July 24th, 2001, 08:50 PM
I am, and always have been interested in the articles you
have posted reguarding internet and tcp/ip security issues.
I believe that the more people who are informed and
knowledgable as professionals in this field, the better.
When someone discovers that a lock on a door is childs play
to open it makes perfect sense to say "hey ... did you know
that if you just slip a credit card *here* the whole thing
pops open?". I sincerely hope that three things happen.
1) .. the government realizes you aren't out to get them.
2) .. they consider using a different lock!
3) .. it makes people consider carefuly security and hire
professional help should they require it.
.. best wishes
Senior Systems Engineer for MCI Systemhouse
Hey, I like the analogy of the credit card door opener. Heh, mind if I use that one in the future =)
Just wanted to say keep up the good work guys.
I find it hard to believe that govt. agencies and/or
contractors are being allowed to threaten the rights of
citizens for no other reason than the govt.'s own
incompetence. You definitely did the right thing in posting
the letter. It's good to give people a look at just what type
of strong arm tactics our own govt., will employ. Although I
personally am quite naive in the ways of hacking, I thoroughly
enjoy reading about it at your site on a regular basis. Once again
keep up the good work and don't let those govt. morons stop you
from pursuing this worthwhile project.
A Concerned Citizen
Thanks for the kind words, and I hope you continue to visit and enjoy our site (how was that for a stock response, heh).
I worked at a DISA defense megacenter for three years with
people like peter farrell. People like him is why i left.
I don't know where he got the idea that he is the legal
spokesperson for DISA. The problem with these people is they
are usually the most egotistical people in the computer world
but usually equally low in actual talent. If he were doing his
job of running his system half as much as he is running his
mouth he would not have been cracked in the first place.
Until DISA stops catering to the attitude of their employees
who only do what is specifically stated in their contract and
not a bit more, they will continue to be an embarrassment
to the DOD. The people I worked with had mainframe system
security knowledge that was decades old and had no under-
standing of the internet.
Just my 2 cents worth, keep up the information to us....if
DISA had their way the truth would be swept under the rug by
people like farrell.....
Well, that's exactly why we publish the type of information
that we do. If we want to keep AntiOnline as "A Rick's Cafe in the Casablanca world of hacking" where
sysadmins and hackers can exchange ideas with one another, two things must happen. AntiOnline
must not be subjected to hundreds of hack attempts a day, and governmental employees must not
try to get my house raided. Let's all play fair, huh? =)
Excellent coverage of computer security issues!
Please keep up the good work.
A quick comment...please don't take this as criticism...
but as you enjoy the spotlight
of national publications which direct readers to
antionline.com, you may want to consider spell-checking
your postings. I know it may seem picky, but proper
spelling can go a long way in enhancing the professionalism
and legitimacy of your site.
Ok, ok. I get a good dozen or so of these letters a week. But GOOD NEWS! I have
just purchased one of those fancy spell checker things that allow you to spell check documents that have HTML
in them! Luk for improoved spellin comin to AntiOnline sumtime this week!
To Whom it may concern:
It seems to me, these days, system administrators think they can keep
outsmarting the hacker. But what they don't realize is, they make key
mistakes in the protecting of their data. Just last night, a good
friend of mine's domain was subject to a leakage of credit card
information. His local tech guru's were stumped. He had thought it was
a local breakin on one of HIS machines. WHEN, in fact, it was his
DOMAIN SERVER!. His host, aitcom.net, holds 14,000+ domains. Now you'd
think security would be a must. But, we found the problem, a friend and
I, it was a simple PHF exploit, that could have been solved by an
upgrade in Apache Server Software.
I just find it really really, well, arrogant that, system
administrators think they have the perfect security...When they overlook
very simple keys to a possible break-in. 14,000+ domains could have
been lost due to malicious intent, although, my friend and I notified
them of their flaw, in hopes that they will correct it, so that further
unauthorized data accessing can be prevented.
I understand that no system is secure...it never will be, someone will
always find out an exploit, and the system will be scrapped again to
another version. BUT, I find there is an important lesson in this.
DON'T OVERLOOK EASY ENTRIES. Even though they seem impossible,
aitcom.net could have lost 14,000 domains. Would not have been a good
day for them.
Oh, and I want to sympathize with your troubles with DISA....Don't let
em bully you, freedom of speech is important in this country, USE IT.
Keep up the fight.
You bring up some very good points. People in the computer
security field have a saying, the only way to 100% protect your computer against attacks
is to unplug it and put it back in its box.
I would just like to say how much I like AntiOnline and that you
have my support. I may only be a "14 year old hacker" as you say, but
I'm not foolish enough to take all of your exploits etc., and use them
maliciously. I don't "hack" anything, I really don't think it's right
to destroy information and other stuff just for the hell of it. I
mean, I have a web site and can program, but I don't feel like getting
busted for doing something stupid for absolutely no reason. I can gain
knowledge from books, although I do some people's points. So you can
honestly say that I'm a 14-year old kid who is educated by your site.
It is a great information source. I don't trust the mainstream media
for news on computer security because there always seems to be some
inconsistency with the information they give, or they hype it up for no
reason and make it look like some national crisis has occured because of
some "hacker kid" sitting behind his or her computer. BTW, I also say
the article in the Interact section of the Pgh. Post-Gazette. I thought
is was really good. Well, good luck and may the first amendment be with