Harvard's response to the Packet Storm incident

Harvard University News Office wrote in with their response to the whole Packet Storm ordeal. Hit the link below to read more, but it looks as if Harvard is returning the backups, but no longer hosting the site.

As a service to the Internet community, Harvard agreed to host a Packet Storm Security Website for security-related materials only. Without Harvard's knowledge, unrelated content was put on the Harvard server, including sexually-related material and personal attacks on an individual not affiliated with the University. A Harvard administrative site focused on security issues is not the forum for this type of material. We are returning the content on the site and hope that Packet Storm will make its security tools available through its own Website.

Joe Wrinn
Director, Harvard News Office
1350 Massachusetts Ave., Rm. 1060
Cambridge, MA 02138
Phone: 617-495-1585
Fax: 617-495-0754
joe_wrinn@harvard.edu

What about antionline?

I still can't reach that site, although the dns is back. Is this the 2600-comunitys way of saying "We know where you live JP ..."?

Re:What about antionline?

The site is there although it is extremely sporadic in its appearances. I managed to get in after about 30 attempts but then it dropped out again. Contains a letter from JP explaining the situation and saying that he now has police protection from ongoing threats and so forth. Unfortunately its gone from my cache and I can't get back into the site to get another copy. Sounds very "intimidated" and "hard-done by". Ho Hum. Anyone got a copy of it?

Re:What about antionline?

I haven't been able to access antionline since this whole mess broke...my browser either reports a server connection reset or a server not found error.

No big loss, mind you...at least, nowhere near as big a loss as PacketStorm was...

Wonder if jp's ISP finally figured out how many AUPs he was busting and pulled his access? Okay, I'll shut up now...

Re:What about antionline?

Here's part of that letter you were talking about:

.....
Due to the types of threats that I have been receiving, and that sites like PacketStorm have been propagating, local law enforcement agencies were put on alert, and began doing extensive extra patrolling of the residence of my family members, my own residence, and the AntiOnline Offices. I realize that the actions that I have taken against PacketStorm may greatly increase the immediate threat against my family, myself, and my company; and that the harassment will now only get worse. However, I will not allow my family, myself, nor my company to become a victim. I am standing my ground, and will continue AntiOnline's mission of putting an end to malicious hackers.
.....

Re:What about antionline?

*snif* Ghod, isn't this just the most noble creature Great Ghu ever placed upon this sorry planet?? *sniffle, wipes away a tear* Ghod bless you, you sorry assed -- I mean, rightously indignant - citizen! (Big snarfing s.a.l.u.t.e!)

:)

Re:What about antionline?

Why doesnt someone just call his local police dept. and find out if he really has called in about threats and requested patrols. I bet is a bunch of BS he slapped up on the net to make himself seem in the right to anyone with any sympathy.

Re:What about antionline?

I agree 100% with your comments about JP but everything you said also applies to Ken Williams. He decided to use his security site as a platform to publish crap about soneone else and then tried to blame JP for his site being removed. Next, he and his coherts at crackernews.com go on to claim Harvard destroyed all of the security related files (which can be found in the BugTraq archives) but they manage to "recover" the infamous /jp/ directory and place it online. I certianly see where Ken's priorities are now! He, like JP and many others in the "hacker" community has chosen to spend more of his time trying to destroy specific people rather than help the community as a whole. The strangest part of this whole situation is that even after Ken's little game has been exposed, people still try to defend him.

Re:What about antionline?

[Pug]

Well, as I understand it, the /jp directory was on the Genocide2600 server before this whole fiasco began, and was placed there by someone at Genocide2600 is response to people asking questions about JP.

Re:What about antionline?

[The+Dodger]

Well, I'm sure that a reputable publication such as 2600 Magazine would never condone or support any actions which violated Computer Misuse laws...

You've got to remember that the "hackers" JP spoke/communicated/chatted on IRC with, are mostly teenaged kids who "hack" using scripts, etc. The more mature, older hackers, both those who have parlayed their unique skills into a career in information security, networking, programming, etc., and those who continue to hack illegally, (but, unlike the script-kiddies who provide JP with his news content, don't seek media exposure or recognition) will, by and large, have nothing to do with JP.

I suppose, in a way, JP is the ultimate wannabe. He was originally seduced by the supposedly "sexy" image of hacking (that film 'Hackers' has a lot to answer for) and, although he apparently spins a good line of bullshit, he doesn't have the technical prowess to actually be a decent hacker. So, I reckon he decided instead to become a hacking "expert" by the back door, and AntiOnline was his way of doing this, and of gaining respect in the community.

Unfortunately for him, the only people who respect him are other wannabe's like him. Birds of a feather flock together and it's no coincidence that JP numbers Carolyn Meinel amongst his allies. The real hackers have long recognised him for what he is and have chosen to have nothing to do with him.

I've heard rumours that some of them have owned him and that, occaisionally, they've also been playing with him by doing things like hijacking his DNS and upstream routers in order to "spoof" him with fake website hacks, just to see him do a "press release" about whitehouse.gov or nato.int being hacked...

It could well be that they've decided that enough is enough and have decided to hit JP where it hurts - by making his website unavailable. Not only does this seriously dent his credibility (what sort of hacking expert can't even defend his own website), but it also means that his company is, to all intents and purposes, inoperational.

Of course, this is all merely hypothesis (for you linguistically-challenged individuals, that means that I'm just guessing). :-)

The Dodger

I guess he was a "malicious hacker"

http://www.antionline.com/archives/editorials/pack etstorm.html

This is my favorite quote:

"I am standing my ground, and will continue AntiOnline's mission of putting an end to malicious
hackers."

Yanno, I really hate morons like this that intentionally sensationalize and pump up and generally blow out of proportion something so they can profit from it and build a business. This is so much like all of these Y2K pundits that are selling their Y2K snake oil. People like this need greased and spooned. --- 5 cool points awarded to the first person that knows where this originated.

Can't blame Harvard.

Can't blame Harvard. As crazy as it seems, ISPs are being sued for the content of their subscribers. This makes no sense, but then again, what does?

Re:Ken Williams denies sexual explicit content

I guess that doesn't include the picture of Carolyn Meinel (sp?) with the title of "Crack Whore"

HAHAHAHAH

"Due to the types of threats that I have been receiving, and that sites like PacketStorm have been propagating, local law enforcement agencies were put on alert, and
began doing extensive extra patrolling of the residence of my family members, my own residence, and the AntiOnline Offices. I realize that the actions that I have taken
against PacketStorm may greatly increase the immediate threat against my family, myself, and my company; and that the harassment will now only get worse. However,
I will not allow my family, myself, nor my company to become a victim. I am standing my ground, and will continue AntiOnline's mission of putting an end to malicious
hackers."

What a loser. Like anyone really cares about him or his family. What a waste of taxpayer money. Given his track record, this is probably all bullshit. I can imagine him grinning with satisfaction as he finished off those last few paragraphs and clicked SAVE in microsoft word.

Re:HAHAHAHAH

[kevlar]

Do you actually believe that happenned? Are you really that gullible? That is such a blatent lie! He sounds worse than a 12 year old... hell a 12 year old could make it sound more realistic. Cops didn't patrol the neighborhoods outside pittsburgh, he made it up to justify himself as a complete jerk who is trying to take as much control of the website security industry as possible. We all need to see this loser for what he is: an irresponsible jerk who tries his hardest to get attention by smearing people.

It's a matter of trust

The school has established rules governing content of student, faculty, and other pages hosted there. If a student had placed such content on their site, it would be taken down as well. I think Harvard trusted him to be a mature individual who was capable of policing himself. Now that he has violated their trust, it is not surprising to me that they wish to end their association with him.

Harvard's final decision to remove the site and provide the content back to him seems perfectly fair to me.

Re:It's a matter of trust

Of course it wasn't Joe Student's homepage. The point is that Harvard has published rules about what is allowed and not allowed on sites they host. Your statement that there were no "rules" when Harvard agreed to host the site is just false. Face it, Harvard was in the right to remove the offensive content and the site. Whether or not JP deserved it, that isn't the issue.

Re:It's a matter of trust

[platypus]

Read my post above, this was _not_ "joe students" webpage, harvard wanted the server...

Re:Harvard's Wimping Out

The site was there at Harvard's discretion, and when off-topic materials were located there it was Harvard's discretion to have the site removed.
End of story.

BS

If a student had the same material accessible from their site, Harvard would have shut them down just as fast.

Since when does it matter whether JP happens to be an asshole or not? The only thing that matters is that the content violated Harvards rules.

Re:BS

[jplan34]

You're totally missing my point. My point was that he shouldn't have the right to go around the net saying "This offends me!! Remove it immediately."

This is very much a gray area, as the agreement between Ken and Harvard was only verbal. If it was a student site: www.harvard.edu/~SomeName then it's an entirely different story. I'm not denying Harvard's right to yank the site, I'm saying that they could have handled it in a manner that was fitting of their usual high standards.

This is sickening

It's too bad Harvard got caught in the middle of a playground argument between parties whose hacking ability clearly is light years ahead of their maturity level.

Re:The full Jp packetstorm FUD letter

"People in this country have the right to say and do whatever they please, unless that is, what they say and do infringes on the rights of another -
anonymous."

JP: Hmmmmmm. I need to put something lame and patriotic sounding at the end of this FUD. I think this will do. I can't sign my own quote, that would look to lame. I'll put anonymous here instead.

Re:I hope we all keep out eyes focused on this one

No, it wouldn't be nice.


Oh, whatever.

Re:PacketStorm

cat flames > /dev/null

Cat copies, it doesn't move. I guess you don't know Unix very well, eh?

Re:Antionline

Ever think that maybe there's a firewall in there stopping ICMP? It would only make sense...

Re:Harvard acted very poorly

Harvard overreacted in an extreme way that reflects very poorly on them.

This is typocal of educational institutions... oddly enough. You would think that a place that encourages knowing the facts would want to practice what it preaches. But I suppose that a little hypocracy is human nature.

Oooh, I'll bet Harvard have soiled themselves

I'm sure your threats are causing heads to roll in the 'ol hallowed halls.

Re:Oooh, I'll bet Harvard have soiled themselves

If you look at the title "Can't say I blame them" you will realize that he felt that Ken Williams abused Harvard's trust, so they kicked him out.

Re:Oooh, I'll bet Harvard have soiled themselves

At least webwalker has an account and isn't some pathetic Anonymous Coward taking a cheap shot at someone who isn't afraid to speak out on his/her own behalf. Perhaps you have some kind of psychosis that causes you to hide behind bushes and take cheap shots at others. Go see a psychologist. Afraid to make your own account and post such a comment?

Re:Oooh, I'll bet Harvard have soiled themselves

Ummm, even if he did make an account, he's still anonymous. You don't have to put in a valid e-mail address, right? So instead of baing Anonymous Coward, he'll be SmellyJoe or something. Does that make him less anonymous? Geezus...

Re:Oooh, I'll bet Harvard have soiled themselves

You don't have to put in a valid e-mail address, right?

Wrong, you won't get your password unless your Email is valid. However it is right that simple validity of 120950@hotmail.com means nothing.

Weird...

my cat moves, occasionally at least

Agreed 100%

Though it seems like there was a great deal of miscommunication out there as well.

JP gets pissed, overreacts. Harvard does the right thing, pulls the plug. Ken thinks JP is evil, starts pointing fingers. Harvard doesn't really see it as an issue, doesn't clarify what's going on internally. The media is informed. JP gets self-rightous, Ken gets angrier, Harvard starts getting flamed before they know what's going on.

It's all kinda sad, actually.

Re:Moral of this story...

problem with that is, IMHO, the site keeps changing every day. which means you have to backup everyday on a couple of CDs..of course, theres incremental but its a pain.. i dont think ken had that bandwidth for that (33.6 modem), although he should have asked someone who did..

PGP - one of us must be wrong

PGP Signature? The key provided is merely to encode replies to that person, isn't it? The PGP key block isn't a "signature" - what's to stop me using his block myself? In fact, I think I will!

Does that make me Ken Williams?

ac.uk

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQEVAwUBN3sH3pDw1ZsNz1IXAQE67QgAt5O4cgV4UN/tNro0 V9Hkrz4YJGuysf2F
aZdUuM+P73MwwlvjKFpLW5WOJwtZzFjicv6RYMlXaMLRL48F z/rltX95dy71LCOs
/UVa9LXvh7kSgD5p/pSeP2+zyDuvbvUxjtSTIPRp68sOQTKI LaQpohwl9hzpfVLz
ADvQMD5vAUqGlTeoQrZRmHC/OxtWqVEgh72Gms4XpGaGwT3O dtoRKuK0d4Js3mP9
Vs1szlsT3DQEFvdblLR/jsf8jonbME/Imo89K69wFsbyeVpI B1+g0Se11BdQCbeU
TdauQTJMfDTkIWSQvpQXXIhvukErb8D9bmFvKiE7MqS+N8RV aMO7Zw==
=7OhX
-----END PGP SIGNATURE-----

Re:PGP - one of us must be wrong

[^Bobby^]

Nope. If it's not the sig for the message, it says 'Bad Signature' - that signature block doesn't match the message. Signing is just that - proving it's you.

Re:PGP - one of us must be wrong

[blkwolf]

When you "sign" a message with PGP, it uses your personal "Private" key to build the signature from. This signature is actually a checksum. Anyone that Ken has given his public key to can ask pgp to verify his signature, in the case above where you just added it to your message it will definetly fail. Also because it's a checksum of all the data between the --Begin PGP and --End PGP lines, if you were to download a copy of Ken's message and change the message in anyway and re-upload it, it would again fail.

Of course PGP relies on the ability for the user doing the verification that the "public" key they have actually came from the party in question. Look up PGP and web of trust for more information.

Where is AntiOnline?

I have not been able to get to AntiOnline ever since this Packet Storm thing hit the streets. I guess now JP can do a real story.

Re:I guess he was a "malicioushacker"

TailSpin? Episode where Baloo saves those little furry gremlin things.

HEL-LO, Harvard is *not* an ISP

So stop calling it one. They have no responsibility to this; they did it as a favour, and were potentially liable for the content or alledged content.

Re:HEL-LO, Harvard is *not* an ISP

[DHartung]

Maybe they don't sell dial-up access commercially, but they most certainly were acting as an ISP in providing the website. What's YOUR definition of "ISP", exactly?

you do not have a right to kill other people.

see subject

Re:you do not have a right to kill other people.

[cswiii]

In absolute terms, no person has any more right to do/not do something, to allow/limit any other person. Is it 'wrong' when dog kills another?

Just because I believe murder is wrong doesn't mean, from an absolute, perspective that it is. This belief , the ability to reason and opine, on one's own is what separates man from animals.

This said, law isn't put in place to 'give' rights -- any law that gives rights to one group removes rights from another -- and thus, there is no way to grant rights that don't infringe on rights of others.

On a more down-to-earth example, but equal in principle, I have the right to free speech. However, there are limits on this. I can't yell 'Fire!' in the theatre, I can't incite riot, as there are laws that limit my speech in those respects. These impinge on my 'rights'. But they transfer the 'right' to safety to those around me. They're for the good of the people; that is the basis of law. There has been no loss of 'rights'. Just transferral.

I'd recommend some John Locke. Good reading.

Harvard FUDs

Can you point them to me, please? Harvard has issued one statement which, while bland, containted no untruths that I can see.

Re:Ken Williams denies sexual explicit content

Pictures of a 'woman dressed as a nun covered in apparent seminal fluid' and the ever popular shots of some creep having sex with a ten year old girl...

Packet Storm DID have sexually-explicit pictures!

And other "non-appropriate" content. (Nice Palm ad spoffs with the porn stars, though, Ken). Needless to say the site was of great value to me in my job as a system administrator, and I hope it returns. It wasted on horrible sites like Rootshell.com (which seemed to be more for script kiddies anyways).

In any case, Ken, you DID have questionable content on there (the most offensive being that one god awful pic of a young bill gates). But, at least you got your backups back. Please please put your site back up. And let's form a blacklisting of Anti-Online. Sure, he may have had a case here, but he's a very shady character.

Good luck, Ken

Re:Packetstorm was not really framed

Packetstorm was not framed. The charges, were, however, trumped up.
There was NO porn. There was some pr0n, though. By that, I mean that there were some parody and sick-humor pictures on the site. It was HUMOR. Some thought it was funny, some didn't, but, it was not pornography.


The /jp directory did exist, and existed on the old server before the site was moved to harvard.edu. This is entirely beside the point. JP has published his share of flames on his site, including trying (feebly) to imply that L0pht created Back Orifice just to be able to sell a fix for it. Ken's /jp directory had an archive of JP satire, debunkings, and general anti-antionline information. It was not a "public" page, but, was on rare occasions mentioned on Packet Storms web board. I'm under the impression that the thing started when JP tried to have Innerpulse.com closed for having an anti-jp archive. Ken started mirroring them just to make sure that it wasn't destroyed, in case JP bullied them into closing.

JP is a little bully that's well overdue for a cyber-beating. The same week he did this, he managed to get an IRC server closed. Check out this link, from Attrition and tg0d:

http://www.attrition.org/news/content/99-06-26.0 01.html

The point? If you can't stand the heat, JP, then keep your acne-scarred face out of the kitchen. Oh, and one more thing: Next time you start trying to tell everyone in IRC that you "know who they are and what you've been doing", guess again. You know nothing.

Re:Ken Williams denies sexual explicit content

I've been going to Packet Stprm for quite a while, and I have NEVER seen sexually explicit material

Never have I seen 'woman dressed as a nun covered in apparent seminal fluid'.

Oh, and the reason you can't get to AntiOnline is because it's being attacked by a number of hackers
(er, rather crackers)

Actually, I kinda find it funny ;-)

Credibility & A Rodent's Posterior

> You really think Harvard gives a rats-rear-end about the public
> criticisms from Slashdot readers...

You are sorely mistaken if you think the Slashdot community consists
solely, or even primarily, of "punk kids", "haqers", "script-kiddies", and
"pimply-faced teenage boys with poor social skills and even worse
hygiene."

It so-happens that a large part of the /. community consists of
professionals and college students. Good going.

As to whether Harvard, or any other U.S. university "give a rats-rear-end"
[sic] about the Slashdot community's opinion is of little matter. You
see, in case you haven't noticed: U.S. colleges and universities aren't
exactly the most highly-regarded institutions in the world these days.
They aren't even all that highly regarded in the U.S. itself.

You suffer from much the same myopia that infects the largely left-
liberal press here in the U.S. You are so convinced of the inherent
superiority of your community and its views that you fail to see the
reality that's directly in front of your face. It's called the "real
world."

The situation would be funny were it not so sad.

Watch out those who upload anything from mirror.

Given that mirros is being recreated by those who have files left, I will be VERY surprised if no one would try to put in some virus or trojan. I would think that it is reasonable NOT to download anything from PacketStorm mirror unless you know for sure what you do (uploading is ok, later people will have a look at it).

Re:I guess he was a "malicious

HAHAHAHA

I agree with you...

I'd also like to point out that AntiOnline promotes hacking (aka they had a hacker competition/tutorial on their site a few months back - www.happyhacker.com)

I'm sorry, but I this leads me to conclude that JP is an...what's the dirtyest adjective that you can think of?

Another one! Yea!

Excuse, Mr. "NoWhereMan", but YOU are an anonymous coward as well. Does it say NoWhereMan on your student I.D. or something? Christ.

jp & free speech.

JP doesn't understand or appreciate the concept of free speech. If he did, he would realize that being offended is simply part of free speech, and that he is free to retaliate *with free speech*.. not by threatening law suits, and attacking the host. That's just cowardly.

No, when we have the name

of the stupid bastard who OFFERED to host the site at Harvard ON AN EPONYMOUS MACHINE without knowing what was one level deep on the directory... THEN it will be over.

In other words, it will never be over.

Re:Antionline

a static route to null0 was added to the uunet
border router for all traffic to be routed to antionline because the resulting packets were
affecting frame relay customers.

extensive extra patrolling

Viz., one visit a day for two days, then 2.5 30mph drive-bys a day for maybe a week, until they lose interest. Keep your powder dry, JP, and may the best man win.

Try reading.....

a couple dozen of the articles Slashdot links to and comparing them with the associated "abstracts." (Hemos, is that you?) Then, if you have any tears left, you can dive into the comments.

Ken Williams is a LIAR!

He claims he had no backups of his site but managed to post the directory in question:

http://www.genocide2600.com/jp/

l8r

Re:Lets use this mob mentality...

Why don't we get the Slashdot effect on JP's ass!
I've never been the violent type. Never been in a fight, nor have I ever intentionally hurt anybody after my grade school years of immaturity.

But after reading up on JP's actions inadvertantly destroying a mans life (until now) I have nothing but hate for this tool of the devil, and feel revenge in the painfully fullest should be brought upon this asshole.

conspiracy? hell yes!

Re:The full Jp packetstorm FUD letter

Technically, Ken was the only one who hinted his data would not be returned. He did manage to backup one directory though: http://www.genocide2600.com/jp/. Strange sense of priorities on his part.

9th amendment anyone?

"The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people."

What facts do you mean

That JP is a total dick?
That JP deserved all the ridicule Williams could manage?

Those "facts" don't matter. The only thing that matters is that Williams violated Harvard's rules for content on their hosted sites.

Re:What Counts

Spineless? Come on, I do say I was pissed at Harvard when I thought they were deleting the backups and not going to give him his data, but I TOTALLY agree with them no longer supporting his site. It hurts the security community to have sites like his with his childish flames. Posting someones sell history is not a sign of someone wanting to protect someones security or privacy.

I think that security sites that offer exploit info and even programs (for testing your sites security) are a much needed resource, but its children like him who ruin the credibility of legitimate sites. Harvard BOTH legally and ethically did the right thing in pulling his site when they found it no longer was a security site, but a pulpit for some childs idiotic flaming.

Re:You have to believe someone

Perhaps if harvard or JP decided to post on here and respond in a reasonalbe manner things would be different.

It is naive to think that HAravrd has nothing else to do but to waste time reading nerds for news to post some sort of clarification. Obviously that sort of actions would not get sanctioned, in big corporations PR does it on their sites, not somewhere else (usually). Besides, in this situation it is best not to say a word until after you see your lawyer, something Harvard perhaps knows about more than anyone else on this site.

Then Ken Williams can go to HELL.

Oh, and the reason you can't get to AntiOnline is because it's being attacked by a number of hackers (er, rather crackers)

The more I'm reading about Ken Williams, the more he looks like a cracker. With your quote, my opinion is definitive.

Yes! Ken is very probably lying.

I think Ken is lying. If Harvard did such a thing and Ken does not have sexually explicit material, then Harvard is a fool and about to be sued...but I think Harvard is smarter than that.

Just go at http://www.genocide2600.com/jp/.

If you're above 18, then you may want to look in directory nun (WARNING: it is the alleged picture of a nun covered by seminal fluid, so you may not want to see it, especially if you are at work, and your boss is expected to visit you)

Ken looks like a cracker of the worse type, doing media manipulation (slashdot), and whining.

Slashdot owes JP an apology.

From what I saw (www.genocide2600.com, and other URLs posted here), Ken site was just a cracker-oriented site.
For some reasons, some crackers find it fun to harrass JP.
JP was right when he informed Harvard that it hosted dubious content directly aimed at him, and also copies of the content of AntiOnline.
Harvard was right in shutting down the site.

By the way AntiOnline has perfectly good content (now on my bookmark), and I think that slashdot owes JP an apology (unless it is becoming www.slashdot2600.org - News for crackers).

JP lies and steals

> from what I saw (www.genocide2600.com,and other
> URLs posted here), Ken site was just a cracker-oriented site.

Hmmm....I used to go to PSS everyday, and most of what I found were open source security tools like vpnd & titan, primers such as "Armoring Solaris" or "Know Your Enemy" (...which, btw, has *terrific* examples of what to check your logs for if you have been attatcked), and other *very* high quality info for security conscious admins. This must be a new definition of "cracker-oriented" that I was not previously familiar with.

> JP was right when he informed Harvard that
> it hosted dubious content directly aimed at
> him, and also copies of the content of
> AntiOnline.

JP runs his business by creating web pages who's content is dependent upon the unauthorized use of content from other sites. Ironically, the sources he draws from without permission are often the pages of the people he opposes most vocally. [check out genocide2600.com's logs of him downloading other people's files to use on his for-profit site.]

Unless JP decides to stop using other people's copyrighted material [especially the photos he's currently using without permission in 'whoru'] in his page without permission, he ought not complain about them keeping copies of his material. Besides, the reason most of his detractors keep copies of what he says is for the purpose of verification. When JP's detractors critique the things that he has said, outsiders who are not familiar with the situation often suspect that JP's comments were taken out of context. Because of that, many of JP's detractors mirror the original content as well, thus demonstrating the validity of their critiques.

Is this valuable? Well, the FBI is currently investigating JP, so they must have found some of his business dealings to be "questionable". Much of the current momentum of this investigation is due to attrition.org's archive of things JP has said.....

> By the way AntiOnline has perfectly good content

Yes, he does have some good content...due to the unauthorized use of *other* people's material, and possibly also due to paying crackers to hit high profile sites so that he could write about it. FWIW, I find it odd that you consider JP's content to be "perfectly good" and Ken's site to be "cracker-related" when the percentage of his site dedicated to exploits is even larger than the percentage of Ken's site dedicated to exploits.

Re:See for yourself. NOT!

What post? Some systems adminstrator you are! Why not filter the incoming request and let a slashdot user see it?

Re:What a lame excuse

Dare ./'ers to do what?

Don't be foolish. PacketStorm had *nothing* to do with porn, and Ken is not a "kid" who no one is willing to host. Instead of making groundless claims, why don't you check http://packetstorm.nl.linux.org/ and actually look at the content.
[this is where PacketStorm readers have started reconstructing the site from the things they downloaded]

I went to Ken's site every day
to check for the latest vunerabilities that would affect the servers I admin @ work. So did every other admin who cares about security.

Re:PacketStorm

Well, there was no smut on the site. As far as anti-jp material, yes, there was a parody /jp directory. If memory serves, it was actually started after JP threatened to sue another site, http://www.innerpulse.org for having a parody of him. Ken decided to mirror the Innerpulse material, with their full permission, and may or may not have had a anti-JP page previous to that. Unlike JP, whose recent 'WhoRU' article stole copywritten photographs from all over the Net. Not links to the photographs, mind you. The actual photos themselves. Of course, JP won't talk about it.

The reason Ken had an anti-JP page, quite frankly, is because he didn't like JP. JP, contrary to the image he likes to portray, is nothing more than an obnoxious little IRC packet warrior that has a web site. Ken made fun of him, and he got his revenge. Now, one wonders how much success he'll have against some of the other websites that mock him. http://www.antioffline.com comes to mind. Then again, one wonders how much success his little tattle-tale-I'll-turn-you-in business will have now that no one....NO ONE....in the mainstream OR underground will talk to him.

CString

Re:What good security sites are left?

You may want to check out

www.opensec.net

If they didn't give back the data ...

If they didn't give back the data, he could technically sue them for witholding copytrighted material against the wishes of the owner of the material. Recent protections of the copyright laws have basically said that you don't even have to include the copyright symbol on a documet. If you create it, it's automatically copyrighted.

escalation proclamation

It is understandable that there are misunderstandings.

Conflicts will persist.

The truth is out there.

Perpetuating FUD is BAD!

Kevin and those who rally around him like a circle of vultures should take a breather and try to understand how they were indeed libelous and displaying sexually explicit content at the expense of others. It is understandable that these actions may have seemed innocent and in good fun at the time, but really, everyone needs to grow up and respect people as people. At risk of sounding moralistic: learn to forgive! Open development is based on people's willingness to recognize faults and work towards fixing them. The random emotional outbursts from people like 'kevlar' are a bit reactionary and not based on anything but rage.

AntiOnline needs to do a little bit more of the same type of constructive forgiveness. A polite message to Kevin before going to Harvard would have been more appropriate. This can be tough. But, if Kevin couldn't be taught to provide a little more respect, then further action could ensue. Strongarming is not allowed in football, and it shouldn't be in used in general.

To the rest of the community: learn from all of this--you never know when you'll step on somebody else's toes. If you do know, learn how to minimize it. Also, learn to read the content behind the emotion. My use of 'strongarming' above could be considered by some as 'exagerated', and by others as 'too weak' (and to still others, an odd reference).


Try walking in someone else's shoes. --To Kill a Mockingbird (paraphrased?)


The General Debugger

Re:escalation proclamation

[blixco]

Constructive forgiveness? Get bent.

See for yourself.

http://www.genocide2600.com/jp/

They "lost" all backups of the security archive but managed to keep that directory! My new formula:

Antionline=Packetstorm

Re:See for yourself.

[DoXaVG]

Correction, this is all of the archive _I'm_ willing to post online. Everything that resides in the ~tattooman directory of Genocide2600.com is considered to be the personal property of Ken Williams. It does contain a two week old copy of the PSS archive site. But Genocide2600.com will no longer be hosting that site so we will NOT be putting up the data for any reason (with or without Ken's consent). I posted the /jp directory in an effort to let people know what content JP complained about and what this has supposedly been about.

--DoXaVG
--Security Admin - Genocide2600.com
--doxavg@Genocide2600.com

The full Jp packetstorm FUD letter

PacketStorm Is Shut Down
An AntiOnline Editorial
Thursday , July 01 1999

Apparently for some time now, PacketStorm Security, a popular underground collection of security related tools and information, has been maintaining a vast archive of
materials about AntiOnline. These materials included entire stories, copies of the weekly mailbag, e-mails, and other materials copyrighted by AntiOnline LLP.

On top of that, and what was far more serious, the site contained dozens and dozens of items which included: e-mails, messages, documents, images, and even public
surveys. These materials were libelous, and in some cases, were blatant threats against members of my immediate family, myself, and my company.

While I value the right to free speech as much, if not more, than the average American, I do not believe in individuals posting threatening and harassing documents
about another individual, and their family members. It was for this reason, and no other, that I contacted Harvard University, which was hosting the PacketStorm
Website, and requested that it be shut down. I did not threaten legal action, but simply directed University Administration to the website, for them to view, and to judge,
on their own. Below is a copy of that letter:

Greetings:

May I first say that I did my best to see that this letter got sent to the appropriate individuals. I had some difficulty determining who those individuals may be, so if I
have made an error, I would greatly appreciate it if you would forward this letter on to the appropriate individual(s).

My name is John Vranesevich, and I am the Founder and General Partner of AntiOnline LLP, a computer security company based outside of Pittsburgh, PA.

Earlier today, one of my colleagues forwarded me the following URL:

http://packetstorm.harvard.edu/jp/

Needless to say, I was shocked and outraged at what I saw. This page contains a large archive of libelous and, to put it bluntly, sick material. Everything from archives
of copyrighted material from our website, to altered pictures of my family, to 'stories' about me which contain images ranging from people engaged in homosexual
activities, to a nun that appears to be covered in seminal fluid.

I am astounded that an institution as prestigious Harvard would be party to the dissemination of this type of material. It is my hope that the University Administration
was unaware of this site, and now that it has been brought to their attention, it is my hope that it will be dealt with promptly.

I have worked to help several educational institutions develop 'Acceptable Use Policies', and if Harvard is similar to them, the above URL would be a clear violation
of that policy.

It is my hope that the above mentioned domain will be shut down immediately, and that the individual responsible will be seriously reprimanded.

I hope to hear from you soon about this matter, and what you may have done regarding it.

Yours In CyberSpace,
John Vranesevich
Founder, AntiOnline


Tonight, Ken Williams, the founder of Packet Storm Security, released a letter to the public. The letter read in part:

Funny how I spent the past few years donating my time, literally thousands of hours, to "the security community", never making even a penny off the time and work I
invested, and have now lost it all because some asshole named John Vranesevich is able to make a quick phone call, fabricate absurd stories about criminal activity
and bullshit I never did, and effectively ruin years of work, my education, my career, my life.

Ken, I know what it's like to dedicate many, many, thankless hours into a project, believe me. But, you did not loose your site because of me, you lost it because of you. I
could not stand by and watch your site be used as a platform to harass and threaten my family, myself, and the business which I have worked hard to start. While you,
and others who 'follow you' may criticize me for what I did, I think everyone that's reading this, who has family members that they love, and a career that they enjoy,
will admit to themselves that if in my shoes, they would have done at least the same. I hold absolutely no grudge towards you as a person, and I hope that you have the
best of success in all that you do.

Due to the types of threats that I have been receiving, and that sites like PacketStorm have been propagating, local law enforcement agencies were put on alert, and
began doing extensive extra patrolling of the residence of my family members, my own residence, and the AntiOnline Offices. I realize that the actions that I have taken
against PacketStorm may greatly increase the immediate threat against my family, myself, and my company; and that the harassment will now only get worse. However,
I will not allow my family, myself, nor my company to become a victim. I am standing my ground, and will continue AntiOnline's mission of putting an end to malicious
hackers.

People in this country have the right to say and do whatever they please, unless that is, what they say and do infringes on the rights of another - anonymous.

Yours In CyberSpace,
John Vranesevich
Founder, AntiOnline

Re:The full Jp packetstorm FUD letter

[ddstreet]

I know Ken Williams, and although I didn't see the material in question or talk to him yet about all this, I do not think he would put the kind of content being described on his site. It seems (from Harvard's email) that he is getting his data back, which is good - I know that he has put a LOT of time into it.

If I knew more about this, I would comment on it, but PacketStorm is no longer up, so I can't see what JP alleged was on the site. The 'public letter' that JP refers to is at his old site, which is now inoperative.

It's too bad Vranesevich didn't contact Ken directly instead of Harvard. If he wanted the offending material removed, Ken could have done that, not Harvard. No, he wanted the ENTIRE SITE removed. That's pretty selfish; there was so much more to the site that just the small part the he had a problem with.

It's also interesting that Vranesevich describes AntiOnline's mission as 'putting an end to malicious hackers', but does any of the material that offended him really have anything to do with hacking? From his (JP's) description of it, it doesn't seem so. Assuming, of course, that what he said was on the site really was - which I am not convinced of. Perhaps a better question is, is Ken a malicious hacker? Not as far as I know, and in fact it seems that since he provided for free a very large and useful website that took much of his time to maintain, he definately NOT a 'malicious hacker'. In fact, I believe Ken (and PacketStorm) were (and hopefully will be again) very useful to many people around the world. I certainly don't think PacketStorm was getting 400,000+ hits/day because of AntiOnline insults/threats (if there were any there in the first place). Maybe JP should define what exactly a 'malicious hacker' is.

-Dan Streetman
ddstreet@eos.ncsu.edu

An outsider's view

Here's the story as I heard it from Harvard's unofficial side of things.

They received an email about this /jp directory, so someone cruised over there, saw what was there and shut down HTTP access until things could get straightened out.

Remember, Harvard was hosting the site as a favor to the creator and the community. It WAS an extremely popular site and was sucking up huge amounts of bandwidth, but it was deemed worthwhile.

So, while the issue was being investigated, (and from what I understand, the assumption was that there'd be some discussion about removing the offending material and hopefully PacketStorm would be back up shortly) Ken started this flame attack on Harvard, and communities such as this one completely accepted what he said at face value.

Suddenly Harvard, which was trying to do a Good Thing by hosting the site, was turned into the bad guy and being flamed across the net.

So they figured "Screw this" and told Ken to take his files and find somewhere else to host the site.

There was NEVER any intention of destroying the files, and with a bit of thought you should understand why. Even if Harvard was some malicious beast in this event, they'd still want the files to back up their allegations, right?

------

I know you won't believe this, since I'm not one of you. But that's the 'unofficial' story.

This event triggered my first visit to the slashdot forums, and frankly I was stunned by how many people took Ken's letter as total truth (ie, the big organization is stomping the poor little guy angle) but when the big organization responds, they're clearly lying.

Weird

Flame away.

Re:An outsider's view

[shri]

*sigh* Crisis management has taken such a turn in these days. A few years ago it would have taken atleast a couple of days between the various events that have taken place. Nowadays, everyone wants to jump on a hot story, be the first person to post, the first person to break the news (drudge, cnn etc all have fallen victim to this).

On a side note, I remember a story on segfault, called an anti-/. kit.... perhaps there is really a market to detect abnormal traffic (e-mail, hits on web sites, DOS etc..) and firing off alerts on various pagers?

Re:An outsider's view

[Hard_Code]

which is why I prefaced my comments with "If this is really true and there is no mitigating circumstance explaining Harvard's bizarre and rash actions then..."

Many of the main posts said that there was something fishy about it and it didn't exactly add up...that there was a side of the story not heard...not enough facts...

Re:Ken Williams denies sexual explicit content

[whoop]

How about a recap? Antionline has been refusing connections for me. Yesterday their nameservers were down, now this...

Placing the blame

[William+Aoki]

First, we need to ask: Was the offensive material really there?

If not, then Harvard and JP are at fault.

If so, then: Was the offensive material there before Harvard offered to host the site?

If it was, then Harvard is at fault, either for pulling the site or for offering to host it in the first place knowing what was there.

If it wasn't, then Ken is at fault for placing the material there.

Re:I'll do yours first because it was scathing and

[J4]

So your analogy is mute.

It's "moot", Sparky. Irregardless ;-)

What Counts

[Skyshadow]

All that really counts here is that Harvard is returning the data.

Yeah, the rest of the incident shows them to be completely spineless. So? Hey, as an ISP they have a right to yank anybody's web site if they want too; in this case, at least Packet Storm can go back up.

----

Re:What Counts

[Fastolfe]

I doubt Harvard ever intended to do that. They might have implied it, but more likely it was just something Williams said to bolster support.

That's what happens when you only read one side of the story and judge prematurely.

I think Harvard acted very professionaly here.

Re:What Counts

[Fastolfe]

I don't think Harvard was being very spineless at all. If I offered to host a friend's web site AS A FAVOR, and he abused my trust by using it as a private forum for his personal vendetta against someone, complete with pornographic parodies and all sorts of rather nasty stuff, I wouldn't hesitate to drop him.

Depending on how friendly I was with him, I *might* just ask him to get rid of the extra content, but with Harvard upper management now in the loop, I don't think they were out of line in the least by refusing to further host his site.

Remember -- this was done as a favor, not a contractual agreement.

Re:What Counts

[Mike+Buddha]

I'm beginning to think we need a "User's Bill of
Rights", and we need to start boycotting ISPs
that don't support that bill of rights.

That sounds like a fine idea, but I wouldn't be shoving a Bill of Rights into the face of the private institution that has agreed to host my site for free, given that it serves a specific purpose.

Remember, ISP's are not in the business of defining constitutional rights, they provide bandwidth and try not to rock the boat. I wouldn't want to have to spend money to defend my ISP (if'n I had an ISP) from lawsuits of people libelled by my users. Even if their cases have no merit, you still have to hire a lawyer to point that out.

If I had an ISP, I wouldn't agree to your bill of rights unless it included the ability of the ISP to yank any content that is cruisin' for a lawsuit.

Off subject, have you all seen Geocities new agreement that says that anything you put on Geolcities becomes their property?

Re:What Counts

[lar3ry]

Yes. My personal opinion of Harvard's network admins wasn't very high when I had heard that the data was going to be deleted without hesitation. Either the original report was misunderstood, or somebody had a change of heart after receiving complaints from the internet community. Either way, being able to re-create the site at a different location is nice.

I don't know what ISP would host a site as popular as that free of charge (unless banner ads were allowed). But I think that the next move would be to actually receive the data and start looking.

I sincerely hope that any people that sent complaints to AntiOnline or Harvard that specifically referenced Slashdot were written with cool heads and a moderation of actual flaming and insults; it would certainly make us look a lot more mature in the eyes of the outsiders. Of course, I know that this is just wishful thinking, especially after some of the comments made to yesterday's article here. [smile]

Anyway, things look a bit better now, and I hope that a new site can be set up quickly.
--

Re:What Counts

[doom]

> So? Hey, as an ISP
> they have a right to yank anybody's web site if > they want too; in this case, at least Packet
> Storm can go back up.

It actually bother's the hell out of me that
*all* ISPs are this spineless. Their legal
agreements all *suck*. "We get to do anything
we want, we guarantee you nothing, we take no
responsibility for what you do, but if we don't
think it's appropriate we'll stop you, we're the
sole arbiters of what's appropriate, and by the
way we can change this agreement without notice
and you've still got to follow it."

Is this anyway to run a brave new world of free information?

I'm beginning to think we need a "User's Bill of
Rights", and we need to start boycotting ISPs
that don't support that bill of rights.

Re:What Counts

[doom]

> Remember -- this was done as a favor, not a
> contractual agreement.

The point is that you wouldn't be any better off
with a website with Harvard or with a commecial
ISP: everyone's stated policy seems to be to cave
in the moment they get a scary legal notice.

What's wrong with saying "This has nothing to
do with us, we're just carrying the information,
we didn't put it up there. Take it up with the
person who's responsible for the content."

If you make an obscene phone call, can they
sue the phone company?

And would it make sense to require the phone company to screen all calls for obscene content,
to make sure that no one is misusing the service?

Re:What Counts

[Gary+Gnu]

We are not sure if Harvard was aware of the "extra"
content on the server specially the /JP directory
which seems to be the cause of this whole problem
and I am pretty sure that if they (Harvard) were
aware of this then they would have asked that
the pornographic and libelous content be removed
or else. Harvard offered to host the site
because of the security related content. Nuns
covered in seminal fluid doesn't fit in this
category regardless of public opinion

Re:What Counts

[platypus]

this stuff was on ken's side BEFORE harvard offered to host it.

Re:What Counts

[rawg]

If I'm going to let you on my system, its going to be by my rules alone. If you don't like it, then go somewhere else or build your own system. What are you thinking?

Re:What Counts

[patowic]

My first thought, when Ken said that Harvard would delete all his data, was that we weren't getting the whole story.

Do we have _proof_ that Harvard threatened to destroy all data, or was it just the accusation of a lone man?

Re:What Counts

[tqbf]

> It actually bother's the hell out of me that
> *all* ISPs are this spineless. Their legal
> agreements all *suck*.

What do you expect? If they didn't do this,
they'd inevitably get sued. It's not like this
is *needless* C.Y.A.

Blame the laws that prevent ISPs from being
treated purely as common carriers, not the ISP
industry's reaction to them.

Re:What Counts

[spiderbait]

hmmm, amusing that you use a quote directly from jp's statement. But let me say this: I have been a regular at PSS for over 2 years. I never saw nuns covered with seminal fluid. Nor would Ken allow such a picture exist in a publicly acessible directory

--Spider

Re:What Counts

[spiderbait]

rules Ken was given for the PSS web sight:

here's the root password, do what you want.

so, did Ken break the rules?

--Spider

Re:What Counts

[spiderbait]

pleas tell me you didn't jay the security community is hurt by PSS. As the largest most comprehensive security site in the world, you can't possibly belive it hurt the community. The contents of the alleged /jp directory were archived web sites. To preserve the thought and actions of the security commmunity, is NOT bad. The general consesus (sp) among REAL security professional is that jp is a farce. Thus the archive accuratly preserves the community's feelings about jp.

--Spider

Re:Antionline

[Aaron+M.+Renn]

traceroute uses UDP packets by default I believe. Though it does have an ICMP ECHO option. Of course UDP and the default traceroute ports can always be blocked too.

Libel not Slander

[gavinhall]

Posted by !ErrorBookmarkNotDefined:

Oy. When is this boy going to learn the difference?
Ooops. I believe I just "slandered" him.
There's something about this whole proceeding that reminds me of the Kennedy assassination.

-----------------------------
Computers are useless. They can only give answers.

Harvard is not an ISP, its a University

[Python]

Except that Harvard is not an ISP, its a University. Where freedom of speech is supposed to be sacred and protected. This just demonstrates that Harvard has no spine and only holds that ideal up when it suits them. Political Correctness at its finest.
--
Python

Re:Harvard is not an ISP, its a University

[spiderbait]

The interesting bit about how the consstitution was written, is that it doesn't apply to private entitys. Now, before you go all ape shit about what I just said, let me explain. Freedom of speach, we all belieave that our wonderfull country must protect this first ammendment to the constitution. However, the truth is, the GOVERNMENT cannot violate the right of a person to speak freely, but a private entity MAY. Yes, that's right. Harvard, being a privatly owned institution, CAN restrict what a person can say when on or using harvard's property. Is it politically correct, no. If thier right to protect thier name, yes. So you see, harvard did nothing (initially) that was unlawful., nor did Ken, nor did jp. You see why such a mess exists now?

On a final note, the constitution was written (originally) to protect people from the governmen, not to protect people from people. That's what our law making bodies are for.

--Spider

That would mean

[hawk]

that someone hacked into and planted a new directory on the server for a security site . . .

Anybody else see the irony?

[hawk]

Permission was granted to use a machine to run a security site, and the maintainer used it for other purposes. I'm not a member of the bar in that state, but in several others, this additional use would be theft of compter services--by a security site . . .

Re:Anybody else see the irony?

[spiderbait]

The fact of the matter is, that the offer was to host the site. in it's entirety(sp). the /jp directory was not new addition to the site, or even a recent addition. It was there when genocide2600 was hosting PSS, long before harvard even made the offer. By all rights, harvard should have reviewed the site BEFORE the offer was made. What's more is, harvard didn't even bother to review the site to see if the accusations were even true. They simply pulled the plug. Time to look at ALL of the facts boys and girls. Not just jp's version

--Spider

Re:How do we know who's telling the Truth?....

[ninjaz]

In common use around here, FUD has taken on a broader meaning - something said that isn't "politically correct" or something the speaker disagrees with.

Facts??

[Fastolfe]

Apparently you don't seem to be aware of the "extra" stuff Williams posted on his web site. It was all sorts of rather nasty comments, pornographic imagery, etc. Very very bad stuff.

Remember, Harvard agreed to host this site as a FAVOR, and Williams abused their trust by using the site for rather scandalous personal reasons. I think Harvard was perfectly justified in doing what they did.

An institution's belief in the "facts" has nothing to do with this.

YES

[Fastolfe]

Thank God there are still some people with a clue on this sorry planet.

On one hand I'm really glad Slashdot is as popular and has so many posters as it does, but on the other hand, it's really quite embarassing how many people here go off on what OBVIOUSLY little information that's been provided.

The Slashdot authors are just as guilty as anybody else. Read the headlines/abstracts for some of these stories. It's very easy to believe just one side of an obviously partisan story instead of trying to get the full range of facts.

Re:YES

[NoWhereMan]

True. But Harvard has not helped their case with the wealth of information they are providing ;-).

I searched for information yesterday and read the statement posted above. Seems to me like Harvard holds most the cards. They have the original JP message as well as any communications with Ken. Despite the education they are dishing out, it looks like they were the student in this issue!

Re:Ken Williams denies sexual explicit content

[Fastolfe]

No offense to Williams, but in this case I'm more inclined to believe the contents of the original complaint e-mail sent to Harvard over Williams' "statement".

Why would he send a letter to Harvard describing pornographic content when Harvard would just be able to look for themselves and see that he was just blowing a lot of hot air? The fact that Harvard DID act quickly and finally lends credence to the original complaint.

That's my opinion, anyways.

Re:Cool! But what happened?

[Fastolfe]

It was probably their position all along -- Somebody else above posted a reply to a comment that I think summed up Harvard's side of things perfectly.

Remember, this entire Slashdot thread was started by a message from Williams (the "victim"), and included only his side of the story. It's quite possible he embellished quite heavily.

Re:Ken Williams denies sexual explicit content

[Fastolfe]

Well whatever, I'm not going to get into an argument over this stupid little topic. I'm amazed it's gotten this much attention.

I'm just annoyed by everyone labeling one person's side of things as gospel truth before even hearing the other side of the story. When you do hear things from all THREE parties (including Harvard), stuff starts to make a LOT more sense.

Huh?

[Fastolfe]

I think I've done more than enough research into this whole fiasco.

The fact is that Williams e-mailed Slashdot with his whiny story, and Slashdot went with it. They simply thought to themselves, "Wow, the evil guy with money destroyed a valuable resource!" They made no effort to look at the "other" side of the story or validate any of the things Williams said. They simply assumed that what he said was FACT. For things like factual articles, where people are offering links to *real* news sites, this is a PERFECTLY FINE way to run a news site like Slashdot, but when you get into personal things like this, you're basically posting an editorial, not objective news.

That's what I was objecting to.

I don't expect Slashdot to do its own reporting and investigating, but I DO expect them to at least TRY not to be biased or partisan when they do post things like this. The instant I read the abstract I *knew* there was a lot more to this story than what was being said. Everyone else should have been smart enough to realize this as well.

FYI I've probably read more Slashdot articles and posted more informative Slashdot comments than you ever will. Don't go tell me to "Try reading" before I post, and *especially* don't do it as an AC.

securityfocus.com

[sighup]

Right now, securityfocus.com seems to be the best bet.

Re:I actually agree with harvard

[Tarrant]

What content is that? All I've heard is vague references to "sexually explicit" content.

So where is it? What is it? Do you know? If not, then why are you supporting one side or the other, sight unseen??

Ken Williams denies sexual explicit content

[andreas]

Ken Williams, author of packet strorm, claims that there never was any sexual explicit contents on his site. You can find his statement here.

Re:Ken Williams denies sexual explicit content

[Bartleby]

I'm guessing Harvard was referring to the "Back Orifice 2000" ad. Notice, they didn't say "sexually explicit"; they said "sexually related." Though I'm not particularly offended by it, I wouldn't want the banner on the college site I maintain.

Re:Ken Williams denies sexual explicit content

[shri]

Same here .. and this must be the second time in a couple of months that I have tried to access the site. Seems like they're blocking href's from slashdot.

Re:Ken Williams denies sexual explicit content

[deacent]

I don't think that was it. AntiOnline seems to be back (for the moment). There's an editorial at http://antionline.com/archives/editorials/packetst orm.html that includes a copy of the letter JP sent to Harvard. There's some explicit descriptions of the alledged sexual and libelous content. -Jennifer

Re:Ken Williams denies sexual explicit content

[fyrefly]

No the fact that Harvard acted quickly only means that they are impulsive and will do anything to avoid scandal. They did exactly what John Vranasevich planned. He says in his letter on http://www.antionline.com that he didn't know what would happen to the site he was leaving it up to Harvard, but in the e-mail sent to Hravard he implicitly says "I want this site shut down and the owner reprimanded." is this a contradiction? Those of you who know Mr. Vranasevitch and his probably also know that these kind of contradictions run rampant on AntiOnline.

Re:Ken Williams denies sexual explicit content

[spiderbait]

Yes, well, it would be one thing if harvard was acually talking. NON of the partys involver (at harvard) have made statement. ALL statement have come from public relations. How many of you have dealt with PR before? example: Recently my employeer was bought. In the press release, authored by our PR department, the president may statement. Our president did know he made these statement untill the press release was sent out. "...I'm glad for public relations. I could never have said that as well as I did if it wasn't for them." is what he said in our first staff meeting after the release.

--Spider

JP is loving this attention

[Kevin]

All this attention is probably making JP happy, since it's free publicity.

Hosting power.

[Eric+E.+Coe]

The issue is that currently, high-speed, always-on connections are not the norm - and so we have to use ISP and other dedicated hosting sites to provide our content. True freedom of speech will only be possible when high-speed connection providers (who are not responsible for the contents of sites they don't host, even if they are the common carrier for the packets to/from that site), connect your personal site box (sitting on your property) to the net.

The other issue then would be the disturbing practice of police to some and confiscate all of of someones computer equipment, backups, etc. on some phoney-balony charge (several stories come to mind) - thereby silencing that person.
--

Re:Verbal agreements and Phantom Machines

[Babar]

CMU is willing to stick up for people in its community, though, perhaps moreso than Harvard - I don't know without having seen the material in question. But when Scientology lawyers started sending letters to shut down dst's anti-scientology webpage, they didn't give in, and scientology lawyers are much more... intimidating... than JP, I would think.

Of course, there was also the whole porn thing...

PacketStorm

[negativ]

As an MIS admin I found everything on PacketStorm to be of the highest quality and I went there almost daily to check for security info that could affect my company's servers. I don't believe for a minute that PacketStorm was hosting smut or anti-John V. material...I think anti-online probably hates competition from a better site...I hope I am right in my opinions....If my T1 was hooked up I would host packetstorm on one of my company's webservers.... ... cat flames > /dev/null

Re:PacketStorm

[negativ]

just because i like to send them to the eternal bit-bucket doesnt mean i still dont enjoy reading them :)

Re:PacketStorm

[NullPointer]

As an MIS admin I found everything on PacketStorm to be of the highest quality

I couldn't agree more...

JP is pissing in his own backyard with stunts like this. Any admin at any ISP who hosts Antionline (including the current one) would do well to consider that he/she is hosting a service that is apparently committed to destroying the sites that all competent admins need.

If I worked for his ISP I'd have been on the phone yesterday, "What the... You did what!? PacketStorm was one of my primary sources of security information! I think you'd better leave."

Re:PacketStorm

[hey!]

mv flames /dev/null

would be a very, very bad idea. I'd say the poster knows Unix at least as well as you.

Moral of this story...

[tgd]

The moral of this story is, keep a copy of everything you've got. Harvard gave this guy back his data, but certainly didn't have to.

When you put data on a server that's not yours, you're assuming that there's reliable hardware and the ISP is doing regular backups. From experience, those are both assumptions that aren't good to make. Harddrives are cheap, CD-Burners are cheap. Keep a copy of your site. Even if it was four gig of data, that's five, maybe six CD's. Its not like all of it changes all the time.

Hell even if it IS your server, you should always keep copies of the data separate from your backups and the server. The government has been known to inappropriately seize servers at ISP's and things like that.

Re:Moral of this story...

[EricBlue]

I've got to agree...where were his backups?

Any prudent user would have his data backed up somewhere, no? Especially for the class he was taking.

I guess it's one of Murphy's Laws of Computing that you will be burned regularly if you don't back up. Then, you back up religeously for a while...

I'm glad to see Harvard returning the data. I don't blame them for washing their hands of this whole thing.

Williams did not back up /jp/

[J.+FoxGlov]

Scroll down to the bottom of the root directory. /jp/ was mirrored by the genocide2000.com admin (who is not Williams).

[quote]

Here is the REAL scoop on

John Vranesevich, aka JP

AntiOnline Founder, Jackass, Crackhead, Cock Smoker, Narc, Media Whore,

and the gimp who is currently diving into Carolyn Meinel's muff

--Mirror made available by doxavg@Genocide2600.com

[/quote]

J.

FUD == Status Quo

[NoWhereMan]

This is a simple test I look for when I see FUD. Who is dishing it out and does it preserve some advantage they think they hold?

Re:What a lame excuse

[NoWhereMan]

Hard to believe you did not hear both sides from the previous links. Did you notice the comments from others (minus the ACs) claiming that JP is not credible based upon prior experience? Listening to both sides is not an excuse for being gullible!

Can you spell A R C H I V E

[NoWhereMan]

This is the question I would like to see answered. Did Ken participate in the creation of the material or was he simply archiving it? Sounds like a number of people approved of the material Ken was archiving!

Re:I think Ken is lying

[NoWhereMan]

Maybe. We already have two versions of a single email Ken is credited with authoring. Given enough light, we can see who is trying to hide beneath the shadows.

Next Business - Anti Virus Software

[NoWhereMan]

And for the sequel, maybe he can sell everyone software that protects you from PC viruses (as long as you send him more money ;-)

JP is no angel.

[_Gus]

If anyone is harbouring any sympathy for JP in this affair, I would advise them to check out http://www.attrition.org/nega tion/special/report.html first.
Pretty good evidence and a pretty conclusive argument that JP is funding the very people he proports to help defend against.

Re:I guess he was a "malicioushacker"

[Zach+Baker]

That would be "The Sound and the Furry," a classic Tale Spin episode (available on tape!).

I'll do yours first because it was scathing and...

[Psarchasm]

special.

1) Intelligent people will support Harvard, ergo anyone criticizing their action must be intelligence challenged(tm).

Reply: Yes. But. Never did I say they would "support" Harvard. Not finding fault in something is not the same as supporting it. I'll even give you an anology to play with: "I can't fault the chicken for crossing the road, but its certainly not an action I would support." - I'll even give you a more relevent one - "I wouldn't fault Packet Storm's admin for posting his opinions of antionline's admin, but if I were hosting his box and recieved a letter like that, and had a familly to care for, its certainly not an opinion I would be able to support."

2) Censoring isn't very "Harvard", so rather than "censor" by requesting the removial of controversial materials, it is somehow more ethical and less "censorous" to go off half-cocked and delete EVERYTHING the site offered with no due process

You really think Harvard gives a rats-rear-end about the public criticisms from Slashdot readers and the 'haqer' community? You seem to think you wield a lot more power behind your keyboard than I think you do.

3) What harvard did was right. It was OK for them to spew FUD (untruths) because they needed "time."

Welcome to the real world. It isn't a pretty place and it hasn't been for as long as I've been alive. Harvard did what needed to be done at the time, yes.

If I understand your arguments correctly, burning entire libraries and spreading FUD about the personal lives and actions of the libraries is OK, even noble, as to do anything less (like lock up an objectionable book) would be "censorship." Anyone objecting to the burning of said libraries would clearly be stupid, as any intelligent person in the security community would support burning the entire library over the censorship the removal of one controversial book would imply. Interesting definitions.

A - The library wasn't burned. It was simply closed. Even if they did indeed 'rm -rf /*' there was a backup. So your analogy is mute. This is a poor analogy at best. How about if I give you a better one that I do agree with and is reasonable:

"If I open a private library with an office complex from which I lease free space (lets just say I pay a dollar a month), I go into that relationship knowing that at any day I could be kicked out of that space. But lets take it a step further, you see at this library you can only check out books on terrorism. How to stop terrorism, how to start terrorism, terrorism-terrorism-terrorism. But in one section of my "library" I have nothing but deragatory comments about Jesse Helms. Corresopondence with him are posted, what I think about him is posted, deflamatory pictures of him are posted on all the walls in the section of my "library".

Does the lessor have the "OK" to kick me out of my "library"?

Re:Credibility & A Rodent's Posterior

[Psarchasm]

I am pleased you included the 'if' in your initial sentence. Being a part of the Slashdot community I most certainly do not think it consists either soley or primarily of any of the above. I do, however, think that a large percentage of the anti-harvard rehtoric was coming from exactly that stew of people you mentioned.

Exactly what community and its view was I representing in any of my posts? I was speaking soley for myself, using "I" almost everywhere. I am quite comfortable in the real world though not always happy to be a part of it. The people that seem to be unable to grasp the concept of the real world are those that are arguing the injustice of doing the "right thing" (legally, socially, and politically vs. doing the "right thing" morally, heartfelt, utopianly.

Yes, Harvard cares very little about what the Slashdot community has to say. We are talking about a learning institution with a history that dwarfs even that of computers in general. Never did I say they shouldn't give a rats-rear-end about what Slashdot readers have to say, simply that they don't.

Yeah I know

[Psarchasm]

I know. I was typing quickly and only quickly glanced over what I wrote when done. My co-workers were only too happy to point that one out to me.

I'll have a W.O.P.R. with fries and a coke.

[Psarchasm]

Harvard took the site down because it became to controversial for them to take the time to deal with. They were doing the security community a favor and the intelligent people in the community would never fault Harvard for doing what it felt had to be done at the time.

Sure, they would be praised if they had simply contacted Packet Storms admin and told him that the offensive material would have to go or they would be forced to shut down the site. But then they would have become censors. Censoring content just doesn't seem very Harvard to me.

What they did was right. The actions they took, and the preliminary FUD they spewed merely gave them the time they needed to weigh thier options, without bringing about the wild accusations and rumors that would have flown in the face of silence.

Re:I'll have a W.O.P.R. with fries and a coke.

[lar3ry]

Sure, they would be praised if they had simply contacted Packet Storms admin and told him that the offensive material would have to go or they would be forced to shut down the site. But then they would have become censors. Censoring content just doesn't seem very Harvard to me.

Removal of a site is also censorship.

Maybe if they forwarded the complaint to the maintainer of the site and have the maintainer explain exactly how he was going to react to the complaint (remove the materials, shut down his own site, etc.) and then have the web admins decide if the action was enough. This seems nicer in theory, but it would have taken some time and the offending materials may have still been available.

However, whether or not the offending materials were ever removed, the fact remains that they may have been there, and they may have been accessible to anybody who knew their location. If so, the claim of damage may have still been valid and a lawsuit could possibly still been filed. (Of course, I don't even play a lawyer on TV...!)

I sincerely think that Harvard had a right to shut down the site, for whatever reason. And I think it proper for them to return the data, if that's what they are claiming that they will do. I cannot see how you can fault them too much for this at this point.

Again, we'll see if Packet Storm reappears in a new location. And I think that it will have a much better agreement with the entities hosting them than they did with Harvard... I hope that this may be a learning experience for Packet Storm AND for all of us.
--

Re:I'll have a W.O.P.R. with fries and a coke.

[cjs]

But then they would have become censors. Censoring content just doesn't seem very Harvard to me.

Removal of a site is also censorship.

Uh...neither of these are censorship. Censorship is when someone is prevented from saying something. Saying `I'm not going to host your web site or this particular bit of content' in no way stops the content owner from posting his content elsewhere.

Censorship is a serious issue, and it still does exist in modern democracies today. (There's nothing like the threat of a huge libel suit to silence someone without the resources to defend himself.) Please don't trivialise it by applying it to things that are not.

cjs

Re:I'll have a W.O.P.R. with fries and a coke.

[dirty]

Not if the content was illegal. Then it could be considered censorship, but justified censorship. I really can't picture harvard taking a stand on protecting content that it doesn't believe in. Had the actual security content been called into question then yes i would expect harvard to stand up and say something (it's not like they are in short supply of lawyers).

Irony... --nm--

[JerkBoB]

heh.

--
A host is a host from coast to coast...

Possible way to set up a critic for a AUP fall

[Jon+Luckey]

Do you think that whoever pulled the plug at Harvard trotted over to the physical computer, logged in and did a

ls -l /jp

and used XV to look at every file?

Doubt it. More likely they just pointed a browser at the URL from thier own desk.

Now consider hypothetical site A which posts critique about hypothetical site B.

Site A may contain hyperlinks and inlines to graphics on site B as examples. If site B wanted to make Site A look bad, they could clone their excerpted files, modify the clone to use unique URLs, then change the files that original URLs pointed to so they now point to nasty stuff.

The effect of this is when someone pulls up the critique on site A, the see a bunch of nasty text and graphics. If that someone is the sysadmin checking for acceptable use, is he going to look at the HTML to see if the content is actually stored locally on the site, or is it going to be assumed that content was purposefully put there by site A because thats whose address is in the address textbox in the browser window?

Unless fraud is suspected from the beginning, I can see the latter being the likely case.

Therefore it is entirely possible that site A could be set up to look like a porn provider or other nasty thing just because site A had hyperlinked content, without site A being rooted or expoited at all.

Was Packetstorm set up like this? Only the backup tapes can tell.

Re:Possible way to set up a critic for a AUP fall

[gotan]

I think some "sysadmin" type should (and would) ALWAYS look on the URL when checking on a site for some very simple reasons: he will want to know on which box (and where) the files are located, it's an easy thing to do (hey in all browsers i know the location is in very prominent view), and normally you don't stumble out of a site without noticing it, especially if the site is on the lokal net you might at least start to wonder about a sudden change in response times.
Even in the case of inlines the inconsistencies between text and images should make anyone curious.

What good security sites are left?

[philg]

I hate it when I hear about a (potentially) useful website only when it is shut down. By many accounts, Packetstorm was a valuable security reference. The published words and acknowledged actions of AntiOnline's owner makes me averse to having my IP in their server logs.

So, what good security resources are left out there? If Packetstorm were still up, I would undoubtedly have scoped it out for usefulness, and bookmarked it as a resource if it met my needs. Is there anyplace else comparable I can check out?

phil

Re:I'll do yours first because it was scathing and

[psaltes]

Education is not the business of dissemenating truth. Its the business of dissemenating "accepted" truth, and often, politically correct truth. I do not believe that Harvard is any different than any other university in this respect. Maybe they are just better at it. Truth is all about perception, anyway.

Learn a good quote, John.

[cswiii]

People in this country have the right to say anddo whatever they please, unless that is, what they say and do infringes on the rights of another - anonymous.



Yeah. The real reason this is anonymous is because no fool would want to be known for ranting this absurd statement!

In absolute terms, any right someone has automatically infringes upon the rights of others. You enact a law to outlaw murder. It infringes on my right to kill. 'Rights' are like energy, they can't be created or destroyed, only redirected/modifed, etc.

What an absolutely obtuse quote. The law is (or at least was) in place to provide safety to people more than it was to protect 'rights'.

I don't know much about John Vranesevich. But based on what I've read [from|about] him, that's probably not a bad thing.

Your Side Note...

[sp-]

Yeah, the new Geoshitties agreement has to do with their recent acquisition by, Yahoo I think?

With regards to the topic at hand, I can't believe people are on this board bitching and moaning about Harvard, AN EDUCATIONAL INSTITUTION, protecting it's own ass from being sued by someone using the bandwidth they DONATED. Packet Storm should be greatful that Harvard is giving their data back...
However, I am not saying Packet Storm didn't get screwed over by whomever made those calls to Harvard... those people who made the calls are to blame, not Harvard. Harvard should be thanked for how they handled it.
and no, i don't attend harvard, i attend U of L
:-)
------------------------------------------
Reveal your Source, Unleash the Power. (tm)

Re:Your Side Note...

[spiderbait]

Harvard IS to blame. the contents of the directory in question were unchanged from when genocide was hosting them. Harvard simply took the word of a known liar that the would be sued. Do you think genocide would have bowed to jp, I think not. jp's "case" was foudless. However, it did have the desired effect. The only bright ray of light here is that the world now knows what kind of person jp really is. A person willing to DESTROY a persons life and career because that person doesn't like him

--Spider

An odd sense of right and wrong

[FreeUser]

So, let me get this strait. You contend:

1) Intelligent people will support Harvard, ergo anyone criticizing their action must be intelligence challenged(tm).

2) Censoring isn't very "Harvard", so rather than "censor" by requesting the removial of controversial materials, it is somehow more ethical and less "censorous" to go off half-cocked and delete EVERYTHING the site offered with no due process, no notification, and no opportunity for the web page maintainer to copy his material to an offsite location (their belated agreement to give him the backups after being subjected to a storm of public criticism hardly counts).

3) What harvard did was right. It was OK for them to spew FUD (untruths) because they needed "time."

4) Finally, of course, we see the success of their strategy, in the resoundling lack of accusations and outrage their lack of silence has engendered.

If I understand your arguments correctly, burning entire libraries and spreading FUD about the personal lives and actions of the libraries is OK, even noble, as to do anything less (like lock up an objectionable book) would be "censorship." Anyone objecting to the burning of said libraries would clearly be stupid, as any intelligent person in the security community would support burning the entire library over the censorship the removal of one controversial book would imply. Interesting definitions.

Checksum or CRC code?

[Christopher+Thomas]

Also because it's a checksum of all the data between the --Begin PGP and --End PGP lines, if you were to download a copy of Ken's message and change the message in anyway and re-upload it, it would again fail.

Is it an encrypted checksum or cyclic redundancy check code? If it's just a checksum, you can fiddle with the altered message to produce the same sum. It's far more difficult to produce the same CRC code (I think), but which is being used here?

The most secure way that I know of to encode a message to verify that it's from you is to encrypt the whole thing with your private key. The receiver runs it through your public key as if they were sending it as a reply to you, and the plaintext pops out.

OTOH, this requires you to encode the entire message with RSA, which PGP doesn't.

Harvard acted fine! Slashdot'ers overreact AGAIN.

[wall]

I don't see how Harvard can be expected to host a site from an individual who is in NO way associated with Harvard. Not even a damn student!
Would your little University admins host a non-students web site? I freaking doubt it...
(as I assume well over 50% of you are still students) Hell, for those of you in the "real"
world (sic:jargon file) would your company in ANY
way wish to associate itself with hosting a non-involved site if you were not an ISP? Doubtfull at best.

Not returning the backups WAS out of line, however
they have returned what some courts have held up to be personal property, as an author. (web content) Harvard has distanced itself from a
controversial situation that their academic
charter has nothing to do with. (the anti-online
vs. anyone who objects thang)

Where did Harvard REALLY go wrong? Allowing their admin to host the site in the first place. Anyone
wanna bet he/she was severely reprimanded? Possibly threatened with release? A little birdie tells me he was getting his resume' together over this one...

da' fly

Antionline

[kevlar]

I haven't been able to reach AntiOnline all day... hell.. all night too for that matter... In fact, I did a traceroute, and couldn't even make it to his provider. Eventually JP (Gay Pee) will probably be shutdown because nobody wants to host a site that gets DoS'd everytime the site owner does something incredicly stupid and obnoxious. Thats my $0.02.
echo You Suck | mail JP@antionline.com

I actually agree with harvard

[dirty]

I think the content that is in question should never have been posted in the first place. If harvard had gone ahead and destroyed everything without giving kevin a chance to recover his data that would have been wrong, but since they are giving him his data back, he really isn't at any personal loss. I doubt he'd have any trouble finding a new place to host the site, most likely w/o the JP content. Most importantly he has his school work back. I don't know if harvard actually was going to delete everything in the first place, or if the publicity around the event made them change their mind, but the important thing is they are doing the right thing now. The only thing I can see them doing that would be even better would be allowing him to open the site up again on harvard's network w/o the jp content, but I doubt that would happen.

Re:I actually agree with harvard

[PCDoctor]

When you refer to not publishing the content about /jp - in general or on the Harvard server? If you meant in General then there's a bigtime problem. It's like the Mindspring vs. Anti-Abortion guy - he can post what he wants - Mindspring can control what is on their 'net. I want some limits on what my subscribers put on their web pages. No porn. No drugs. Anything else is fair game.
The anti-abortion guy did right for the 'net - he forked over the $$$ and got his own connection to his own server. That way HIM and only HIM is responsible for the content. Nobody so far has (or will) held any carrier responsible for content. That's about like holding the post office liable because inside that brown wrapper was a Penthouse mag.
If I had the bandwidth and hard drive space I'd offer to host his site. Except I use NT for my web server.

Re:Harvard acted very poorly: It's our party!

[Gary+Gnu]

Harvard has the right to do anything to the site.
Keep in mind that Ken was _INVITED_ to run the
site using Harvard's network connectivity and therefore
this is Harvard's party, if you do not like the
rules then you can take your business elsewhere.
I am impressed at Harvard handled the entire
situation by deciding to not host the site.
The same thing goes with anything. How would you like it when
you invite me over to your house and then suddenly you see law enforcement
raiding the entire place just because I had a search warrant and I didn't tell you.

Can't say I blame them

[webwalker]

When someone abuses my trust, they're likely to get dumped out on the side of the road. (Hear that Yahoo, Microsoft, Flashcom, Bell Atlantic...?)

As you're reading that response, consider...

[Zeitgeist]

That letter at hackernews.com is not PGP Signed, as his first, highly publicized letter was.

Just a thought.
There's a reason for PGP.

Zeitgeist

Irresponsible..

[ivan_13013]

IMHO, it's irresponsible to create a parody-in-bad-taste of a person or group you don't like, and associate it with a legitimate "hacker" security tools site. It's just as likely to sabotage your own reputation. as that of the target.

In another thread above, someone posted the url of an alleged copy of the data that was in the disputed directory. I don't know whether this is the actual content from the page but it seems likely.

Re:Irresponsible..

[DoXaVG]

It is a copy of what was in that directory. As for the reasons Ken had for having that directory on his own site, I can't say. It was his site, his decision, I can't defend him on that. I will however make the directory available so that everyone else can make up their own minds regarding it's content.

FYI, the majority of the content of that directory was created by others and found online. Too my knowledge Ken only provided a repository for the information.

--Dox

Re:What a lame excuse

[platypus]

It seems like you didn't get the whole story.
This wasn't a kid that was using his student's home page for distributing the latest and greatest script kiddy warez.
Ken did a lot of good and hard work (with a server like this, you probably have more to do to secure your site than the average web admin, esp. mass downloads and hacking attempts).
He refused also to do banner ads to get some money (I never understood why...).
Some time (a week?) ago he was _offered_ that harvard hosts his site - you don't get a url like packetstorm.harvard.edu just for asking or because you are a student.
Again - they offered to host him, and if I were him I too would have had the impression they would know what they get.
He has every right to complain....

What a lame excuse

[Khan]

uh..is it just me or does this sound like the LAMEST excuse for why they took down Packet Storm? I find it extremly HARD to believe that they would have had no knowlegde of the site "content". Unless their "security" is extremly lax, this stinks of the "uh..I didn't know murder was illegal" routine that Steve Martin used to use in his stand-up routines. I think Harvard jumped the gun here...period. It appears that they do not have the courage to swallow their pride and admit that their screwed up (this is standard Ivy League policy). It would have gone a LONG way if they would have simply said "Yup..we jumped the gun. Sorry for the inconvienance, but we don't want this site here." I think the Internet community does better with this kind of "honesty" rather than this bogus excuse. Oh well.

Re:What a lame excuse

[tin_can]

I think this whole thing has been blown out of proportion. It's obvious that he was not exactly a siant like many of us would like him to be. I think Harvard did the right thing. No, they didn't destoy the backups (which only made sense that they didn't) and he has his school work back. At this point he is just wanting attention. If you really believe in this kid, why doesn't somebody offer to host his site for him...(I have a feeling that only porn can generate the number of hits per day that he claimed) I dare you!

Re:What a lame excuse

[tin_can]

Okay, yes I have to admit I probably over stepped my bounds by suggesting he might be involved in porn, they were groundless. And I have to say I was suprised to see the fellow /.er's already rebuilding his web site. Which now leaves Ken with *Nothing* to complain about. Anyone who has gone to a university knows they will react like this. Higher education is famous for it.

Website: Being restored
School work: Back in Kens hands
Pride: Probably better than ever considering the attention this has caused.

-A wise man will always hear both sides of a story. I would really like to hear more form Harvard or JP on the matter.

Re:What a lame excuse

[tin_can]

I don't remember ever saying anything with regard to JP. I agree, he isn't dealing with a full deck. I'm just curious about the politics at Harvard that would cause somehting like this to transpire. None of it make sense and when things don't make sense, usually somehting is missing. I still think there is more going on than we a led to believe.

Re:What a lame excuse

[kniedzw]

Unfortunately, Harvard has a vast number of web servers scattered across their campus. I know for a fact that the overarching administration don't neccessarily have admin access to every one (they don't to several I work on regularly). That they don't check the content of all web sites in the domain harvard.edu on a regular basis is perfectly understandable ... especially since they ostensibly support free speech.


Their policy is generally very hands-off unless someone actively complains to them. ...as we have seen.

Re:How do we know who's telling the Truth?....

[QuMa]

FUD means Fear, Uncertainty, Doubt. Mostly as a tactic of a large, redmond-based software company, but they're not the only ones using it... They probably wanted to get a copyright on it but weren't allowed to :-)

My My My...

[JohnnyCannuk]

Well, I've just spent the last 2 hours "hacking" through the Ken vs JP stories here on /. and I must say its really quite amusing. One group Says "yay..us HaXor doodz will destroy anti-online" and other says "hey, that's a violation of free speech! You can't do that!" another says "Yes they can!" Blah blah blah....

For me it boils down to who owns the computers - Harvard. Just as I don't have to have any program on MY computer that I don't want (are you listening MS?) Harvard doesn't have to have ANYTHING on THEIR computers that they don't want, irregardless of free speech or who owns the content. So Harvard did the right thing.

As for the rest, well, it reminds me of two 10 year olds fighting. Personally I don't thing either is telling the whole truth. JP may well just be a "wannabe" who is pumping himself up. But I have also seen some of the "evidence" published by a great many other sources that are, to say the least, laughable and and insult to the intelligence of anyone on /. It seems to me these two kids did something along time ago to each other so they now hate each other and they will battle it out anytime and in any forum. And often in war, truth is the first causalty.

Is JP a rogue bastard who is selling snake oil, making up "hacks" so he can ride in and save the day? Sure, its possible.
Its also possible that Ken has enginieered a great many of these so-called "evidence" logs and irc sessions as a disinformation/smear campaign. Either scenario is just as plausible as the other.

Frankly I don't care who is right or wrong. Both sides are indulging in Ad Homenem attacks, which is the least logical, poorly premised and misguided of all arguement. If you can't attack the aguement attack the arguer...

This is incredibly childish. I don't beleive either side. The sad part is that two fairly decent sites for getting security information (anti-code that is, not antionline) are gone (for now) and we are all losing out on information.

Now, when the teenagers are done with the pissing contest, perhaps us adults can get down to the business of discussing some REAL issues...

Re:My My My...

[Hard_Code]

> Its also possible that Ken has enginieered a
> great many of these so-called "evidence" logs
> and irc sessions as a disinformation/smear
> campaign.

Well, an IRC admin who used to work with JP testified to his antics. (NO, I don't know that that post itself wasn't made up but I'm pretty it was genuine).

> indulging in Ad Homenem attacks

One of whose attacks was the instagatory attack, not to the person himself, but to his admins who hosted his site, smearing his name and threatening his data.

Harvard acted very poorly

[The+Toad]

Why didn't they simply ask that the content to which they objected be removed?

Since there were no written agreements between the creator of the site and Harvard (according to the creator of the site), I find it hard to believe that Harvard had set up any rules prior to this incident regarding site content. If they want to create rules after the fact, then they should have, at the very least, given the guy an opportunity to remove whatever they objected to before permanently revoking his ability to access the server and shutting it down. It would have been *very* simple to just temporarily turn off http and ask the site creator to remove the content that they didn't like.

Harvard overreacted in an extreme way that reflects very poorly on them.

Re:Verbal agreements and Phantom Machines

[lightPhoenix]

I would say this situation varies greatly from college to college. At (the) Ohio State University, things are locked down pretty tightly, not just for dorm resnet'ers, but even for OSU employees. Take me for instance. I work helpdesk. We are lucky to get away with having tribes (a quakish type game) on the machines, and thats only b/c us students are careful about hiding/using/etc. But to put a server? Hah, we'd get reamed up on side, down another. Heck, we've even been told (officially) having any mp3s on our work computers is a Bad Thing.

Overall, what OSU wants the high-speed internet access to be used for is a phat modem. Web, irc, mail, (firewall borks ICQ, yes even w/ firewall settings in ICQ) is okay, but no servers. Not even telnet. Man, OSU internet access sucks. (/whining)

So, thats how my college works (or doesn't).

-jeff

Mob mentality

[Josh+Turpen]

It's called mob mentality, and /. is full of it (myself included). Just follow any holy war on here. When ignorant people get religious you end up with crusades.

Even if every /. reader only made half informed emotional posts 1% (reasonable) of the time, the sheer volume of traffic on /. makes mob mentality a painful reality.

Re:I'll do yours first because it was scathing and

[remande]

3) What harvard did was right. It was OK for them to spew FUD (untruths) because they needed "time." Welcome to the real world. It isn't a pretty place and it hasn't been for as long as I've been alive. Harvard did what needed to be done at the time, yes.

Survey says...XXX!

Living in the real world is no excuse for doing the Wrong Thing. Spreading untruth is almost always the Wrong Thing, and it is more so for Harvard.

Not only is Harvard a college, it has a valid (though disputable) claim of being the best college in the world. Harvard is in the business of education. They are in the business of dissemenating knowledge. They are in the business of dissemenating truth.

Every lie, every piece of FUD that Harvard puts out attacks their own credibility, their own reputation. Where are they without that?

Still not quite right..

[Spiv]

Actually, you get to put in two email addresses - the one that your password is mailed to, and one that is publicly viewable on all your comments. The first email address is never publicly viewable - ever noticed the number of xyz@NOSPAM.fred.com addresses?

Wow

[itachi]

That's the best possible explanation I've heard or thought of yet. It makes sense from Harvard's point of view, and it fits with the information we've got better than what Messrs. Williams and Vranesevich said. Thank you, I appreciate your post.

itachi

Give it all back!@

[metalman]

I'm just happy for Ken Williams. Having all that data and work destroyed would not have been cool.

I hope Harvard follows through and gives it back..

Verbal agreements and Phantom Machines

[PapaZit]

Most colleges and "academic environments" have official rules that cover things like this. Hackers and 3133t war3z d00dz have been around for long enough that almost every university with an internet connection has policies in place for appropriate content.

Colleges also tend to have a high level of trust. If you work for the college in any sort of technical capacity, you can get away with a lot of things, because it's assumed that you have a good reason for breaking the rules.

It's pretty common for people around here (CMU) to have vanity domains and private web servers on their work machines. It's also pretty common for people to create accounts on their machines for friends, or even put machines on the network for outside friends to play with. This is all strictly against policy, but so long as nobody complains, we don't worry about it too much.

If we were to get a letter from someone who was threatening to sue us because of the actions of someone who isn't even affiliated with the university, we'd stomp on them hard and fast. Covering our collective ass is more important than looking the other way while someone breaks the rules.

I don't know if this was the situation between Harvard and Packetstorm, but it does sound that way. Universities run on paper, and there's no way that they'd officially permit an outsider to run a machine on their network with only a verbal agreement.

Several didtributed hosting projects in the works

[cynicthe]

Keep coding. We'll be behind ISP's soon.

Re:read closely and think about search engines

[kvikk]

The odd thing is that if you tried to go directly to any other, page/directory under packetstorm, but the main ones, you would get a page saying something along the lines of; 'access denied. Due to cretins linking directly to files on this sites, and hogging bandwith, we do not allow direct access to packetstorm-content. Please go thru the frontdoor.'
For that reason he couldn't have found it thru a search-engine aswell btw.

Re:Packetstorm was framed

[kvikk]

He *did* have a directory called jp, which contained defamatory material, and he had set it up himself.. he would link occasionaly to articles from it under the new-files-site.
Kinda silly really, considering he was well aware of the shitty things jp could do.

Fear, Uncertainty, Doubt.

[Rocket+Boy]

It is a tactic used by people/corporations to pump themselves or their products up and slam or destroy the competition's stuff.

Examples

Fear - "Our proprietary system is the most secure on the market. Why would you want to use a security system that is open source? I mean, it can be reverse engineered!"

Here, Proprietary != Secure spreads fear about their systems integrity.

Uncertainty - "XXX is the wave of the future. YYY is the old way of doing things. Why would you use a system that will be obsolete in a few years?"

Who knows if it will be obsolete? I don't have a crystal ball. Neither do they.

Doubt - Create doubt about your competitors and the above two are also created.

These three things are intertwined tighter than anything else. You cannot have one without creating another in the process.

RB

Flamebait?

[Rocket+Boy]

This was an exerpt from an actual letter JP Wrote! And a comment about it.

Hardly flamebait. Unless the moderator is JP.

read closely and think about search engines

[boarder]

Firstly, I'm not defending that JP guy; he sounds like an a** In his letter, he said "I was forwarded this URL." So he didn't just happen to run across it, it ran across him. Also, if he hadn't been forwarded it, he could have just found it on a search engine. Just because it has an odd URL doesn't mean it is hard to find. You can find on AltaVista URLs much more obscure than that.

Re:read closely and think about search engines

[Hard_Code]

Well if the web spider found a page that linked to the otherwise-inaccessible page, it could very possibly be found by a search engine. I have heard, though, that the site was set up with "robot rules" which kept (well-behaved) spiders from even indexing the accessible pages.

Re:read closely and think about search engines

[DoXaVG]

Yes, we used some apache referral directives to enforce our policy of no direct linking to files on our server. This was due to a tremendous amount of people putting direct links to the PSS files on their web sites and had nothing to do with blocking search engines (although IMO that was a positive side effect). I don't know if the /jp directory was covered in our referral rules, considering how it was layed out, I suspect not.

The directory was never "hidden" however. There was no index.html in it, so anyone with half a brain could figure out how to list if they had viewed any of the documents in that directory. I do not know if there was a direct link to the /jp directory or not - I suspect there was, but I don't feel like grepping through all of Ken's .html files to prove that point.

--Dox

Cool! But what happened?

[Sun+Tzu]

Does this represent a change from a previous plan or was this Harvard's position all along?

Regardless, this is the right thing to do.

Re: well...

[Hard_Code]

I'd like to know if these claims are true or false. It seems if they are actually true that they may in fact be illegal in and of themselves, regardless of AO's and Harvard's feelings.

Another story here on ZDNet

[tarantula]

http://www.zdnet.com/zdnn/stories/news/0,4586,2287 456,00.html

Harvard's Wimping Out

[jplan34]

It seems to me that Harvard's wimping out here. From everything I have read they didn't take the time to investigate the allegations for themselves, and instead just accepted them as truth. As an ISP Harvard certainly has the right to yank material that might damage their reputation or good name. However the actions they did take seem to have damaged their name more.

When did someone (jp) get the right to ask for a site to be shut down because it contained sexually explicit material? Last time I checked there's one or two other sexually explicit sites out there. Maybe they'll get shut down too...

taking Harvards point of view

[gotan]

While some postings called Harvard spineless, i think what they did was just necessary:
To act before the news hits the papers, put out some "clarifying comments" as fast as possible and get anything that even remotely looks as if it might be suspicious of their doorstep.
The reason is, that they have to fear legal action from "jp" and, what's worse, a newscampaign which might damage their image in the worst way (hey just think of the feast some kind of reporters would have accusing harvard of publicizing pornography over the internet).

Packetstorm was framed

[bahamlabs]

What was the webpage address... something like
http://packetstorm.harvard.edu/jp/ ... How do you just so happen to run across a website address like that. Personally, if it did exist, I think it was planted. This is all a setup, Packetstorm was framed.

now what?

[cmastro]

OK, so Harvard cracked under pressure (if you can even call it that) and decided to stop hosting the site. Any other takers? It would be great to have the site back up.

Re:How do we know who's telling the Truth?....

[SpaceCadet]

Of course, it also means much the same thing as FUBAR, depending on the situation. Which still fits the Fear, Uncertainty, Doubt definition - but there're times when it's better to just say "F*cked Up Data," particularly if the FUD may just be a perpetuated mistake.

"Never ascribe to malice that which can be adequately ascribed to incompetence." - Some Dead Guy ;)

You have to believe someone

[Convergence]

You have to believe someone and what they claim is going on.. Do you think CNN has impartial reporting? Hell no, they ignore some stories, and emphasize what they want about the stories they post.

Slashdot isn't much different. Perhaps if harvard or JP decided to post on here and respond in a reasonalbe manner things would be different. They have had the opportunity to speak out, and haven't. Is that our fault?

It seens like harvard is lie-ing

[Leech_boy]

ok, first harvard is calling ken a hacker, that stole harvard's password.
And now they saying that packetstorm had sexually-related material.
Which neither of them is true(as far as i know)

Re:Ken Williams is not a LIAR!

[DoXaVG]

The /jp directory was posted by me not by Ken Williams. Get your facts straight next time you post such crap. By the way the README file in that directory clearly states that _I_ was the one to make the directory available. This particular post stinks of JP in my opinion.

--Dox

How do we know who's telling the Truth?....

[Heckler]

... In cases like this? What with the malleability of electronic information, both parties could present "evedence" to prove their own cases and no one would be the wiser? I myself believe Packetstorms side of things, but hey...

-Heckler
P.S. Pardon my newness, but whats the "FUD" in a "FUD Letter"?

Re:I guess he was a "malicioushacker"

[AssKey]

I think you got it. That's what I was thinking. If I had only been fast enough *I* would have gotten the cool points. Oh well.

Question.

[AssKey]

Man. He seems like your basic opportunist attempting to stir up crap. Is there anything legal that can be done to him based upon all the evidence against him? We don't need people like this ruining our net. We certainly don't need people like him inflating issues and blatantly fabricating things. It ruins the lives of people like Kevin Mitnick. I hope this Kevin can find a way to sue him. I'm sure the packet monkeys are going to hose his website for a while, but I'm not really for that. He needs to be taught a legal lesson if that's possible.

Re:Harvard acted fine! Slashdot'ers overreact AGAI

[spiderbait]

Acually.....

UIUC does more for us (novaNET Learning) than just host our site. They are currently (untill the final switch over for the company the just bought us) paying approx. $18,000 per year to keep us connected to the internet and have been doing so for 7 years. As for hosting a site like PSS for free. As a sysadmin, I would offer it up in a second if I could. unfortunatly, our product requires massive amounts of bandwidth (we currently have 14 T-1s and a DS3) and can not spare any for an unrelated site. If our customer base were to increase dramatically I WOULD offer Ken a place for PSS to live.

--Spider

I think Ken is lying

[jadiel]

I think Ken is lying. If Harvard did such a thing and Ken does not have sexually explicit material, then Harvard is a fool and about to be sued...but I think Harvard is smarter than that.

Here is a copy of a message from Joe Wrinn after I sent a message to him:

------------

We stand by our statement

>Do you have proof of sexually related material?
>
>Sounds like you are about to get sued if you don't have the proof.


Joe Wrinn
Director, Harvard News Office
1350 Massachusetts Ave., Rm. 1060
Cambridge, MA 02138
Phone: 617-495-1585
Fax: 617-495-0754