July 24th, 2001, 09:22 PM
Hi. yesterday i provided my email address to your webpage to get the "free security analysis" offered at the bottom of the main page. it told me it found 244 "problems" and that the results would be emailed to me in 1120 (!) minutes. well i havent heard anything and am getting the impression this is just a bogus way to get peoples email addresses.
Is this a legitimate security scan and if so when will i receive a response?
if this is not an actual security test and just a way to get database/marketing or similar info ("Webtrends Network" - i shoulda known) i think it is completely inappropriate to have something like this on a web page where people are trying to get basic information on network/computer security. you are doing a diservice to those who visit your site.
i would appreciate some explanation. i was otherwise very impressed with antionline's site.
First off, I REALLY hope that you misread that page. Because if your
computer has 244 security problems, I would unplug it and throw it away if I were you. Secondly, no, it's not some sort of e-mail address scheme (cracks me up the way people think sometimes). It takes an average of 5 minutes / computer for a scan. Unfortunately, the people interested in the scan far surpased what both myself, and WebTrends had planned it would be. We are working with WebTrends, and hopefully they'll soon be able to upgrade their systems to handle these requests in a more timely fashion.
tim Submitted The Following:
Hello again. I forgot in my last e-mail a thank you. I called your number for some information. I was shocked i talked to a real person. No hitting numbers. No 30 min wait for someone to tell me i hit the wrong number please hold. lmao.....thank you for your help.....
Yes, the rumors are true. There are actually real people working at AntiOnline. Scarry, isn't it? We take quite a few calls from people in any given week, asking for help or advice on this problem or that. Usually we have no problem with it, and are happy to help out. One time, however, things got ugly when we fell victim to some sort of stalker with a mental retardation. He called literally 7 or 8 times a day, and when we blocked his number, he even went so far as to go down to his local library and fax us a note, begging us to talk to him. What was his problem? He was having trouble subscribing to our MailList. We are contemplating hiring a special-ed teacher part time to handle these types of requests in the future.
Jordan Katz Submitted The Following:
I noticed that your site goes down pretty often recently. Is this always going to be like this?
Well, I THOUGHT we had the problem fixed, but apparently it returned. Heh. We have it taken care of now. The new addition of our member pages (which is now close to 1,000 separate pages), and an upgrade to AntiCode, had really maxed out some of our systems. But, things should be configured to handle the load now. OH, because of this increased demand for content on the AntiOnline Network of sites, we are going to be upgrading the connectivity into our offices. It will take about 30 days or so (gotta love ma bell), but after that, users should notice a significant increase in speed when visiting our sites.
Ingma Submitted The Following:
i would like to see porve of your skills send me 10 or more working credit card numbers and nmaes for a reward if you can porve yourselfs worhty since ou seem to be the best of the best
How much you wanna bet me this guy isn't from Brazil?
It's nice to see someone else catch hell for an article posted on AntiOnline besides me for once. Don Wiseman submitted the following after he flubbed the dubb on oldies music lyrics. It scares me that there are actually people reading this site that know songs like this...
Tambourines and Elephants
Boy, response was quick on the _NSAKEY article. I was rightfully taken to task for having my facts wrong. As you can see from the corrected title above, it was not "tangerines" but "tambourines." The lyrics I totally flummoxed should read:
· "Tambourines and elephants are playing in the band."
· "Doo, doo, doo, Lookin' out my back door."
My apologies to CCR and Fogerty and all CCR fans. I'm so ashamed. In penance, we've been humming that tune around here for two days. Thanks Steve.
One more thing. MicroSoft was asked why they had to have two keys when one would have done it. They replied it was in case of a natural disaster and that the keys were safe behind barbed wire. Now, about five years ago I took a two hour class in disaster recovery. That is also a function of one of our IT security areas, so I figure by dint of distant education and osmosis I qualify as an expert. And one thing I don't understand is the "barb wire" remark in conjunction with natural disasters. I mean, if it's a flood, I have not seen any type of barb wire that will hold back the water. Nor does it impede fires. Tornadoes and hurricanes laugh at it. And earthquakes? Come on. It might slow down an avalanche for a second or two.
If they meant that no one can get at the key, they ought to look at our prisons. The prisons are surrounded by barb wire and the meanest looking razor wire you've ever seen. Yet several times a year, prisoners ignore the barb wire and escape. When they return, they are usually semi-naked (they think that discarding their clothes will fool the bloodhounds), starving, covered with insect bites (or worse), and seem almost glad to be back in a nice, safe prison. These are not master criminals of the Moriarity level. It is axiomatic in security that gates, guns, guards, badges (and presumably barb wire) have never kept out anyone really wanting to get in (or out).
The other negative letter indicated that I was not taking the situation seriously enough. My philosophy is that the situation may be serious, but if we take ourselves seriously, we are probably in a lot of trouble. Those who take themselves seriously find laughter almost unendurable. I do not like the idea of MicroSoft, the NSA, the FBI, or the GSA having easy access to my computer. I do not like a system that when it's cracked will give the cracker access to my and every other computer using that software. If they are "doing this for our own good," why do they do it in a clandestine manner? And now they're caught. Did they think they wouldn't be? Maybe it is a perfectly innocent thing. It has not been that unusual for a programmer to leave a back door into the program. Maybe we're making a mountain out of a fire ant hill. The problem is not technical. They have abused our trust. I'm getting tired of that.
- Don Wiseman (firstname.lastname@example.org)
I just completed reading your articles on "No security?" and the one on MTV promoting/glamorizing their so called "hacked site". I sat the whole time nodding my head in complete agreeance with you. I am what you would call a "newbie" who was hacked thru an ICQ account. Determined to make myself aware of the risk of the net I browsed and found your site. And started reading about just how vulnerable I am on the net and have learned a few of the things that I should have been doing to protect myself. As you stated in the article "reading the risk" and then making a determination on if it's reallly worth it.
I just wanted to thank you for your site and recommend it to all my friends who are starting to get computers. No one had told me what to be aware of and I've learned the hard way. As bad as I want to go to a chatroom again, or even to chat with my friends on ICQ I am still afraid of "the risk". Thanks to your site I am learning.
In my visits to the one and only chatsite that I would visit. I turned out to be a target victim of social engineering, just beeming in neon lights. I just thought that I had met a nice person who was willing to help me with the problems I was having with my browser and other programs. Turns out I was just running right into his/her arms and opening my computer up for their free rain. What a lesson to learn.
Back to my point. Thank you so very much for the information you put out on the web.
With Sincere Gratitude
I'm glad you got something useful out of the site. We have a lot more content in the works dedicated to the average user that's simply looking to protect himself/herself while online (and yes, that's the first, and probably the last, time I've ever been politically correct in the mailbag).
Thanks for posting the letter. ;^)
Although your site looks great, it's kind of lost that John Vranesevich-Original AntiOnline "touch" that made it so friendly and popular. This is not to say you don't retain the high caliber information or the fantastic commentary wit that you've always provided us in the past and that we've come to expect from you, it's just that AntiOnline looks more like ISS's site or a CNN / USAToday Portal Site.
And on the subject of ISS, here is something your loyal AntiOnliners need to know before they spend some dough on Vulnerability Scanners. I use the NT version of ISS's Vulnerability Scanner, and like you reviewed, it works great finding security risks on NT systems. The scanner does its job and I have no problem with it. HOWEVER .... after 5 releases, ISS still has yet to correct problems with its report export feature. And this is what fellow AntiOnliners need to know about htis product. Seeing the vulnerabilities at the scanner console is good, but you have to be able to export "readable" reports to technicians and non-computer literate Upper management. ISS report HTML output is extremely poor - HTML pages are misaligned and not columnized correctly, data sometimes gets truncated, and graph/chart images have text so tiny you need a magnifying glass to read them. Word Document exports are still at Microsoft Word 2.0, have pagination that doesn't work, truncated paragraphs, incorrectly placed page ejects, etc. It all makes for a few unnecessary hours of "Post-Report Output" corrections using HTML editors and Word. However ISS Tech Support has told me every time we open up an issue with them on these problems, that the reporting feature is not a high priority with that software and to just "deal with the quirks". Huh??? The nice report generation feature IS the key feature ISS sells their product on. It all seems pety until you realize that you paid a good deal of money for a key feature of the scanner that isn't working properly and ISS won't bother fixing.
To people considering using ISS's Security Scanner, it's a great scanner. Buy it. Use it. Get your holes patched. Get secured and updated. But its report exporting feature needs big attention by ISS and it's nothing you can configure or fix. When you get ISS's scanner, also budget money for Crystal Reports as well - you'll need it to make the reports your management and technicians are going to require.
Thanks JP! Have a Great Week (say hi to your mom) and keep kicking the Hacktivists and Script Kiddies where it hurts! Now that Mitnick is getting out soon, does this FINALLY mean the end of those FREE KEVIN web defacements? And I wonder what their next "Cause" will be. You can't free Nelson Mandela because he's already free. And FREE WILLY was freed in the movies a couple times (and Bill Clinton has no problem Freeing his Willy anytime).
First off, brownie points to you for spelling my last name right. I still have troubles with it. Imagine my dismay in kindergarten when all of the other little boys and girls were learning how to write "Smith" or "Jones", and I had that to deal with. I used to get credit if I could spell half of it right. Oh well... As for ISS's scanner, personally, I've never had any problems with it. As for Kevin Mitnick. No, I'm sure we'll still have to listen to people bitching when he gets out. "Give Kevin A Job", "The Help Kevin Mitnick Buy A New Car Fund", and I'm sure "Kevin Mitnick's Parole Officer Is Evil" are just some of the things we'll have to be listening to. I'm still placing bets that ZDTV will hire him. Maybe we'll be seeing something like "The Kosher Hour With Kevin Mitnick" nightly at 8pm, where we can hear him bitch about other criminals that were sent to prison (actually punishing people for doing crimes, what is this country coming to?).