About a year ago I noticed a strange connection to one of my machines (telnet/SSH.) @ first it
appeared to origininate from within my ISP's subnet. Upon further figuring and head scratching
I realized it wasn't, it actually was from a dial-up in Bulgaria of all places (WTF moment here). You know the deal, close the port, refuse connections, grep for unwanted spooge. Then I got
angry, I connected to the machine that had tried to connect to me. Slammed the port, calmed down and read my connection logs. I realized what was occurring and decided to contact my ISP - think third planet and stink. Trying to apprise the tech was like trying to describe the Casimir effect to our current president. Anyway, the call got bumped to a "higher level" of support.
Useless, so I asked for the engineering dept. e-mail address. I was really tweaked about this.
Sent an e-mail detailing exactly what had occurred and my actions to counter them. Along with my info on how I thought they might study the obvious breech. The activity wasn't a zombie it was a manned execution of (method here). One week later, my account is shut down, no explanation. I call up and I am told some ridiculus code word meaning "hacker activity",
gibberish. I think well as soon as I speak to someone in authority with a clue, everything will be cleared up and they will thank me for the info. Wrong, they refused to reinstate my account, they denied the huge security hole in their networks and they stated that my web documents where now owned by them. (another WTF moment here). Called the liar *ahem* lawyer, he said to many beans would be shed for obtaining my objective. Proving they where wrong and I was right. It wasn't worth the expenditure. Damn,
I'm still pissed over this. I dropped it though. he was right. What can we learn from this, "no good deed goes unpunished". Yes stated many times recently. But if the facts as portrayed are true about this tech who the FBI did wrong, I'm sending my cash to him. That is my point, how many rights (in America) are we going to continue to give up due to apathy and fear. Instead of talking to the guy and investigating. They arrest and threaten. Would it not have been better for them to gather intelligence on the way the breech occurred and then submit a security advisory if warranted? They work for us or do they? Should I have been prosecuted?
Slashdot Mirror
appeared to origininate from within my ISP's subnet. Upon further figuring and head scratching
I realized it wasn't, it actually was from a dial-up in Bulgaria of all places (WTF moment here). You know the deal, close the port, refuse connections, grep for unwanted spooge. Then I got
angry, I connected to the machine that had tried to connect to me. Slammed the port, calmed down and read my connection logs. I realized what was occurring and decided to contact my ISP - think third planet and stink. Trying to apprise the tech was like trying to describe the Casimir effect to our current president. Anyway, the call got bumped to a "higher level" of support.
Useless, so I asked for the engineering dept. e-mail address. I was really tweaked about this.
Sent an e-mail detailing exactly what had occurred and my actions to counter them. Along with my info on how I thought they might study the obvious breech. The activity wasn't a zombie it was a manned execution of (method here). One week later, my account is shut down, no explanation. I call up and I am told some ridiculus code word meaning "hacker activity",
gibberish. I think well as soon as I speak to someone in authority with a clue, everything will be cleared up and they will thank me for the info. Wrong, they refused to reinstate my account, they denied the huge security hole in their networks and they stated that my web documents where now owned by them. (another WTF moment here). Called the liar *ahem* lawyer, he said to many beans would be shed for obtaining my objective. Proving they where wrong and I was right. It wasn't worth the expenditure. Damn,
I'm still pissed over this. I dropped it though. he was right. What can we learn from this, "no good deed goes unpunished". Yes stated many times recently. But if the facts as portrayed are true about this tech who the FBI did wrong, I'm sending my cash to him. That is my point, how many rights (in America) are we going to continue to give up due to apathy and fear. Instead of talking to the guy and investigating. They arrest and threaten. Would it not have been better for them to gather intelligence on the way the breech occurred and then submit a security advisory if warranted? They work for us or do they? Should I have been prosecuted?
-tek tweaked and sigless...