Hey JP,

Just wondering about before, you were saying that you hate the people who break into high profile sites just to show thier friends "how big my balls are". I guess hacks for like "Free Kevin" arent really important then? You get into that thinking because of gay little hacking group's like HFG who show how good they are by hacking sites and posting **** on them and how fast they did it.

Sure, there will always be little script kiddies running around. Also its funny because without hackers, I dont beleve half of your site would be here, sure you have other stuff here as well but we all know why people come here. All Im just saying is THINK about what you say because not all hackers out there hack to show off to thier friends, I think its a very small part of it really, its just that Sites like yours eat up the bad events like crazy.

Yes, I think it's stupid hacking sites for Kevin Mitnick too. The guy is a criminal that got what he deserved, time in jail. Boo-****ing-whoo for him. Keep reading, you're not the only one that has a twisted sense of morality.....

percy grannit Submitted The Following:

You have stated time and time again that you are against people who break into corporate webpages, and change the index.html file. Obviously there are a lot of groups out there who just do it for kicks, such as level seven and un1x b0wling team and do not leave any meaningful messages. On the other hand, you have groups who do put forth a valid political message -- the east timor and free kevin hacks for example. are you personally infavor of all people who hack websites, being investigated and possibly ending up in jail? would u like to see all the hackers who defaced an indonesian website, punished? what about a group that hacks a racist website?

Personally, if I got shot, I wouldn't care if the person shot me
because they wanted my wallet, because I was on their "turf" wearing the wrong colored
shirt, or because they felt I looked at them funny. The only thing I would care about
is that the person shot me. As for this "political statement" bull. I never bought that
either. The wonderful thing about the internet, is that EVERYBODY has the equal opportunity to voice their opinions. In a matter of minutes, you can get a free website on geocities, or register a domain name with internic, and post your opinions. If people care about what you have to say, they'll visit your site, and it will become more and more popular. Breaking into someone else's site is a direct assault to the ideals of freedom of speech, something that these "hacker types" always like to preach about. Maybe they should begin practicing what they preach. I wrote an editorial a while back which touches on all of these issues, The Revenge Of The Script Kiddies.


I think your site is great but what I don't get is that you act as if you never hacked a computer in your life. How did you learn? By just reading books!? Whenever anyone talks about hacking, you go into your little speech about "Is it right to make companies lose millions of dollars, blah blah". Your taking for granted that everyone deletes everything they see. Can you honestly tell me that you've never hacked a single computer before, when you were to younger, to learn and look around. No one reads an entire unix book, and then goes out and buys it.

Yes, I can honestly say that I've never "illegally" hacked into a site in my life. I've done a great deal of "wargaming" as it's called, I've read a whole lot, and while in highschool I had the rare opportunity to help over-see a network that had some 600 nodes. There's no reason, or excuse should I say, to feel that the only way to learn is through illegal channels, DESPITE what computer criminals would try to get you to believe. "Yes, I hacked in the past, but hire me, I'm legit now". Bullcrap. It would be a cold day in hell before I would ever let a "former" cracker to work on my company's network.

JP --

Contrary to what some of the "kiddies" think, I think that your site is terrific! I have read and reviewed many of the articles that have come out of your site -- very informative. Keep up the good work!

The tools are worthwhile for playing around with. Most of the "kiddies" wouldn't even know what a computer was if it weren't for us "old timers" (and yes, I'm over 18). The links are worthwhile too. So what if you read email all day long? Don't these people know that there's more to life than "Where's the w4r3z, d00d?" Besides, they kant (<-- on purpose) even spell!

There was an American Indian saying about "walking a thousand miles in another ones moccasins"; maybe they should try to understand that first before criticizing others.


I think that's the problem. Kiddies are far to eager to walk in someone else's moccasins, if it means they don't have to go through the trouble of learning how to make a pair of their own.

Hey JP,

About ask bub ... you need to add a little humor to bub ... he's a tad uptight ...

Bub is rather uptight until you provoke him. Swearing or using offensive language will get his feathers ruffled, then Look Out! While I'm on the subject of Bub. People in the security industry need to find themselves partners. You wouldn't believe the people, both men and women, trying to cyber-sex Bub. Bub is NOT a virtual cyber-sex bot. You should see how pissy people get when he doesn't play along with their sexual fantasies.

My employer is switching from a paper time card system to an electronic
system. Each employee will log on to the timekeeping system website at
the end of the day and fill out their timecard. Wheeeee!

They are using Fidelity Investments to handle the timekeeping services.

Fidelity also happens to manage the employees Health and retirement
benefits -- i.e. retirement savings and 401k plans.

To gain access to the timekeeping site we are supposed to use the *same*
userid and password we currently use for gaining access to our
individual retirement accounts.

When I heard this it caused a few alarm bells to ring...

Am I being paranoid ? Should I be mildly concerned that mixing two
vastly different types of access under one common userid and password
might be an invitation to trouble ?

(Transactions are 128 bit encripted and desktop systems are a "locked
down" NT environment... but it is possible to load executables without
the admin password -- Ive done it myself)

Any comments on this one? Im trying to be pro-active about computer
security, not "over the top".

Im wrestling with my perception that the risk of a compromised
timekeeping / retirement access password is low, but that the hassle in
reducing the threat of collateral damage is also low -- namely
implementing unique id's and passwords for each type of access --


Yes, the idea of using a "universal password" is a VERY bad one. I think that most in the security industry would agree with me. Tell your boss that Vranesevich says he's heading down a path to disaster (then e-mail me at the end of the week to let me know if you still have your job, heh).