Nmap Author Receives FBI Subpoenas
spafbnerf writes "Fyodor, author of the open-source network scanning tool Nmap, posted a story to the nmap-hackers list about having received a number of subpoenas from the FBI this year, demanding webserver log data, none of which produced anything, either because they sought old information that had already been deleted from his logs, or because the subpoenas were improperly served. In every case the request was narrowly crafted, usually directed at finding out who visited the site in a very short window of time, such as a five minute period. Fyodor writes: "If they see that an attacker ran the command "wget http://download.insecure.org/nmap/dist/nmap-3.77.t gz" from a compromised host, they assume that she might have obtained that URL by visiting the Nmap download page from her home computer"."
Update: 11/25 20:21 GMT by T :
Reader kv9 adds a link to Kevin Poulson's story at SecurityFocus.
That seems like a legitimate investigative technique. They're probably trying to match up different pieces of evidence to find the person behind things.
Up shit creek sans paddle.
the text is here
t gz"
Dear Nmap hackers,
Let me first wish you Americans a happy Thanksgiving. Meanwhile, I'm
hard at work on a holiday Nmap version which should be available by
Christmas.
But enough pleasantries -- I want to discuss a sobering topic. With
increasing regularity this year, FBI agents from all over the country
have contacted me demanding webserver log data from Insecure.Org.
They don't give me reasons, but they generally seem to be
investigating a specific attacker who they think may have visited the
Nmap page at a certain time. If they see that an attacker ran the
command "wget http://download.insecure.org/nmap/dist/nmap-3.77.
from a compromised host, they assume that she might have obtained that
URL by visiting the Nmap download page from her home computer. So
far, I have never given them anything. In some cases, they asked too
late and data had already been purged through our data retention
policy. In other cases, they failed to serve the subpoena properly.
Sometimes they try asking without a subpoena and give up when I demand
one.
One can argue whether helping the FBI is good or bad. Remember that
they might be going after spammers, cyber-extortionists, DDOS kiddies,
etc. In this, I wish them the best. Nmap was designed to help
security -- the criminals and spammers put my work to shame! But the
desirability of helping the FBI is immaterial -- I may be forced by
law to comply with legal, properly served subpoenas. At the same
time, I'll try to fight anything too broad (like if they ask for
weblogs for a whole month). Protecting your privacy is important to
me, but Nmap users should be savvy enough to know that all of your
network activity leave traces. I'm not the only one who gets these
subpoenas -- large ISPs and webmail providers receive them daily.
Most other major security sites probably do too. Most of you probably
don't care if someone finds out that you downloaded Nmap, Nessus,
Hping2, John the Ripper, etc. Nothing on Insecure.Org is illegal.
But for those of you who do care, there are plenty of mechanisms
available to preserve your anonymity. Remember this security mantra:
defense in depth.
Cheers,
Fyodor
Even the Nmap Author seems to agree that it could help in the fight against these undesirable script kiddies, etc. However, I think it is great that this author has brought this to public attention, and will hopefully increase oversight of these cyber-investigations.
Of course, we do need law enforcement and this is a legitimate field to investigate so that we can have protected web commerce. With eyes on their activities, we can hopefully keep the Internet free and safe. Thoughts?
"There's no success like failure, and failure's no success at all."
- Bob Dylan
Are we talking about Trinity?
Well, I'm pretty sure that if a person downloaded nmap to a compromised host that person most likely visited the nmap website some time. The problem is that a lot of people visit that site, and it is nearly impossible to weed out the false positives from the person they are seeking. Furthermore, the FBI approach would only work if the person visisted the site recently, which might not be the case. It'd be impossible to figure it out if the person last visisted the namp website several months ago forexample.
Any sufficiently advanced technology is indistinguishable from magic.
Do you know that Google searches are subpoenable?
So Googling your victim, for example, before committing the crime is not very smart.
Unless of course you can randomly change your ip
in a pretty large range of course, heh heh.
If they used Tor, subpoenas wouldn't really have given any useful information away. Then again, it's so sloooow perhaps they'd still be downloading ;).
Let me first wish you Americans a happy Thanksgiving. Meanwhile, I'm hard at work on a holiday Nmap version which should be available by Christmas.
I suppose this new version will give a new meaning to the Xmas scan, no?
In soviet russia, You ask not what country do for you, but what you do for country!
Oh wait...
No wonder he's reticent about providing information.
Fyodors are supposed to remain closed at all times.
(Sorry)
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Seriously, that is the dumbest thing I ever heard.
Nmap is popular as hell - unless they already have a suspect, this isn't going to be useful for them, all it will do is give them a scapegoat 9 times out of 10 - lets say they do get Fyodor's webserver log - which I doubt he'll be keeping in the future, assuming he does now - all that would give them is the IP addresses of a few dozen nmap users - one or two of which may be script kiddies of some sort.
And if they can verify that a script kiddy A downloaded nmap in their window of interest, what are they going to do? Assume they're responsible for the wrong crime and charge him or her. It's stupid and its a witchhunt and it's a shot in the dark.
Of course, if the FBI has already got a suspect, they might be able to strengthen their case, but that's still pretty circumstantial evidence. Not exactly a smoking gun.
Just my $0.02US
Yeah. And Wot? :P
it's the taking apart that counts
I think journalistic language has shifted so instead of typing "he/she" they just type "she" nowadays. I noticed it in a couple of other computer magazines.
It's either lazy typists, new English standards, or some sort of feminist brainwashing.
I wish more webmasters put such letters on their websites. More people would get aware of that surfing the net leaves traces and all of us would have more clear picture of how many subpoenas are served to webmasters.
The FBI has tracked down a perpetrated hacker after a slip-of-tongue by Fyodor in a recent nmap-hackers list posting, relating a female hacker using wget command to get nmap. After searching the homes of the 3 females known by Fyodor, they have identified and captured the assailant.
If they see that an attacker ran the command "wget http://download.insecure.org/nmap/dist/nmap-3.77.t gz " from a compromised host, they assume that she might have obtained that URL by visiting the Nmap download page from her home computer".
Verses cut'n' past from a popular Geek website, perhaps?
"You cannot have a General Will unless you have shared experiences. You cannot be fair to people you don't know."
Yeah, police are moneywasters. Let criminals run free.
I'm not a script kiddie or a cracker, but I have done some interesting things out there. It sends chills up my back to think of the number of times I'd have been caught if a third party download site like this had had a five minute window opened in their logs. I'm impressed by the FBI's request, it's a technique that has a negligible chance of walking over someone's privacy (he even states that there were no results), yet has a good shot of working. I'm surprised that they didn't get anybody. But then again, the FBI aren't in the habit of tracking down small fry.
My first thought when I got that e-mail was that the feds wanted to know who was downloading Nmap pr0n.
Of course, I'm the one who wrote the script and shot the video, so it's only natural.
I think Fyodor is doing the right thing, and I think the feds are just using standard intimidation tactics... but then again, I've always been about state powers as opposed to federal powers. At least with state powers, you can always choose to move to a different state...
HaXXXor.com - Naked Chicks Teach You How To Ha
it's feminism at work. Too many feminists were pissed about journalists using "he" so much that more often they use "she". Enough do it that the feminists can no longer complain to the magazine as a whole about their magazine being sexist as the other articles balance out each other.
Two things are infinite: the universe and human stupidity, though I'm not yet sure about the universe. - A Einstein
Purely for paranoia's sake, the log-to file on my Apache is nul: (Windows system)
And you got a problem with women hackers?
It's time to ditch the male hacker stereotype surrounding computers.
Not all so-called criminals are really "bad" for society, nor does everything the police does acutally help society more than it gives them a false impression to the public that they are actually doing something useful.
I think this is purposeful, and, frankly, smart.
The assumption here is that the person the FBI is looking for is breaking the law, and is cracking boxes and other unsavory things.
Why do we assume that the person is a he?
It is possible that it's a she.
People seem to be more sympathetic to women, and so I'd think this would be a good way to combat the steriotype of male "hackers".
Hmmm...
Perhaps they might catch the odd Script Kiddie (provided their "press button to h4X0r" tool doesn't download Nmap automatically, and if they do know that Nmap exists).
But on the large, they won't catch any serious hacker - first of all, they gonna run through anonymous proxies, secondly they already know the URL (probably in a txt file or something), and thirdly, if they use some kind of tool to help them, self-made or not, it will have a "get Nmap or similar" button.
All in all, nice try, no cigar though.
+++ MELON MELON MELON +++ Out of Cheese Error +++ redo from start +++
Personally I would like to encourage everyone, escpecially ISPs to not maintain logs. That way they can answer every subpeona as unable to comply. But that is just me.
In a language without a pronoun for a person of unknown gender, she is as good as he.
So because something was thought of by someone else means he can't impliment it?
I guess by the way you state things, all developer tools are crap because the ideas were thought of years ago.
Seriously now, he respects our privacy, the FBI does not. He is being a good guy.
Also, have any proof he has "milked" nmap and its only heard of because dumb people (so you think) use it? A lot of smart net admins use it against their servers, which is the point of it.
"They".
Reason why there is hope for the future generation #364:
"I wish my grass was emo so it could cut itself."
...who turned out to be a Slashdot troll pretending to be a woman.
What I'm listening to now on Pandora...
seem to be being fairly reasonable. Short extracts of of logs, apaprently realted to specific offences they are investigating. With a bit of luck they will catch a stupid script kiddie or two. There are plenty of examples of law enforcement agencies abusing there powers, I can not see why anyone thinks this is one of them.
The traditional "masculine includes the feminine" standard seems to be pretty well toast. People are experimenting with all the other ways to write about persons of unknown gender, and I think the one that will win out is to use "they"...which would get your knuckles whacked in English class in my day, but hey, I can get along with it.
Using the feminine all the time has its risks; if you wrote "We don't know who plundered the Fund to End World Hunger, but we're trying to identify her," you might have a spot of trouble.
"He/she" is cumbersome, and "(s)he" is just plain ugly.
rj
So, this girl that has been downloading... are there photos of her? Huh? Huh?
'Thats they exact same thing a banana wrench monkey.'
I can search using an IP owned by google...
F %2Fwww.google.com&langpair=en%7Cen&hl=en&ie=UTF-8& oe=UTF-8&prev=%2Flanguage_toolsF %2Fwww.whatismyip.com&langpair=en%7Cen&hl=en&ie=UT F-8&oe=UTF-8&prev=%2Flanguage_toolsF %2Fwww.entersitehere.com&langpair=en%7Cen&hl=en&ie =UTF-8&oe=UTF-8&prev=%2Flanguage_tools
http://translate.google.com/translate?u=http%3A%2
http://translate.google.com/translate?u=http%3A%2
http://translate.google.com/translate?u=http%3A%2
There must be huge amount of traffic on the Internet - and I guess if the FBI (and ilk) can tie a download to within five minutes of a person downloading a file (albeit a few months later), then it 95% of traffic MUST be 'big brother' monitoring stations [Y'all hear me, FBI guys!!! -> STOP IT!]
I would have cooperated with the FBI. Most likely, the person they're going after has done something evil (I'd bet my money they're investigating a spammer..). ..
And who uses wget to download something from a website, anyway?
I am the maverick of Slashdot
made for backhats
Are those over by the asshats?
There are so many things wrong with this.
Can you challenge subpoenas?
Assume I was drunk when I posted this.
12 years ago I had a CS professor who had been at HP for quite a few years. He typically referred to an "unknown" programmer as she. It's definitely not uncommon or new.
I had a friend bring his computer into the office one day, and to our surprise, when he booted it up, it connected to the network without incident. Only thing is, it wasn't OUR network. He has a wireless connection, and interestingly, someone in the area was running completely unprotected wireless access point. Seems like battening down the hatches is a very smart choice- if the IP belongs to your network, it's you the feds will be talking to.
They're looking for these chicks!
Assume I was drunk when I posted this.
...that it wasn't a Patriot Act subpoena:
he could be prosecuted merely for revealing that he'd RECEIVED it, even AFTER it became defunct.
Welcome to John Ashcroft's post-Constitution USA.
(and why in God's name has he continued preserving logs, after having received even ONE approach from the government?!)
Some people here seem to think that they'd have to be snooping lots and lots of net traffic in order for this to be any good to them. Not so. If you strongly suspect that the perpetrator comes from some small set, like, say, employees of a certain corporation, students at a certain school, etc., then a 5-minute window of logs will likely show only one hit from that IP range. That, along with what they have that leads them to suspect that IP range in the first place could be enough to execute a warrant.
WARNING: there is a trojan on your
I wonder. Why can't they automate the subpoenas?
That way they'd have one ready and well-written in case of a hacker emergency.
Oh well.
If the "translated" site contains any pictures, your browser will download them directly from the server. Unless you're using lynx, or something.
/wideopenbackside.jpg"
The server logs will contain "2004-11-25 23:59 - 80.70.60.50 GET
... have feelings too, the proper way to refer to something unknown is he/she/it, to be abbrevaiated as s/h/it! ;-)
Paul B.
You must be a smart admin then... perhaps you could enlighten us to these amazing tools of goodness (which should be significantly smaller than ~1.5mb source or ~500kb binary, or else they would be "bloated").
Beware he who would deny you access to information, for in his heart he dreams himself your master. -Anonymous
Perhaps you were not paying attention eariler this month. They showed lots of maps of the states on TV. They were all either red states or blue states. Kind of like pick your poison, But there were no green states. Just different types of evil.
I'm an American. I love this country and the freedoms that we used to have.
I'm browsing here at +2. That said, you are the only one rabbiting on about Fyodor's use of language.
--
Don't like it? Respond with words, not karma.
Please. I'm not sure that I would call it a "stereotype," even though it probably could be defined as one. It's a legitimate assumption based on experience. Let's face it: On average, as a whole, "hackers" and people knowledgeable about computers are male. I can count the number of females I know who realize that Windows != computers on one hand. This trend is apparent in other science and engineering fields, albiet to a lesser degree. Why is this? I can't really say, and that's beyond the scope of this article. I'm just saying that I don't think it's fair to say that someone is not thinking clearly and being influenced by stereotypes when they refer to an unknown hacker as male. He is probably saying that becuase all of the hackers he knows are male.
Sleep is futile.
I'm all for public access points but I do think that you should know what you're getting yourself into when you run a public AP. Most businesses especially should make sure they are covered.
A little off topic of the FBI but related to public APs.. Something I like to do is run a public AP that doesn't have access to the Internet. It just acts as something of a localized BBS system. Anyone within reach can message each other, trade files, participate in the forums, or check out the wiki. It's not hard to make it so that someone connecting will get you're entrace page anytime they try to connect to something other than your system. With a decent antenea you can reach a fairly large group of people in a crowded metro area. An interesting way to meet your neighbors.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
Perhaps you don't understand the point behind nmap, but that is exactly why it was created. The idea was to provide a general purpose tool that gave intelligent admins the ability to scan and "attack" their own network with the exact same tools and techniques used by attackers. Nmap provides a centralized tool for all of these techniques that does not involve combing warez sites looking for each individual tool.
Out of all the options that you listed above, the only one I haven't personally used is the decoy scanning as I don't have a use for it. Combinations of the other settings are very useful for checking the setup of both network monitoring tools as well as verifying configurations very quickly across multiple servers or desktop systems. In addition, I have found nmap to be very useful in tracking down certain virus infections. When I know that a virus opens a specific port on a compromised box, I can do a network wide scan and quickly return all hosts that are potentially compromised (as we are talking student computers at a college, we are not directly responsible for the machines themselves).
True, nmap does put this same power in the hands of potentially malicious users, but given that they would have these same tools whether or not nmap existed, I much prefer being able to access them easily myself.
From the "One of the Slashdot Posts Worth Saving" Department:
* --All right, I'm only going to say this once: 'He' is the singular indefinite pronoun in English ("if a person drinks too much, he will likely experience a hangover"). 'He' also happens to be the masculine personal pronoun.
'She' is the singular pronoun of personification in English ("if England fails to advance America's foreign-policy ambitions, she will suffer terrible consequences"). 'She' also happens to be the feminine personal pronoun.
Confusing the two exhibits not a warm-and-fuzzy concern for the inclusion of women so much as a writer's or speaker's ignorance. Using the feminine personal pronoun as an indefinite article is as moronic as using the masculine personal pronoun for personification. Thus the captain greets us: "Welcome to my ship. Isn't he splendid?"
Give it up, people. It's not thoughtful; it's just illiterate. ®
You must have missed all those "haw haw Fyodor knows a girl!" jokes. Count yourself lucky.
Visual IRC: Fast. Powerful. Free.
Unless you're talking about Canada.... in which case it's the second weekend in October :)
Oh god, that woman is John Romero!
linguists don't define English. The people who speak/write it do. That's why e.g. doh is now a valid English word.
HAND.
I think it's just from looking at simple security/crypto convention. The two people who want to to "legit" things with their intarWeb are generally named Bob and Alice. Eve is usually the nasty interloper trying to foil all their plans. So... in crypto at least... your attacker is a chick named Eve.
Oh god, that woman is John Romero!
Mother, Sister, or Aunt?
not be saving our web logs. At least not the ones that keep track of visitors. They can't see what doesn't exist. But I wonder if they could force us to keep web logs?
FBI == Fucking Ballbusting Imbeciles
How many FBI agents do you know?
http://tinyurl.com/3t236
This is I think the perfect type of narrowly targeted investigative technique that I would support. The FBI KNOWS a crime has been committed, and is following and building an evidence trail.
The problem is, the FBI has squandered a lot of their social capital in the IT space by pulling all sorts of ugly students in trolling the net to harasss or intimidate folks or prosucte crimes that folks don't consider serious to merit such strong persuit.
Now, when they take an appropriate approach, folks are still skeptical.
'He' is the singular indefinite pronoun in English [...] 'He' also happens to be the masculine personal pronoun.
...", no one would blink.
You say that as if it just "happened". It's also not true; if you wrote "when a nurse comes, she will start by
'She' is the singular pronoun of personification in English
Ships are usually she. That doesn't mean it's the only pronoun of personification; if you wish to personify an object as male, it's entirely correct.
Confusing the two exhibits not a warm-and-fuzzy concern for the inclusion of women so much as a writer's or speaker's ignorance.
A speaker's ignorance for what, some grammarian's rigid idea of what English should be? It's clear, whatever English was a hundred years ago or even 20 years ago, that using she is appropriate in today's English.
This overbearing post about some rigid rules of someone's conception of what English's rules should be is worth trashing, not saving.
It wasn't me.
I guess we should all use www.anonymizer.com from now on, for everything, or just find a random proxy.
I guess if the FBI wanted they could just snipe me.
Why UNIX?
Fyodor writes: "If they see that an attacker ran the command "wget http://download.insecure.org/nmap/dist/nmap-3.77.t gz" from a compromised host, they assume that she might have obtained that URL by visiting the Nmap download page from her home computer"
How do they assume what time the attacker visited nmap's site in the first place? If i was a well grounded hacker i'd probably have visited nmap's site so many times i have the url memorized, only having visited nmap's site in the first place, years before.
and what's with accusing a 'she' to be the perporting hacker? If anything I think it was they.
Why? What's wrong with a narrowly tailored subpoena in regards to a specific, discrete illegal act?
No, the question is "What's wrong with getting a valid subpoena *before* asking for the logs?" The issue is not the worthiness of the cause, but relying on general security paranoia and flag waving to bypass due process. Fyodor is right to demand a valid subpoena -- if the FBI is such a bumbling set of wankers as to not be able to come up with a subpoena, why trust them to accurately identify the suspect, or to not abuse the information they get?
When in doubt, have a man come through a door with a gun in his hand.
While I accept what you've said (it at least *sounds* correct), can you please provide a link to a similary well-presented but more authoritative source than yourself posting on Slashdot? This isn't a challenge, but just a request for further information. Thanks.
By convention, Eve is a passive attacker, the active attacker is named Mallory, which is usually regarded as a male persona.
So I'm sorry, but that's not the reason Fyodor used "she."
I touch computers in naughty places
> Give it up, people. It's not thoughtful; it's just illiterate. ®
Using male and female pronouns to generate a more gender neutral and life-like (sp?) text has quite a tradition specifically in system administration.
I'm quite amazed that this must be new and controversial to all those old-school hackers on slashdot...
k2r
For an example, one study (Briere & Lanktree, 1983) examined the reactions of students to two sentences: "The psychologist believes in the dignity and worth of the individual human being. He is committed to increasing man's understanding of himself and others" and "Psychologists believe in the dignity and worth of the individual human being. They are committed to increasing people's understanding of themselves and others." The subjects were asked to rate the attractiveness of psychology for the different genders; those who saw the first statement generally rated it as less attractive for women than those who read the second statement.
Bít, zabít, jen proto, ze su liska!
You sir (I assume according to your rules) need to get out more often. I did graduate work at the University of Iowa which is renouned for their writing program. As a participant of this program, I can confidently say that the parent's post lacked a clear explanation of why said rule is true. Yes, the post had some grammar notions, however the grammar arguments were non-sequitor to the issue at hand, which is the he/she problem. Please comeback later with some concrete examples instead of busying slashdotters with your logical fallicies.
You get a C- for that comment. :P
Mallory? .... never seen that in any crypto books or papers I've read. Any online pubs you could point me to that use it? I'm not disputing it (I even mentioned in my post that I thought it was because of the whole "Eve" thing) I've just never seen it.
Oh god, that woman is John Romero!
You know the date of it this year, anyway. Next year the 25th won't fall on a Thursday, so that won't be the date of Thanksgiving.
I'd rather be lucky than good.
Or we could call ourselves I/We/Gaia and have done with all this distrust and computer nonsense.
This is an Asimov reference from reading he/she/it.
Do not meddle in the affairs of geeks for they are subtle and quick to anger
You guys *move* it?
*mutter* just when you think you understand the yanks... *mutter*
As it is now, the reason is apparently political correctness, which is the dumbest reason for anything in the world.
Calling something "Political correctness" is just a way to say that you think the change is stupid. To dismiss something for political correctness is circular reasoning; it's politically correct because it's stupid, it's stupid because it's politically correct.
Use of the male pronoun frequently colors the perception of people as to the possible gender. Switching between male and female is not really a change; as I pointed out, people will frequently use the female pronouns if most of the people in that position are female. To almost exclusively use the male pronoun encourages people to think exclusively in terms of females. At worst, using the female pronoun is equally correct.
Nope...it's always the fourth Thursday in November. Doesn't move an inch.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
An access point without Internet? Sounds exiting! Let us know when you get an actual user.
Life in Orange County
Quote from the jargon file:
In Bruce Schneier's definitive introductory text "Applied
Cryptography" (2nd ed., 1996, John Wiley & Sons, ISBN 0-471-11709-9)
he introduces a table of dramatis personae headed by Alice and Bob.
Others include Carol (a participant in three- and four-party
protocols), Dave (a participant in four-party protocols), Eve (an
eavesdropper), Mallory (a malicious active attacker), Trent (a
trusted arbitrator), Walter (a warden), Peggy (a prover) and Victor
(a verifier). These names for roles are either already standard or,
given the wide popularity of the book, may be expected to quickly
become so.
I love the Google ads that come up on this page: 'Subpoena Servers', 'Download Subpoena Forms', 'Process Server Directory'.
150 Opening BINARY mode data connection for slashdot.sig (129323052 bytes).
Do you suggest that the major contributing factor to the dearth of women in Computer Science and IT is the language which assumes a male subject? I find that hard to swallow, and I suspect others who feel the same way will be reluctant to change their language to pretend that people of either gender are equally likely to be knowledgeable about computers when a quick look around them will show that to be untrue.
I don't think that women are incapable of mastering computer technology or that they shouldn't, but changing around some pronouns is neither the first step or a very important one in getting more women into the field. The language reflects reality.
Sleep is futile.
I don't believe that it is the major contributing factor; it's a small part of a pervailing attitude, and that attitude is what needs to be changed.
Bít, zabít, jen proto, ze su liska!
Yeah, right.
...
Umm, sorry."
If you give government power - and money is economic power - that power will be abused.
So don't give 'em any!
While not exactly non-existant, among hackers and engineers, the female population, in my experience is statistically insignificant -- on an order of .5% in the groups I've seen.
:P
You're a tiny minority. Get over it. It's not mens fault that no women get into those fields. TRUST ME. THEY'RE MORE THAN WELCOME.
It's been a long time.
Is it renowned for its English program, since that would seem a lot more relevant to a specific grammar question? Part of writing (especially as an art form) grants a lot of leniency in these kinds of areas, so any citations of particular rules would be a pointless.
Are you really serious? What would the splitting of these networks even do? Obviously people need access to the financial network , why would they refrain from mischief on the financial network and not on the other network?
And how exactly would you propose that we create two 'networks' ? Are we to mandate that no computer on Internet A be able to connect to Internet B ? Because if this isn't the mandate, then you'll have entirely defeated the purpose of the separation. And this mandate would be far from enforceable...
Given the popularity of nmap, wouldn't that still be a bit of a needle in a haystack? If the FBI had a 5-minute window, and knew that the attacker had connected to, say, /., in a certain 5-minute window, would getting a subpoena really have any effect besides information overload?
To fight the war on terror, stop being afraid.
By chance I have used a system which makes me mostly untrackable by their idea. I usually don't go to a webpage to find Stuff I have previously downloaded but instead do a grep -i exodus /var/log/squid/access.log and then get something like
m v - DIRECT/194.105.226.148 text/plain
1099791026.435 1899 10.0.3.82 TCP_MISS/200 171397 GET http://eve.skjalfti.is/video/EXODUS_Trailer_v1a.w
And I am not even a hobbyist hacker, just someone too lazy to search through web-pages over and over again and with a little technological background.
"Life is short and in most cases it ends with death." Sir Sinclair
I've had actual users. It's a pretty nifty little service to offer. It has a nice community portal feel to it. I think it has a lot of potential for something like a matchmaking site. It is, of course, a lot more fun to get a hookup with someone that lives a block away than someone that lives dozens or hundreds of miles away. And it's a way to swap files with much less chance of having anyone bust you. Things like that make it good.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
D'oh!
Your head a splode
Think about it.
Hacker uses own browser to find url for nmap
does wget on compromised box to nmap.org
Hacker uses own browser to find url for tcpdump
does wget to download tcpdump
hacker does lookup of url to rootkit on packetstorm on their machine
hacker wgets rootkit from shell
Chances are that if there are matching ip addresses in all 3 logs to separate sites in a short span of time that that person is responsible. Not listing the parent pieces of the website to find the download link is another clue.....
Remember that you are unique, just like everybody else.
(s)he" is just plain ugly
Yeah, reminds me of lisp too.
I do regard political correctness as stupid, but not all that is stupid is politically correct.
"Political correctness" basically means "something pointless that you do for purely political reasons". The line between verbal "political correctness" and "politeness" is whether you think something is a good idea. If you call Ms. Ferraro a "stupid whore", are you being politically incorrect, or rude? What about if you call her "Mrs. Zaccaro" instead of "Ms. Ferraro"?
If something is politically correctness, it is obviously bad. Therefore, if people think something is good, then it's obvious they don't think it's political correctness, and saying it is doesn't forward the argument.
"To almost exclusively use the male pronoun encourages people to think exclusively in terms of females" - I don't understand? I think you meant something else here.
Of course, sorry. Switch the last word of that sentence.
But I've got a more direct argument that this isn't politically correctness. Politically correctness centers around forcing other people to conform to your rules. If I were arguing that you should use both she and he as generic pronouns, that might be politically correctness. But I'm not; I'm arguing that those of us who want to can use them as generic pronouns. That's not political correctness; that's freedom of choice.
There are virtually no female hackers. Pick whichever adverb you want. Don't throw a fscking bitch fit because you perceive, for whatever reason, that the males among us somehow don't "recognize" female hackers (or female geeks for that matter).
The simple truth is that we're such an extreme minority that it is no wonder we are overlooked in most texts. I have stopped being offended by the seemingly exclusionist behavior because I'm smart/mature/whatever enough to realize that isn't really what it is.
So in short, get over yourself. The injured-ego oppressed feminist act gets old real quick, especially among hackers (since you seem to be claiming to be one yourself).
"He does look a bit Oompa like, even if his Loompa is a bit off-kilter."
Kevin Poulsen: The author of the popular freeware hacking tool Nmap warned users this week that FBI agents are increasingly seeking access to information from the server logs of his download site, insecure.org.
I'd like to know exactly when nmap was officially dubbed a "hack tool." It is merely a port scanner! Port scanning != hacking. One might argue the article is writen in laymans terms -- as most news is. However, I think in the case of nmap, a politically technilogically correct phrase would be "a tool commonly used by 'hackers.'" Negative conotations bother me.
"It's not mens fault that no women get into those fields"
:P"
A search engine will tell you that sexual harrassment is a big problem for women online.
"TRUST ME. THEY'RE MORE THAN WELCOME.
I think the attitude speaks for itself.
but some of my friends got busted for smoking pot in their dorm... except they werent - they had smoked off campus hours before. anyway, the cops "smell" it from the hallway after being notified by an RA and then push open the door to the room to see 4 people passed out around a tv and a half empty forty. so now the cops are in the room to stay - half an hour later there's a warrant, and i was doing my best to advise my friends so i told them to read it to me. the cops close the door. so i shout for them to yell it; the cops say we're being too loud after midnight. so my friend calls me on the phone - and we see the warrant is dated for the NEXT day. blah blah, another warrant comes in, things get confiscated, papers are filled out and such.
end of the story? no charges were ever filed, not only due to the whole debacle of a post dated warrant, but also because they failed to knock and announce themselves before opening the door.
just know your rights and read the paperwork - dont let them drown you in it. and if youre too bored to, hire a lawyer
Perhaps the English language requires a new term to represent a gender irrelevant person. After all, the language is shaped by usage. My suggestion is 's/he'. I generally use this as the meaning is clear without any political (i.e. feminist) agenda or alternate inference detracting from the substance of my statement.
Another version: He, She, or It becomes H/or/sh/it.
I am officially gone from
This was modded *insightful* ?
Are you saying that the FBI should be banned from investigating any and all activities occurring on the internet ?
Or are you just a flaming idiot ?
Cheers.
*I almost typed "gives the right" but that is NOT how the Bill of Rights works
--Hooptie
"Heavens, it appears that my weewee has been stricken with rigor mortis!" -- Stewie Griffin
Maybe you can do this. However the law requires some record to be kept. Some places (stockbrokers) need to keep email for 7 years. Fail to keep the records, and they may not get you on the records, but typically not keeping records is a crime worse than what you hid. (if it was less everyone would destroy records and take the reduced sentence if caught)
Of course you would need a lawyer to figure out when you are allowed to delete what. I guess thats my point though: ask a lawyer what you should do.
A search engine will tell you that sexual harrassment is a big problem for women online.
:P"
How about in off-line groups, like engineering school? Were they pre-emptively sexually harassed somehow so they didn't sign up for those classes? I suppose all the women who joined non-engineering programs were harassed into it?
"TRUST ME. THEY'RE MORE THAN WELCOME.
I think the attitude speaks for itself.
You have no idea who I am. You have no idea how I think. Don't dare to think that you can throw my thoughts and feelings into the bit bucket just because they fall into your worldview.
My fractured psyche is the direct result of horrible people like you, the people who would rather go and talk about all the injustice in the world and beat down anyone who disagrees than just admit that there are differences which should be celebrated while still having equal rights. The cognative dissonance between the world as it is and the world as it seems thanks to those who don't want equal rights as much as for men and women to cease to exist, to create one species-wide unisex with no different behaviours, thought patterns, or social interactions.
Yes, this idea of the unisex, where a beautiful woman isn't really so because it's not PC for the facts to be so, or for a man and a woman to fall in love(or lust, or even THINK about each other that way, ever), is very convenient for the massive corporations that think of us as resource units rather than people. Having lived the orwellian nightmare of doublethink, however, and continuing to live in it because of a lifetime of indoctrination, I can see now that it's not worth it. It's not worth the anguish. Life is more wonderful than that. Women are more than just working machines not to be differentiated from anyone else for any reason, just as they are more than breeding machines, to be differentiated and oppressed.
God forgive me for being human, but I can't and won't take it anymore; Women are absolutely welcome in the engineering and programming fields. It's more fun than marketting and cheaper than art studies, and their wonderful differences could change the field for the better in many ways.
If you have a problem with that, it's a problem with you, not a problem with me. God knows I've paid my PC dues.
It's been a long time.
...it WASN'T a PATRIOT Act subpoena, and you STILL got modded to +4 for the tired references to it and Ashcroft.
And he's resigned, for fuck's sake. Can we be on with it now?
Let us maintain the status quo in that respect :)
I don't have a problem with you, rather with the way the world is - that's all. In relation to the original post, it does remain that sexual harrassment is a big discouragement for women in traditionally male-dominated areas on and off the internet, and men are responsible. It's not about PC, it's about respect.
I guess considering the response it generated, someone should mod my post flamebait in hindsight. At least people are paying attention. It is far worse to be ignored.
Not to mention offtopic. Considering the emotions surrounding this (offtopic) issue, I would encourage Slashdot to run a separate news item on it.
The world is a big place, filled with over 6 billion humans.
Perhaps things are different where you are.
It's been a long time.
How about in off-line groups, like engineering school? Were they pre-emptively sexually harassed somehow so they didn't sign up for those classes?
Yes, sometimes. I've heard several horror stories where a student would present a list of career choices to a counselor and the counselor would go down the list until he or she could find a job that was "suitable" for women. Or just look at slashdot; you can find several incredibly hostile posts around this one, but notice even the way that the very concept of a female hacker or programmer get incredulous and sexual remarks whenever it shows up. I wouldn't want to be part of an industry where I was going to be isolated, not by not having people of the same gender around, but by having people treat me as an alien because of my gender.
My fractured psyche is the direct result of horrible people like you, [...]
If you can't handle discussing this, then don't get involved with discussions of it. Blaming your fractured psyche on it is absurd; if it would fracture your psyche, then your psyche never could handle real life situations. If we can't discuss things, we can't find consensus and truth.
Thanks
Oh god, that woman is John Romero!
Don't worry, the FBI has a backup.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
nmap is not a crack tool. It is a dual-use product useful to netadmins. While it can be used by crackers, its intended function is to investigate networks. Money can be used by terrorists to buy weapons, but I haven't seen anybody to say that money is a terrorist tool. Also, we should say "cracking" instead of "hacking".
not s/he. [s]he
"Reality is that which, when you stop believing in it, it doesn't go away." - Philip K. Dick
It's not the discussion, it's the reality of the world. Every time I look at a woman all these absurd defense mechanisms go into action so I don't accidently see something other than another man, because I've been indoctrinated from birth about how horrible it is to treat women as anything other than men.
If that's not fractured, I don't know what is.
And one thing leads to another. If there are no women in the field, then men are going to be incredulous that there are women in the field. We're very transparant that way.
It's been a long time.
wget --user-agent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" http://download.insecure.org/nmap/dist/nmap-3.75.t ar.bz2
Does that not solve the problem?
"They" is the singular indefinite pronoun in my dialect of English ("If a person drinks too much, they will likely experience a hangover"). "They" also happens to be the indefinite plural pronoun.
Shakespeare's, too.
Become a FSF associate member before the low #s are used