Slashdot Mirror
Spamhaus Under DDoS Over Wikileaks.info
achowe writes "Steve Linford of Spamhaus sent this to a private anti-spam list and asked that the message get out far and wide: 'For speaking out about the crime gangs located at the wikileaks.info mirror IP, Spamhaus is now under ddos by AnonOps. As our site cannot be reached now [actually sporadic], we can not continue to warn Wikileaks users not to load things from the Heihachi IP. ... AnonOps did not like our article update, here is what we said and what brought the ddos on us.'" At the conclusion of this message: "Spamhaus continues to warn Wikileaks readers to make sure they are viewing and downloading documents only from an official Wikileaks mirror site. We’re not saying 'don’t go to Wikileaks' we’re saying 'Use the wikileaks.ch server instead.'" Here is Spamhaus's full warning.
I'm beginning to wonder if AnonOps/Anonymous is a false flag operation. They seem to be doing more harm than help to Wikileaks. Their targeting is inept (they previously targeted the wrong DNS provider), their timing is inept, and Wikileaks doesn't need them to stay on line.
Kids these days! Their reading comprehension skills are practically nil.
The supposedly offcial twitter account at http://twitter.com/wikileaks seems to be a scam by the same folks. The wikileaks.org link there redirects to the .info domain, which is clearly a shoddy website (different layout, bunch of shoddy "mirrors" with the same IP address, etc).
Be warned.
now they're slashdotted, too.
I just asked anonops about it, they're not attacking spamhaus.
They have done nothing, not a single thing, to help and everything to hinder.
Gone!
When you have a large DDoS tool at your beck and call, who has time to bother with accuracy and trifling details like the truth? This is just further evidence that "anonymous" is some unemployed young adult.
The profile of anonymous becomes less and less one of sophistication and intelligence and more that of teenage angst and a limited understanding of technology daily.
#fuckbeta #iamslashdot #dicemustdie
Will they now start a DDoS on Slashdot?
The Tao of math: The numbers you can count are not the real numbers.
Use wikileaks.cn, right.
AnonOps is NOT attacking Spamhaus. Get your facts together before you start going on about people being stupid or "kids these days." Spamhaus appears down, but AnonOps isn't doing it. They're still focusing on distributing pamphlets and such shit.
I just clicked the link and thought the same. :-)
Nothing on 4chan except one post refering to this article asking as most of we are, WTF?
I think someone is using the Anon group identity to do something unrelated to the actual group/movement or whatever.
Those who can, do. Those who cannot, sue.
maybe if Anonymous got /.'d that thought would be moot
Slashdot does not need to have someone else create a DDos... The only thing Slashdot needs to create a new front page story about slashdot...
The slashdot effect in full effect on slashdot itself.
I think they are just angry idiots with too much time on their hands. There's a reason why vigilantism is so frowned upon and force out in a civilized society: Vigilantes suck at justice. They shoot first, ask questions later. They are all about the Great Cause(tm) whatever that cause happens to be and don't do a good job thinking about any trouble they cause.
Now this is made even worse by the /b/tards because they are not very organized, operate with what they believe to be impunity, and are often kids.
So my bet is not a false flag op, just a bunch of dumbasses causing trouble. They've decided that Wikileaks will be their Great Cause(tm), until they get bored and find something else, and lash out at any perceived enemies of it without thinking about it.
In the case of it getting /.'ed or DOS'd (like TFA link to nanozen.info)
Wikileaks Mirror Malware Warning
2010-12-14 17:00 GMT, by Quentin Jenkins
On Monday Spamhaus became aware that the main Wikileaks website, wikileaks.org, was redirecting web traffic to a 3rd party mirror site, mirror.wikileaks.info. This new web site is hosted in a very dangerous "neighborhood", Webalta's 92.241.160.0/19 IP address space, a "blackhat" network which Spamhaus believes caters primarily to, or is under the control of, Russian cybercriminals.
Important: this warning is issued only for wikileaks.INFO, NOT Wikileaks itself or any other Wikileaks site. Wikileaks.info is NOT connected with Julian Assange or the Wikileaks organization. For a list of real Wikileaks mirror sites please go to wikileaks.ch
The Webalta 92.241.160.0/19 netblock has been listed on the Spamhaus Block List (SBL) since October 2008. Spamhaus regards the Russian Webalta host (also known as Wahome) as being "blackhat" - a known cybercrime host from whose IP space Spamhaus only sees malware/virus hosting, botnet C&Cs, phishing and other cybercriminal activities. These include routing traffic for Russian cybercriminals who use malware to infect the computers of thousands of Russian citizens.
The fact that recently some unknown person or persons decided to put a Wikileaks mirror on Webalta IP address 92.241.190.202 should raise an alarm; how was it placed there and by whom. Our concern is that any Wikileaks archive posted on a site that is hosted in Webalta space might be infected with malware. Since the main wikileaks.org website now transparently redirects visitors to mirror.wikileaks.info and thus directly into Webalta's controlled IP address space, there is substantial risk that any malware infection would spread widely.
Spamhaus also notes that the DNS for wikileaks.info is controlled by Webalta's even more blackhat webhosting reseller "heihachi.net", as evidenced by the DNS records for the domain:
wikileaks.info. 14400 IN A 92.241.190.202
wikileaks.info. 14400 IN NS ns2.heihachi.net.
wikileaks.info. 14400 IN NS ns1.heihachi.net.
Spamhaus has for over a year regarded Heihachi as an outfit run 'by criminals for criminals' in the same mould as the criminal Estdomains. The Panama-registered but Russian/German-run heihachi.net is highly involved in botnet command and control and the hosting of Russian cybercrime.
We also note that the content at mirror.wikileaks.info is rather unlike what's at the real Wikileaks mirrors which suggests that the wikileaks.info site may not be under the control of Wikileaks itself, but rather some other group. You can find the real site at wikileaks.ch, wikileaks.is, wikileaks.nl, and many other mirror sites around the world.
Spamhaus takes no political stand on the Wikileaks affair. We do have an interest in preventing spam and related types of internet abuse however and hope that the Wikileaks staff will quickly address the hosting issue to remove the possibility of cybercriminals using Wikileaks traffic for illicit purposes.
More information on the SBL listing of Webalta's 92.241.160.0/19 is here:
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL68370
Spamhaus is not alone in issuing this Wikileaks mirror malware caution. On Sunday researcher Feike Hacquebord at fellow anti-spam system Trend Micro issued a similar warning in the Trend Micro Malware Blog. (http://blog.trendmicro.com/wikileaks-in-a-dangerous-internet-neighborhood/)
the russian criminals are using the whole wikileaks/anonymous affair as a cover to attack one of their archenemies: spamhaus, while trying to paint spamhaus as the bad guys.
Mark my words. The kinds of people who run and support Wikileaks are NOT a good replacement for the kinds of people who currently run the world.
"Meet the new boss, same as the old boss". This could be revised "Meet the new boss, same or even worse than the old boss; but claims to be better".
1) This DDoS attack does not seem to be originating from Anonymous but from AnonOps which is a cybergang-related IRC server and the DDoS seems to be originating from a real botnet of hijacked Windows computers, not LOIC.
2) Spamhaus warned about wikileaks.info which seems to be hosted by the same criminals and is posting false Wikileaks statements.
3) Wikileaks.org has been taken over by these criminals and is redirecting to http://mirror.wikileaks.info/ which is NOT sourcing from wikileaks.ch (and other mirrors like http://www.wlmirror.com/)
It seems to me the US Gov'mint has 'fixed' their Wikileaks problem by a campaign of misinformation and probably paid these Russian criminals to host the false Wikileaks site. It wouldn't surprise me if the wikileaks.info sites started to have certain damning documents disappear or specific ones infected just to track who's reading what.
Custom electronics and digital signage for your business: www.evcircuits.com
Anonymous is very weird to understand. It functions similar to a terrorist bloc (note I am not calling anyone a terrorist).
If I toss a bomb in the middle of a street and kill 50 people - and I write "Terrorist Group X was here" - who's to say it wasn't them? Or if say a terrorist group decides to take credit for the BP spill - who's to say its not?
Its impossible to work out whether it was anon or not. Its impossible to actually call 'anon' a group. Its just a bunch of people who - at will - decide to partake in DDOS attacks. Its not a collective body, its a number of individuals - and its stupid to think otherwise. If I'm in a group with 100 people, and someone says "Lets DDOS Bank of America", if I agree with it, I'll take part. If someone says "Lets DDOS Spamhaus", and I disagree, I won't take part. There's no real leader. Its all chaotic.
So enough with blaming anonymous for this ddos. For a start you have no proof. To continue, anon isn't a group - its a bunch of people following 'random' leaders, and the ranks change frequently depending on who feels like 'some lulz' that day, and who agrees or not.
In fact how do you determine an action as being done by Anon? Done by the 'leader' ? No real leader. Done by a large amount of the group? Not a very good measure.
If I succeed in telling (say) 50% of anonymous that attacking this site is for their better - then will 'anonymous' be attacking the site? Does it matter?
Summary: Anonymous isn't a rigid structure with leaders, anonymous is an amount of individuals who individually follow a leader at that point in time because they agree with that leader at that point.
Let me first be crystal clear on this: I support wikileaks.
Let me then be equally crystal clear on this: I consider anonymous morons.
There is no conflict.
On a personal sidenote, I would personally think that the CORRECT way to handle KIDDIOTS would be to return their packets to the kiddiot in question, by air mail. Written out. On stone tablets...
Spamhaus seems to be pretty quick in assuming that wikileaks.info is malicious.
Apparently the site is hosted by a Russian company known to host malware and phishing sites. But how does this prove anything? They might as well be ordinary customers of a webhoster who doesn't take sites down easily.
Somebody who won't take malware sites down probably won't bow to political pressure to take down a Wikileaks mirror - or so they hope. "Outlaws" of whatever kind have a very reasonable interest in common: to evade prosecution and punishment. Whether you're stealing credit card numbers or publishing government/corporate secrets doesn't matter in this context.
Proud member of the Ferengi Socialist Party.
"Anonymous" can be the CIA trying also to discredit the other Anonymous ......
Excuse me for asking, maybe I'm the teenage dumbass here, but where is the proof that AnonOps is actually behind the DDoS currently aimed at Spamhaus? And why are there so many here bashing at AnonOps without asking this crucial question first?
Never attribute to malice that which is adequately explained by stupidity.
+1 for you, sir.
Screw all this talk, lets look at the page source code and go from there. I booted Knoppix, and pulled up Iceweasel and copy and pasted the page source from wikileaks.info. My html and Javascript skills are not the sharpest. My skills are best in other areas. However, I noticed there is too much talk and not enough transparency here so I posted the page source so hopefully someone would analyze it and talk about the contents rather than jumping on sides of the arguments like some deranged trolls. Lets have a discussion that not owned by a bunch of drama queens, True geeks work with logic, not Drama. End of anti-troll rant.. Heres the pastebin link. http://pastebin.com/dyMkdZEG
My first computer had 1024 bytes of ram
Any proof that the DDoS is caused by Anonymous, or is that what all DDoS'es are gonna be blamed on from here on out?
The ones that once they black-list your IP address, they ask for money in order to remove you from the list? I say nuke the trolls
It seems much more plausible that either this wikileaks.info related cybergang is performing the DDoS themselves, stirring up other communities to perform DDoS, or both. I have no experience with this AnonOps group, but I have spent a lot of time looking at *chan culture. As haphazard as a collection of 'anonymous' users generally is, they do not actually get to the point of performing an attack against something without hearing many sides to the story. That is one of the benefits of having so many individuals actively involved rather than an army unthinking zombie computers.
.jpg's, between their collective experience they can collate enough data to link seemingly completely unrelated photos to the same household or person. I have seen this happen over the course of a few threads and the experience was like watching a higher consciousness at work. It totally blew me away.
For example, given enough
They will have people who actually do look at what is specifically being blocked by Spamhaus, why, and verify the authenticity of said claims. When you have threads of people calling for destruction it may be hard to turn away the mod mentality, but when people start posting clear facts it can and will do so, leading to the impending attack falling apart before it reaches critical mass.
I don't know much about this AnonOps group as of now, but if they are made up of enough individuals even this article will definitely reach them. As to if they will care, depends what their real goal is I suppose.
Who would benefit from even just one leaks site having compromised material?
Hyperbole much?
http://wikileaks.info/press/spamhaus-false-allegations-against-wikileaks.html
Spamhaus' False Allegations Against wikileaks.info
Published 15-Dec-2010, 8:00 AM GMT
On Tuesday, 14-Dec-2010 Spamhaus has issued a statement wherein it labels wikileaks.info as "unsafe", as they consider our hosting company as a malware facilitator:
http://www.spamhaus.org/news.lasso?article=665
We find it very disturbing that Spamhaus labels a site as dangerous without even checking if there is any malware on it. We monitor the wikileaks.info site and we can guarantee that there is no malware on it. We do not know who else is hosted with Heihachi Ltd and it is none of our business. They provide reliable hosting to us. That's it.
While we are in favour of "Blacklists", be it for mail servers or web sites, they have to be compiled with care. Just listing whole IP blocks as "bad" may be quick and easy for the blacklist editors, but will harm hosters and web site users.
Wikileaks has been pulled from big hosters like Amazon. That's why we are using a "bulletproof" hoster that does not just kick a site when it gets a letter from government or a big company. Our hoster is giving home to many political sites like castor-schottern.org and should not be blocked just because they might have hosted some malware sites.
Fortunately, more responsible blacklists, like stopbadware.org (which protects the Firefox browser, for example), don't list us. We do hope that Spamhaus hasn't issued this statement due to political pressure.
Wikileaks.info will always be safe and clean. Promised:
Google Safe Browsing Check for wikileaks.info
Update (15-Dec-2010 17:00 PM GMT): Spamhaus has updated their statement to say that they don't blacklist us.
The wikileaks.info Team
When the king heard the words of the Book of the Law he tore his robes.2Kings22:11
It looks more like the Russian crime rings who operate in that IP range is protecting their new malware distribution mechanism (wikileaks.info).
They obviously have the power to DDoS.
It would benefit to veil this DDoS as Op:PayBack.
They block entire subnets and shut off your service without warning with their free lists. Very unfriendly behavior. I won't use them because they are dicks.
... 14 year old kids fully read warnings. Or thoroughly look in fridges for what they want.
http://www.google.com/safebrowsing/diagnostic?site=AS:41947
A girlfriend? See, we already know he's lying.
Humans are terrible replicators of Godly things.
Can't quite figure out where the AnonOps link to the Spamhaus DDoS comes from besides that, considering calls for ceasefire/"peacefire" and this image were being passed around since this morning.
There was someone DDoSing the hell out of AnonOps starting yesterday, which ended (at least it seems to have) just a few hours ago, constant netsplits and stuff, so I don't know how anybody could even organize an attack on Spamhaus with that kind of disruption, let alone with little to no reason.
It's interesting to note that there was a group using the AnonOps irc network today that wanted to attack a "bilderberg group" website, and would do so even if it wasn't officially condoned or agreed to. A similar attack happened on DynCorp the other day but I heard claims that they "pulled out". If Spamhaus was to be attacked it would have been noted in the topics of popular channels, but it was not. Note that the argument "they're just denying it" doesn't work because the people who partake in these attacks are usually "proud".
I think in this case in particular, it's safe to say that AnonOps/OperationPayback/et al, were not involved.
I don't partake in any of the morally/legally ambiguous stuff, I just report on it.
Here's a quick survey in #target @ AnonOps irc
(una****) just to confirm: spamhaus wasn't anonops?
(ano****) no
(sti****) nope
(Sky****) no
(una****) okay thanks
Names partially withheld to protect the innocent
As I understand it, some of these servers are hosted on IP addresses shared with other websites, and apparently this setup is incompatible with SSL
Bullshit. There's nothing about virtual hosting that prohibits the use of SSL.
In addition, we have not yet identified a signing authority that we feel confident that would be resistant to coercion and subornation by agencies looking to discredit or manipulate Wikileaks. (Got a suggestion? Reply to this post!)
Oh PLEASE. Then make your own CA (it's not hard, you need a laptop and a safe deposit box) and publish the CA's public key via multiple methods. If the tech community can distribute the keys to DVD/Bluray encryption schemes, it can probably handle this.
Also: dump Julianne - he's toxic as hell. The media are being whipped up into a feeding frenzy and focusing on him and his legal issues exclusively, instead of the content of the leaks. Which is the dream of the governments around the world, because the press are no longer covering the leaks. The second those charges came out he should have stepped down officially, and let someone new take the helm, at least as the public face. Preferably someone who wasn't having sex with near-strangers and bragging about his "work" on a free dating site.
Your organization's mission has been completely subverted by the fact that Julianne didn't have the foresight to realize that it might be a good idea to keep his dick out of strange pussy before and during the organization's work.
Please help metamoderate.
can you use OpenSSL/CyaSSL/PolarSSL with a self-signed certificate? GnuPG?
https://secure.wikimedia.org/wikipedia/en/wiki/Web_of_trust
The thing I don't get is how they were able to wrest control of wikileaks.org.
The .org domain was with DynaDot and they had (and still have) CLIENT TRANSFER PROHIBITED set.
So why would a US-based domain firm which suspended Wikileaks in fear of the US government then control back over to either
1) a group purporting to be WikiLeaks, or
2) a group they knew was Russian criminals
?
I'm not a lawyer, but I play one on the Internet. Blog
All this fighting among activists only helps the established powers. I think many people would agree on the issues to fight for with some more patient, calm discussion of them. It's necessary to stick to the central, universal issues, and leave aside the minor details and issues. I think the central issue, which many can fit their flag with, is violence - all forms of violence, including economic exploitation, religious intolerance and exclusion, racial violence and discrimination, as well as sexual, moral and psychological violence. Ideas from the humanist movement. In the case of Wikileaks here, many of those forms are being used against them.
Build your own energy sources from scratch. http://otherpower.com/
http://www.spamhaus.org/news.lasso?article=665
Update 18 December ***Incorrect data redacted*** (click to read)
[See newer information on DDoS in update below]
A DDoS attack was launched on www.spamhaus.org today in retaliation for us warning Internet users about the Russian-German cyber criminals behind the Wikileaks mirror wikileaks.info.
Spamhaus is currently under a 2.1Gbps DDoS attack which began at 05:20 CET. As we are used to DDoS attacks from cybercriminals our anti-ddos defences are holding and our web servers are still operating, a little slower than normal.
By no coincidence, the 'AnonOps' DDoS group irc.anonops.net is also hosted by the same Heihachi Russian-German cybercrime gang in the same CIDR as wikileaks.info:
wikileaks.info = 92.241.190.202
irc.anonops.net = 92.241.190.94
In addition to the LOIC and *OIC tools issued to dimwitted script kiddies to DDoS "enemies of Anon" with, AnonOps appears to be now escalating its DDoS attacks using dedicated criminal botnets (botnets of illegally hijacked PCs), and now appears to be directing DDoS attacks not at "enemies of Wikileaks" but at "enemies of our criminal bosses".
There is palpable irony in a DDoS being used to prevent exposure of a probably-false Wikileaks mirror that could potentially harm Wikileaks and Wikileaks readers. We hope that AnonOps supporters appreciate the irony as much as we do.
Update 19 December
We have been analyzing the traffic patters of the attempted DDoS attack against Spamhaus that started yesterday. We are seeing that it is made up of UDP and Syn flood type packets. This is not the profile of DDoS traffic from the LOIC and other *OIC tools issued to script kiddies to DDoS "enemies of Anon" with. In fact, at some semi-private forums, the AnonOps members have denied the DDoS and have stated how much they hate spam and would not attack Spamhaus. It would seem some actually read and understood what our warning message was about. Rumors are that they have also distanced themselves from members who were promoting the use of botnets to attack sites.
This now looks far more likely to be the work of people running, or hosting at, Webalta or the Heihachi cybercrime group. Possibly angered with the attention this wikileaks.info article brought to their dirty section of the internet. When one hosts spam servers, malware, Zeus and other botnet command and control (C&C) servers, bank phish sites and "backends", child exploitation sites and other badness, keeping off-the-radar is a must. Perhaps Russian authorities are now looking closer at this Webalta and its datacenter, as Russian citizens and banks are often the target of the people running systems there.
As we do when hit by these attacks, Spamhaus is working with both network experts and law-enforcement agencies to find and shut down the botnet used for the DDoS and to try and track who may be behind it.
When the king heard the words of the Book of the Law he tore his robes.2Kings22:11
Oh Good Lord, its the HOSTS file troll. I thought you only irritated people on Opera and other browser threads? For the rest of us you can either just use the free Comodo Dragon browser and pick the "yes I'd like to use the secure Comodo DNS" box on install, or if you are attached to your browser one can just go here for simple instructions on switching over to Comodo Secure DNS.
Either way you'll have real time blacklists that you don't have to maintain, phishing and DNS cache poisoning protection, and most importantly don't have to play "whack a mole" by futzing with HOSTS files. I mean jeez, what do you think this is, 1997?
ACs don't waste your time replying, your posts are never seen by me.
Did this oversimplified world of right and wrong just get a little grayer? This is starting to sound a little like the petty political goings on of a national state department. I think someone should establish a clearinghouse for the disclosure of private correspondence of these organizations. Then we could feel self righteous about the whole thing by reading small exerts of complicated issues and making snap judgments about things that are far more complicated than we have time to really understand. After all we can use computers better than most people so isn’t it our obligation to disproportionately use that power to push our opinions especially on anyone who disagrees. I mean people need to know things. Things like: it is not right for countries with big guns to force their will on countries with smaller guns. And if they don’t get it, we will have to “convince them” using the weapons; I mean tools, at our discretion. Then the world will know we are not like them at all!
http://it.slashdot.org/comments.pl?sid=1916240&cid=34607890
See you there... & there? Well - we'll see how that "bottom-of-the-barrell U" mere certification stands up to someone that has 2 actual degrees around the computer sciences, on the topic of HOSTS files, browser addons, & DNS servers!
(You called me some names? Let's see if an ad hominem attacking troll like you can "back up your bluster"... this is going to be FUN!)
APK
tb;dr
(too bold; didn't read)
Per my subject-line above? Your "effete downmod squad" http://www.youtube.com/watch?v=kd85Qim_Z6A (lol)?
That rather effete retaliation just doesn't appear to be very effective vs.:
http://it.slashdot.org/comments.pl?sid=1916240&cid=34608660 (the "downmod squad")
or most especially, this ->
http://it.slashdot.org/comments.pl?sid=1916240&cid=34606776 (my points in this post on where & how HOSTS files can help you) now, is it?
Nope.
Still - go ahead, keep downmodding me (because, sooner or later you'll run dry on "mod points" which is what I am hoping to achieve, lol) & showing everyone here reading just HOW WEAK & TECHNICALLY INEFFECTIVE YOU ARE, vs. facts in favor of HOSTS files!
APK
P.S.=> I can keep this up, & keep pointing others to what you're "downmodding" me on, & no stupid "10 posts per day AC restriction limit" stops me either, IF you're hoping for that... apk
APK is not a troll, he is mentally ill.
"APK is not a troll, he is mentally ill." - by Anonymous Coward on Sunday December 19, @02:12PM (#34608996)
No, I am just LAUGHING MY ASS OFF, watching "hairyfeet" post in reply as AC & running from a challenge I gave he, instead of disproving the points in my post here about HOSTS here -> http://it.slashdot.org/comments.pl?sid=1916240&cid=34606776
HOWEVER most especially, here, he's doing the same -> http://it.slashdot.org/comments.pl?sid=1916240&cid=34607890 (vs. Adblock, & DNS deficiencies)... hehe, the captcha for me is "LAUGHTER", no doubt!
By the way, since you're using more "adhominem attacks" calling me crazy etc. quoted above?
Ahem: Care to show us your PHD in Psychiatry, & your license to practice it, as well as your formally administered examination of myself in professional settings for your "snap prognosis/diagnosis" there, Mr. /. "sidewalk surgeon"?
Watch the troll run!
APK
P.S.=> Getting the better of "the likes of you", complete with your EFFETE "DownModSquad" (lol -> ) tactics? Ah, I gotta say it, as per usual, vs. your running like scared chickens, lmao "too, Too, TOO EASY", just TOO ez...
(Especially when you're confronted on things you have NO CLUE ON, after shooting your mouths off stupidly as usual (which you know is true, hence, the "downmod squad" puny tactics - you're only showing us all, you f'd up!)... apk
Hey everybody, I'd like you to meet my new pet, please excuse the smell or the fact it seems to piddle on itself a lot.
This is the HOSTS file troll, which is a fourteen year old Halo player that recently discovered HOSTS files (you remember, those things we used in the mid 90s before EVERY single virus on the planet figured BUTT SIMPLE ways to get around them? Yeah those) and now, since he is so hopped up on Mountain Dew and hormones because he never gets laid, has taken it upon himself to have a HOLY CRUSADE where he uses lots of leet speak and weird CAPS IN SENTENCES to spread the gospel of the HOSTS file, which is older than Betty White and frankly isn't nearly as interesting.
But I hate to break the news to you, poor little lost LEAVE THE FUCKING CAPS LOCK ALONE! latchkey child, but this isn't Digg, or one of your gaming forums populated by little clueless I SAID PUT IT DOWN! hopped up basement dwellers such as yourself, you see this is /. where not only does everybody already know about your new religion, the HOSTS file, but we actually wrote the thing you now clutch like a security blanket because you soiled your regular one. And you know what? We gave up on that lame shit around the time of WinME.
I know trying to educate a moronic youth such as yourself is like pissing in the wind, because you've had all your opinions beaten into you by the MSM but what the hey, it is close to Xmas and the Feet isn't a complete grinch, so I'll try. You see grasshopper, your precious HOSTS file leaves you in what is known as an "arms race" which to explain that in little words you can understand, it is like CTF in Halo. You see all it takes is ONE, just one, bad guy to NOT be on your precious static text file and the next thing you know he is teabagging you while all his friends throw up gang signs and rip off all your stuff. The rest of us have long moved on to things we don't have to manually update where these good people known as "security professionals" constantly update and configure so we don't have to.
But don't worry, we understand. when your DSL is just too laggy for some DM and you have rubbed your little winkie raw to fan fic of Master Chief you really need something to do, so I suppose letting you play with the HOSTS file is better than letting a cretin like yourself anywhere near system32. BTW did you know putting in deltree C:/ in command line will speed up your HOSTS file by 500%? Try it! But thinking just because one of your butt buddies on the Army of Two match ladder thingie told you about HOSTS makes it the newest thing since the x360 doesn't mean it isn't as old as...well that pair of your mother's panties you keep sniffing which is wrong on SO many levels. All you do is make yourself look like an absolute tard by constantly spouting off about HOSTS like it is some new hotness. On second thought God only know what else your pathetically limited mind would speak about if you didn't blather on about HOSTS, so carry on.
ACs don't waste your time replying, your posts are never seen by me.
How about the fact that EVERY SINGLE VIRUS in the free world can trivially change the HOSTS file dipshit by hairyfeet (841228) on Sunday December 19, @03:37PM (#34609634)
That's not true hairyfeet, and if he uses acl protections he mentioned? You're wrong. For example, if he logged on as an adminisrator or root superuser, and does his edits, saves the hosts file and while as an administrator he applies an ACL or MAC setting that only allows an admin/root/superuser to modify that file? Then while he runs as a limited privelege lesser user (which is the case with UAC and Linux least privelege setups by default), he is safe. You are wrong right out of the gate. No small wonder you are only an ITT man who has a big name tossing mouth and your dumbness got you into a huge jam, because now you have to eat those words.
"Yeah, you know who ALWAYS has access to it? THE SYSTEM. And hey, guess how the bugs drop their payload in your system folder? Why with system rights of course! Dumbass." - by hairyfeet (841228) on Sunday December 19, @10:53PM (#34612590)
See subject, & this testimonial from others here using HOSTS files, especially vs. VIRUSES (which you noted):
---
"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)
FROM http://tech.slashdot.org/comments.pl?sid=1907528&cid=34532122
---
Seeing as that is the case with he, and myself (I can produce other such quotes also for you, just ask (& since 1995, I haven't gotten a virus/malware/trojan/worm etc. in fact))?
IF I DON'T GET VIRUSES, THEN HOW ON EARTH WILL YOUR "VIRUS THEORY" TAKE HOLD HERE, IF I DO NOT GET MALWARE INFESTATIONS @ ALL?
Plus, even IF my HOSTS file was somehow "compromised" (like if someone physically had access to my system)? I update it daily anyhow... & I do have backups (like anyone should of their critical data).
OH, lastly - Anymore names you want to toss, Mr. "ITT TECH"?? Right about now, you are doing what the other guy said:
YOU HAVE TO EAT YOUR WORDS!
(Especially the names you tossed my way, lol... who's the "dumbass" now? Not I... Ah, too, Too, TOO EASY! Just TOO EZ...)
APK
P.S.=> The other fellow you replied to isn't myself, but he's on the right track (except you have to do a LITTLE MORE than just rely in ACL/MAC usage, due to SOME malware (rare though, thank goodness) like rootkits being able to subvert the OS, or, run via system level impersonation): You additionally HAVE to scan from external system setups to see if you are infested OR NOT, for sure (2nd disk w/ OS setup & antivirus/antispyware (multiple ones) updated to current signatures, for scanning your "REAL" system you use daily)... apk
http://it.slashdot.org/comments.pl?sid=1916240&cid=34608996
"Whatever exists here is mine..." -> http://it.slashdot.org/comments.pl?sid=1916240&cid=34612834
APK
P.S.=> Including ITT Tech Man, Professor hairyfeet, who got owned by not only proof from myself, but also others here on /., with more by request no less (but, I think what's there does the job - my std. "Kung Fu" has been HUGELY administered, & it was, as-per-my-usual? Just too, Too, TOO EASY... 2 EZ! RofFlMaO... apk
"Whatever exists here is mine..." -> http://it.slashdot.org/comments.pl?sid=1916240&cid=34612834
APK
P.S.=> Including ITT Tech Man, Professor hairyfeet, who got owned by not only proof from myself, but also others here on /., with more by request no less (but, I think what's there does the job - my std. "Kung Fu" has been HUGELY administered, & it was, as-per-my-usual? Just too, Too, TOO EASY... 2 EZ! RofFlMaO... apk
Hi man, you sound really smart, can you tell me which universities you got your degrees at and which courses you took at those unis? I'd love to learn from someone as clever as you.
Can you give me the names of any good books to read that will help me obtain your awesome level of knowledge and understanding?
"Whatever exists here is mine..." -> http://it.slashdot.org/comments.pl?sid=1916240&cid=34612834
APK
P.S.=> Including ITT Tech Man, Professor hairyfeet, who got owned by not only proof from myself, but also others here on /., with more by request no less (but, I think what's there does the job - my std. "Kung Fu" has been HUGELY administered, & it was, as-per-my-usual? Just too, Too, TOO EASY... 2 EZ! RofFlMaO... apk
I wrote an article http://tron-delta.org/en/news/latest/anonymous-anonops-and-heihachi.html [tron-delta.org] to put it on my website and really would like to hear what you think about it. It's basically a summary of *this* Slashdot discussion, plus a comment from Scneier, some reading on Spamhaus and a few other online sources as well as my own thoughts.
LeMoyne College is 1: Great school, jesuit taught largely. Just put your time in and you get good at whatever it is you do.
APK
Oh poor trollie, Afraid to place anything for your magical woobie on the front page? I thought you believed in your HOPES file? Maybe you should just paste your IP address here so we can all "see" what a magical woobie can do! And you STILL haven't figured out the math yet? Tsk tsk, I'm disappointed in you! I mean, surely there is a "statistics for dummies" book you could have perused by now? Well I understand, it is kinda hard for you to count only using your fingers and toes, especially with the tears in your eyes thanks to my cock slapping you in the face. Now pay attention, and learn! I'll even draw it in a nice simple picture format!
Now here is you...( ) with nothing but your magical woobie to protect your gaping hole from the train fucking that awaits it, and here is the bad guys....123498763487364983276492836 91827364981273649128764 981273649812736498127346 91823649812736498127364 18236491827639481263 9123874612938746219 9187236491287364981 9872634981263947 91827346912873469 9182743691827364 9128736491287364 91723469187236 91287364 91287364 91927346 91287364 1928734 691278364 912873 641927346 91287364917823491782 6491287364912634912873649128374619 91276349182 98712349
Now that is NOT to scale of course, otherwise your hole would be MUCH larger, and those cocks lined up to screw you would number...ohh around 230,000 at last count. Now pay attention trollie, here is the hard part! Of those 230,000 roughly 98,000 are what is known as transient avenues of attack, now I know that is a big word and hurts your little head, but what that means is a website could be dangerous right now...and now it is not...and now it is. A site can literally be "clean" and 2PM, be infected by 3PM, be clean by 4PM, and be reinfected by 5PM.
So it is actually simply trollie. For your magical woobie to work you will not only have to have EVERY site you visit that MAY OR MAY NOT be infected at that very moment in your magical HOPES file, but every single site they link to such as ad servers and your list has to be accurate to the minute or it is nothing but a woobie. So even if you subscribed to Securina and every single security site on the planet, and updated your woobie every single minute of every single day the math proves beyond a shadow of a doubt you WILL lose.
But you KNOW this already, don't you trollie? Or else you wouldn't be so desperate to get anyone to listen to your delusions. And the really sad part? You have bet your ENTIRE existence on a 20 year old tech nobody uses anymore! How fucking sad is that! It is like arguing for the superior sound quality of 8 tracks, or for the incredible versatility of the floppy disc. But answer me this trollie: If your HOPES file is so damned good why did everyone abandon them over a decade ago hmmm? The ONLY thing a HOPES file is good for anymore is for blocking ad servers, because their IP addresses never change unlike malware which changes by the minute. But here is your chance trollie, prove the math wrong. That is if you know how to do even the most basic of statistics. You DO know how to do statistics, don't you trollie? Because otherwise you are just praying to the magical woobie to save you, just like in my LOLCat example. Sad and pathetic, but cock slapping you is quite entertaining I must admit. It isn't often one gets to meet such a naive and easy mark. Poor little trollie.
And Correlation != Causation. I can set up an XP Sp2 machine with NO patches, NO AV or antispy, and then change the background to a LOLCat. Then when I use the machine only on the LAN I will have NO viruses, but I don't really think I can claim my magic LOLCat picture done saved me, do you trollie?
Now do try to keep up: For the HOSTS file to provide a truly effective protection he will have to have ALL the websites that he crosses that can infect him, as well as any and all of the sites THOSE link to, all loaded into his magical HOSTS file. Now considering we are talking on average
ACs don't waste your time replying, your posts are never seen by me.
See subject-line, & realize this: When ALL YOU HAVE is an effete "mod down", vs. the facts in my post here:
http://it.slashdot.org/comments.pl?sid=1916240&cid=34647708
?
(You've LOST, & lost badly!)
APK
P.S.=> hairyfeet? You're just "too, Too TOO EASY" to get the better of... 2 EZ! apk
FROM -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34717188 (where hairyfeet FINALLY had some courage, albeit where he trolled me & got SHOT DOWN FOR IT, trying to use his so-called WEAK "point" here - you didn't have the BALLS or skills/know-how to combat me, directly, here! Too bad, because this? FLOORS ALL OF YOUR WEAK REMAINING POINTS, easily):
"which after repeated requests to show how a 16Mb static HOSTS file can scale against a threat of over 1.3 MILLION infected sites [softpedia.com] with more than 200,000 being added or removed PER DAY has refused to show proof and instead throws insults." - by hairyfeet (841228) on Thursday December 30, @05:50PM (#34715872)
Don't YOU recall, this: hairyfeet ->
http://it.slashdot.org/comments.pl?sid=1916240&cid=34612834
Which was MODDED UP no less, & shot you down, in SECONDS, too easily! It's also where you RAN AWAY, too, once your "so-called point" was easily shot down?
LMAO... TOO Easy!
---
1.) Now - I have over 920,000 KNOWN malicious sites blocked out (more from this article too no less) in my HOSTS file.
Many get cleaned up too, & get removed from that 1.3 million # you quote
(See my lists from hpHOSTS I cited here for example, they post removal lists & update, EVERY HOUR - Thus, I am, literally, up to the minute on these things)!
So, 1.3 million, minus the removal lists I note from say, hpHosts & others? It's JUST ABOUT RIGHT that I have 920,000 known bad sites currently blocked in my hosts file (& hpHOSTS? They update, HOURLY!)
You lose hairyfeet, as per usual, but you didn't have the BALLS or skills/know-how to combat me, directly, here!
---
2.) Also: Your "faith" in math? Since you went to "ITT TECH" (bottom-of-the-barrell U),b>?? Try explain to me why MATH FAILS HERE:,/b> .999 = 1 (true or false) False, you KNOW it, but... read on:
Let a = .999 .999
10a = 9.999 (this is 10x.999)
10a - a = 9.999 -
9a = 9
a=1
Explain that, "ITT TECH MAN"... a was .999 at the START OF THIS - how come it comes out as 1 then?
See, that's what your "ITT TECH" degree gave you - - EGG ON YOUR FACE HERE!
(Yea - I was going to do that where you RAN from, in the 1st URL I posted above, but... this is as good a time as any! No wonder you RAN from that first URL - you KNEW I'd "smoke you", due to better education & experience on MY END!)
---
I think even an "ITT TECH MAN", lol, like you can manage it, right?? Tell us why MATH isn't right there... ok???
Good luck!
---
"Not to mention on any machine before Vista it will seriously slow down the machine broadbandreports.com] as it is read line by line per access, and frankly isn't much better on Vista/Win 7" - by hairyfeet (841228) on Thursday December 30, @05:50PM (#34715872)
Did they turn off the local DNS client cache? No?? That's why... In fact that point's covered here, for Windows users:
http://www.mvps.org/winhelp2002/hosts.htm
Right off the bat! Of course, even a 2nd rate tech knows that, but... NOT YOU! LMAO!
(Too bad you didn't know about it, & it makes you VERY easy to "dispatch" as usual, ITT Tech boy, lol!)
APK
P.S.=> Arstechnica also had their forums members have the police called on them for harassing me, threatening my LIFE, & posting defamatory material on me that wasn't true also & also for impersonating me...!
(So much for your POOR attempt at 'discrediting me', you fool... they impersonated me numerous times on their own forums/sites