trek fan channel on IRC. Admins ignored complains. ISP ignored complains. Police ignored complains. So guys tracked down his IP, found his home address, paid him a visit, broke a few bones and left.
Police ignored complains.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
First, I oppose vigilantes everywhere, including the net.
Second, the net is a public place. Anyone who posts any information on any site has no more expectaton of privacy than if they wrote the same information on a 3x5 card and pinned it to a bulletin board at the local mall or library.
You know, there's a book on my shelves that lists the names, addresses and telephone numbers of almost everyone in my city.(Bet you have one, too.) My God, think of the privacy implications....
-- Slashdot: When Public Access TV Says "No"
White Hat activities only land a person in jail as a reward for not laying waste to a network/system. However even the best intentions end up sometimes being a plague, such as when a script kiddy tried to generate a worm to remove an already destructive widespread worm released by other script kiddies. Pigs don't know how to catch them, no matter what fancy name they give a couple of fat ignorant bastards in a former supply closet. Ask them about a header and they will call the Captain's wife back up.
Takes one to catch one. If the internet acted more like a community and swarmed on the irresponsible, those who are Spam/DDoS zombie machine owners, those who try to scam/phish, those who destroy/open up networks etc...these things might start to diminish. Instead, as the wretched species we are when we find a windows box owned by some ignorant fuck we use it as a DDoS source to bump somebody offline because of some lame reason that could be as easily ignored. There should be a vigilante league online, and scour the networks for zombie boxes and leave tips for these mental midgets on how to maintain something they own and put on a global public network. You are a netizen now Bubba, get your dick outta the sheep and update your crappy OS. Track down the spammers using these boxes and treat them to paperweights for PCs in the style of old Virii wrote by programmers that trashed EPROMS and BIOS. The lure to do the chaotic shit they do would be significantly reduced if they were being hunted by people who really KNOW what the fuck they are doing.
I mean shit, the "proper authorities" have done such a knock down outstanding effective noticable job so far. Yeah, let them keep doing exactly what they are doing...N O T H I N G. Oh wait, they haul in a retarded script kiddy every now and then.
Now that warrants faith and trust like Bush's Iraq claims even after being proven a liar. Let loose the dogs of war to take out the vermin that the "proper authorities" are too stupid or maybe busy to deal with. Dealing with a murder might be a bit more important that your clogged inbox but hey! They will handle it soooo effectively as they have been!
No. He got caught downloading child porn and came up with a REALLY lame excuse.
But here's a third scenario...
1. System is vulnerable
2. Evil Hacker X breaks into the system
3. Evil Hacker X installs a trojan
4. j00 1Z 0wn3d
5. A month later vigilante breaks into the system
6. Vigilante doesn't see the existing trojan
7. Vigilante tells sysadmin
8. Sysadmin finds trojan
9. Sysadmin blames vigilante
Now you can argue that "well, the vigilante obviously didn't place the trojan there, or else he/she wouldn't have told the sysadmin", but steps 5-8 are still enough for a company to consider civil (if not criminal) action against the vigilante, and then it's up to a judge (and/or jury) to decide if "Well if I did it I wouldn't have told them!" is a good enough defense.
Why are you doing someone else's work for them, for free?
I find it hard to believe that the white hats are really doing it out of genuine concern for Corporate America. If you are really that altruistic, why not build a secure system that others could use, rather than try to break someone else's? So you discover an exploit - how does that help anyone if you don't also volunteer your time to help secure their system? Wouldn't it be better to help them migrate to a secure OS (such as *nix) rather than finding holes in their existing systems?
I mean, who really cares if you can root a Windows box anymore - it's got more holes than swiss cheese. The fact that you can find one of these holes doesn't make you smart, just annoying. We know Windows will never be secure; we'd appreciate it if you didn't break it any faster than normal.
I think a lot of white hats justify their cracking by calling it a community service, figuring that if they don't do any damage, then everything is ok. Well, it isn't. There's a certain degree of privacy that we like to have, and even if someone hacks a box with the best of intentions, the fact that the intrusion occurred is going to cost the victim. Consider how you'd react if you found a "friendly" reminder that you'd been hacked:
- If you had any source code, you'd have to immediately file applications for any patentable algorithm contained therein - or risk someone else beating you to it and suing you for using your own invention. You'd also have to do a complete audit to make sure that the hacker didn't introduce any back doors into your code.
- If there was any financial data, (such as CC numbers, etc...), you would have to close your accounts and re-open them.
- If you had any "intimate" pictures of your girlfriend (okay, this is slashdot, but try to imagine it...), you would then have to explain to her that she might someday find these pictures on the internet somewhere. She'd probably leave you, too...
Really, what it comes down to is that hackers hack for the power they feel when they root someone else's machine - not because they're genuinely concerned about the welfare of others. Even those who don't damage the system are still breaking the law, and the mere fact that the breakin occurred does damage - even if it isn't apparent to the hacker.The society for a thought-free internet welcomes you.
I take it that if you're caught in a similar situation, you'll come up with a much better excuse?
"Report him for what? He doesn't seem to have committed any crime.
Vigilante: A member of a volunteer committee organized to suppress and punish crime summarily (as when the processes of law appear inadequate); broadly : a self-appointed doer of justice
You need a FREE iPod Nano
that computer "hackers" are just losers angry that they can't get laid.
A note to everyone out there who gets off on cracking other people's machines-in ten years, you'll have nothing to show for your sk1llz other than a house full of lame toys. Grow up and get over infosec.
[disclaimer: this is all fictional.]
[also, i'm paranoid enough that i stopped on my way home from work to borrow some suburbanite's wifi to post this. paranoia can keep one safe---don't knock it till you've needed it.]
i run a site that serves a good purpose. it is a site, though, that can be misused by harmful assholes and dangerous weirdos. when it comes to men making jokes about raping women on the site, or nazi skinheads talking about killing jews and niggers and fags, they should have known in advance that the internet is not anonymous unless they are smart enough to make it such.
one of the beauties of the site is that it requires an email address and password to use it. now, you can imagine that a good portion of the neo-nazi scumbags out there (just like everyone else) use the same password for everything, including their email. --- more disclaimer: of course i would never consider doing something such as logging into someone's email account, no matter if they talked about killing or injuring people... i'm just saying these people leave themselves wide open to it and deserve some justice, and someone out there running some site may be giving it to them, and i hope they are.
also, some of the people requiring justice and lessons taught to them are very traceable through their own net communities. maybe not usually the wacko men who make rapist remarks to women, but the nazi scumbags are for sure. combining things like google searches and referer tracking for users registered on my site, one can sometimes link users from my site to users on sites that they consider private, part of their club, where disgusting leftist fags like me would never hang out. these sites are sources of much personal information on the people: where they live, what they do, where they work, if they're married, their general attitude (scumbag to the core or just acting like a tough person for show), etc.
there is also in some cases the ability to use other people to track down certain scumbags. there was a case of some major sexist dirtbag on my site harassing women who was traceable to an online journal of theirs that listed their friends, among which i was able to find a friend of mine who had a friend of theirs in common (my site is popular but it is somewhat of a niche community, distributed but in any given city often far from anonymous if you are part of the community). i was able to get the person's home phone number (they lived with their parents). now, then, how funny would it have been to be in that house when the idiot's parents were called to be informed that their nice, religious son was posting misogynist crap on the internet and to be pointed to the url so they could read it themselves, with his picture on there and all? i'd say very funny.
anyways, that all is just to say that i firmly believe in net vigilante justice. there is the other side of the coin that i am far more traceable than most, even them, as the person running the site, and that 'net justice can lead to revenge taken on me. i take the precautions i must, but i don't let that concern make me inactive. i can get my ass beat on the street for not letting scumbags have their way, too. so it goes.
"Copy, add "@spymac.com" to every user name with a simple Find and Replace and - viola!"
How did he get a viola from those 10,000 usernames?
Love the idea, scared of the implementation. Someone would screw up and cause more trouble than the original assh*le. Crap like that gives us all a bad name.
Professional Politicians are not the solution, they ARE the problem.
Hmmm...this sounds familiar somehow. Let's see:
Good citizens keep to themselves and operate under common decency and common sense. But there are always some malcontents that feel they can do whatever they feel to whoever they want with small fear of retribution. Some governments are just now awakening to the threats of these malcontents, and have passed laws against them. Of course, these laws are next to useless, because the problem transcends international geopolitical boundaries. So what is a decent citizen to do? Nothing? Scream and cry until the lawmakers listen? Until there is a real leader in the Homeland, vigilante groups may be the only answer. Small groups of aware individuals who can root out the Jews and administer some well-deserved justice. Some may call them terrorists, but if they leave the good people alone, I would call them patriots. Will the law go after these patriots? The law may turn a blind eye if these groups keep the peace. Besides, what can the law do to the patriots that are trying to make things better when they can't even go after the malcontents? I'm all for vigilantes, until we get a real leader in the Homeland.
I forget exactly who it was who said this. 8^{
DNA is a Turing machine. You, however, being dynamic and emergent, are not.
Maybe makin me a pie too after you shine my shoes...
;)
Don't hate those with skills you could never begin to imagine having or fathom
Read The Friendly Article.
---- I've fallen, and I can't get up.
"There are legal, civilized tools at our disposal to deal with these situations. Use your imagination to pick the best one. Society would be better served and preserved if you chose them"
Riiiiiiiiiiiight, and they have been so damn effective so far that the tides are turning and nobody ever hears of online malicious activity such as Spam and Virus of the day.
And beheadings for misdemeanors just might curb things a tad bit.
Well what i think is, Hackers hack because they can. I am not a hacker, i am a Network Consultant, that deals with Network Security issues all the time. Hacking is something that helps me understand what i can do to protect my clients. just like Magneto from Xmen 2 'this protects me from the real bad guys'. i am all about understanding security measures and port sniffs. but as far as the scum go that make money off e10 lines, using my system servers to host French Movies to europe. no thanks.....and Get a job. Seriously, the only thing that hacking does dudes, is screw up any harmony that is being created these days on the Internet. i view it hacking i guess like constructive criticism. its hurts a little, but its goal is to make us better. BUt if someone is making money off me, well screw that cuz i will destroy your board. Quote from JinxGear.com tshirt ' not even NOrtons can protect you'. i hack there for a i am? network COnsultant? hacking helps me stay in business. so its a love hate relationship. without it it would be a one time visit. with it its upgrades and updates. NOt sure what my opinion is.
*THAT'S* what I'm talkin about!!!!
As far as attacking a system goes, I guess it depends on who gets hacked. :-)
I wish they'd save their bag of tricks. Down the road, as our government becomes more corrupt, we might need them some day. I suppose if it helped expose a company for doing something really terrible, I could justify it.
Exposing holes now will make it tougher to crack the system later, when such cracking might actually do the people in a given country some good.
From what I've seen, it's all about ego gratification. The "gee, I was trying to help" is just a way for folks to rationalize criminal behavior.
If I found a hole, I'd probably keep my mouth shut. Wouldn't exploit it unless there is a darn good reason for it.
I support the idea of Vigilantes on the Internet.
;)
Outcries from responsible members of the Internet community are often times ignored by those who can make a difference and finger the right people. Take Verizon DSL for instance, they continue to leave port 25 wide open allowing for a harvest of spam zombies enabling vermin to waste bandwidth, time, and countless other resources with no permission or care. That amounts to theft and an overall decrease in the quality of the internet, sort of like just watching your neighborhood go to shit and doing nothing about it. Those with power ignore this, or see more pressing issues that will get them votes or brownie points with those who need votes. Our community is shrugged off like the bad parts of town and forgotten about until a raid is needed to add a sugar glow to the public's eye or distract them from another issue. IF the bigger players would acknowledge the responsibility they carry, such as Verizon DSL closing port 25, that funnels the traffic to a more traceable medium such as their mail servers. At that time, culprits can be IDed without doubt and removed from the network till they learn to maintain their equipment and thus removing a spam zombie and an outlet to spew their shit across our network. Perhaps even employing that computer with owner consent as a "Honey Pot" to get the IPs of those making the spam connections and track them down well enough that incompetent law enforcement can get around to doing their job with them.
I've read posts about people so worried about Vigilantes going overboard and abusing power...well oddly enough I hear a lot more about Police/Judges/Politicians abusing their power. Nobody is infallible, but unwritten courtesy and etiquette have set standards that most people abide by. So it is just as possible for a Vigilante to go bad as it is a cop or any other person in a position of power. Oddly enough that very system they chose to turn on my just end up regulating them in turn. When the sense that you can get away with almost anything is gone, that cuts out a large portion of people willing to take that risk. The brain-dead spammer that read the how to article and got their spamware and knows *nothing* about the network they are bringing down might think 3 or more times about their part time job knowing their expensive PC they can't possibly fix may end up a permanent paperweight when somebody tired of their shit catches up with them. Vigilantes already act out on their own accord, how about Al-Jazeera getting dropped when they showed pictures of American GIs? (More of a censorship example and there should be NO censorship...but work with me here!) It already exists, rather then pretend it does not we all should try to focus it where it is truly needed: Script Kiddies making Virii/Trojans/Worms and Spammers. Two of the single most abhorrent mutations to pollute our network...since AOL.
Mod as you see fit, but it won't change my opinion or actions.
-1 Overrated (Too many big words for me to comprehend)
I think it's very difficult to leave opinions about Spymac aside. Yes, I have problems with them being the iWalk source (the older ones here will remember) but what's really bad is the involvement with Jack Campbell.
Reason most hackers only find weaknesses 12 months or older. They are not really that good at finding there own faults. Now this means lets point the stick in the right direction Microsoft has a fix after exploted ie a patch will be ready inside 48 hours of a fault being exploted this is too late this will be worse if a hacker setup a layer attack using fault after fault stacking on top of each other this would mean that a fault would fail because they would always be 48 hours behind.
Linux/BSD/Unix systems try to have 48 hours of report of fault in most cases not even given hackers time to use it. Note even here there is the odd one where a hacker find it first but it is not common.
The point is that Most hackers don't find new faults but old ones that have not been patched. Ie people check for flaws or normal use normally finds them first the reports of anonyed people about the fault not being fix normal give the info to the hackers.
But the reason I brought those examples to the front wasn't to justify vigilantism, but rather to show that it doesn't cost the company any time or money that the company wouldn't already have to spend if they didn't want their systems broken into.
"I am the Black Mage! I casts the spells that makes the peoples fall down!" ~8BT
look here for all your 127.0.0.1 joke needs.
Don't thank God, thank a doctor!
The best example of online justice, imo, is in the movie "Jay and Silent Bob Strike Back", where the protagonists obtain a fortune at the end of the film, since a movie was made based on their lives, and then spend it on tracking down everyone who talked shit about them on the Internet, flying to their houses, and beating the crap out of them :-)
Having poor security on your website is like leaving your car unlocked in a bad neighborhood. Yea. you shouldnt have to do it, but if you don't and you get get your car stolen, your going to feel pretty stupid. Lets face it, the web is a bad neighbor hood, and unless your website is a Yugo, theres a chance sombody might try to break into it.
Steal my band's record! Seriously,
The debates between fundamentalists with their cemented views (having painted themselves in corner with fundamentalist interpretation of their holy book, be it bible, quran or whatever) and scientists (or people with strong natural science background)
I'll agree with you that many folks in the 'fundamentalist' camp have 'cemented views.' Many of them are certifiable.
It seems that you are suggesting that scientists are not subject to the same kind of cement.
Scientists, the last time I checked, are people, and as such do have the same basis for their ideas that fundamentalists do.
As an example, I'll offer that if a scientist is an atheist, he (or she) is asserting that no God exists. That is a 'cemented view' that sets the place from which the scientist observes the universe.
We all have a bias. The question is, which bias fits the universe best?
But Herr Heisenberg, how does the electron know when I'm looking?
I think that we are in agreement. As a fundamentalist, I do not oppose science - that is, good science - science that adheres to fundamental principles of science.
I'd sumit that most atheists I know - and I know a few - are completely unwilling to change their opinion. For most that I have questioned, there is *no* evidence that they would consider sufficient to change their point of view - and they call themselves free thinkers?
Many Christian fundamentalists 'major on the minors' by insisting on things that are not actually in the bible, or instead, violate principles of biblical interpretation by using a 'wooden literal' approach. The Bible does not claim to be a scientific textbook, and contains many different styles of writing. Literal interpretation is not always wise.
Let me put that in context. I *am* after all a fundamentalist. I think that:
1. The Bible is authoritative and accurate in its information. The objections to biblical accuracy that are well documented on the internet are also well refuted on the internet and elsewhere.
2. God created the universe - and the details are not provided in scripture, but
3. The creation as documented there certainly appears to reflect a seven-day creation. Other theories that attempt to include a long gap between days 1 and 2 are a stretch as far as I'm concerned.
Does that give me a cemented view? Perhaps.
I think that it is conceivable that scientists will one day conclude that the earth is substantially younger than is currently believed. After all, if new evidence is gathered that support that view, shouldn't science change its position?
Ultimately, I have the same physical evidence that an atheist has. Neither of us was present during creation (through natural or supernatural processes) and so neither of us can rely on the pure scientific method (lather, rinse, document, repeat) for affirming our positions with respect to universal and life's origins.
We each have theories that explain the evidence that we find, and sometimes each of us speculates.
Does that make the atheist's position more sound than mine? Only if his speculation is more supported by facts than mine.
Interestingly, if science is dominated by folks with 'an a priori commitment to naturalism' who will form hypotheses that conflict with conventional wisdom in science?
Respectfully,
Anomaly
But Herr Heisenberg, how does the electron know when I'm looking?
The following could be much longer answers, but I'll try to keep them as short as possible:
:)
1. The Bible is the inspired word of God as written by men. Each author communicated using his own style, but the content was given by God and protected by God so that what was written was 'The word of God.' The Jewish people were the keepers of the 'Hebrew Scriptures' and they preserved those writings over time. The early Christian church absorbed the Hebrew scriptures (Jesus *was* a jew) and brought them together with the writings of the apostles. In 393 and 397 councils recognized the canon of scripture as hose books that were already accepted by the church as a whole. That is to say - man did not determine which books were from God and which were not. God revealed that to the church.
2. You might as well say "Define God and give two examples"
God cannot be contained in the Bible. The Bible contains the Word of God, but is not God. Your image appears in a mirror when you walk by, but the mirror does not contain you. Vampires excepted, of course.
Why do you ask?
Respectfully,
Anomaly
But Herr Heisenberg, how does the electron know when I'm looking?
I'm posting to slashdot, not writing a theology treatise. You are of course right about Christ being the Word of God - the word became flesh and dwelt among us.
I'll take some isue with your assessment of the 'average fundamentalist.' I happen to know a great number of them, and I'd say that the average fundamentalist that I know is not consistent with your description above.
With respect to the 'recent theology' component, I'd have a bit of a problem with that view.
The book of Genesis reads to be the description of the creation of the universe, and the declarative history of humankind. To interpret it as an allegory is one possible explanation, but it doesn't hold water.
When Christ was questioned about marriage, he talked about Adam and Eve as if they were real individuals. When Paul was writing his letter to the Romans, he directly addressed the issue of original sin by explicitly referencing the sin of the one man - Adam, and the redemption of that sin through the man Jesus Christ.
Make Adam an allegorical figure, and there's little need for a real redeemer, but rather an allegorical one. The heroes of the faith listed in the NT book of Hebrews lists the men from Genesis in the long line of people who lived lives of faith. Make them an allegory and you add confusion to the mix because slearly that section of Hebrews talks about real, living people (living at that time) and it seems a little weak to suggest that some of our examples are actually models of what an example might be.
It's possible that there's an explanation for Genesis that doesn't conflict with current conventional wisdom in science, and I'm open to that, but it needs to hang well with the rest of the Bible, or I'm inclined to say that the explanation is unlikely to be valid.
It seems most likely, given my current understanding, that science will change its views about dating and cosmology (again) when more is understood about the universe, and that will likely harmonize physical evidence with scripture.
I could go on, but this *is* slashdot...
(Time for a reload of the slashdot front page to see if I've missed something exciting....)
Respectfully,
Anomaly
But Herr Heisenberg, how does the electron know when I'm looking?
Your computer at 127.0.0.1 is mine, Mine, MINE!
Oh, wait. It is mine. Drat.
You've got a good point there. I'm talking about things that don't cause a sysadmin to worry too much. Things like nmap, simple network circumvention, etc. Also tests for software vulnerabilities should be done on test boxes that you own. It's not okay to DDOS someone just because you don't like what is on their site.