July 24th, 2001, 09:37 PM
Joe Momma Submitted The Following:
I've got $20 that says Mitnick is back in the slammer before the end of the year. Someone apparently forgot to ask him - in the immortal words of Arlo Guthrie - "Kid, have you rehabilitated yourself?"
As for the Internet Cafe owner, my advice - to ANYONE who provides "public" 'net access - would be to run a keystroke-capturing utility of some sort. There's software - specific names and/or brands escape me at the moment - that will record any and all activity that takes place on the computer and write it to a logfile. This will provide a record which can be used to find out who the culprit is in the event something nasty happens.
BlackICE and the like will protect from external attackers, but like most other "firewall" software, it assumes the local user is NOT a threat. BlackICE won't keep you from pulling down a file from a remote site and then e-mailing it to anyone you like. A good keystroke-recorder, however, will allow a positive determination of "whodunit" when something like this happens. Assuming you require positive ID from your users, you've got them cold.
Another good idea would be requiring a credit card or cash deposit from users of these services. If you write monetary penalties for illegal activities into your user agreement, you can easily direct the cost of dealing with this sort of thing right back to the cause - the user.
"Mabs" should have thought of these things long ago - as you said, ". . . BEFORE you decided to open up an Internet Cafe." Failure to lock down public-access systems *could* be treated as contributory negligence by a court of law. A word to the wise, eh?
Maybe we'll see a "reckless endangerment" law as they relate to ISPs and other service providers that don't even make a "reasonable attempt" at securing their systems. It would solve a lot of problems if there weren't a million and one podunk ISPs that hackers could jump from. KeyLoggers, as with any software security related, can be downloaded from our AntiCode File Archives.
Subject: YOUR SITE
X-Mailer: Windows AOL sub 44
DO U SELL POKEMON CARDS
No, but you're the 5th person to e-mail me asking that this week. Maybe I'll start
Date: Tue, 25 Jan 2000 19:29:43 PDT
From: "Freaky" firstname.lastname@example.org
not like what you say anymore meens anything, but id like to say **** you about the mitnick article.
hope to see you @ defcon.
This is exactly the type of person that I was talking about in that article ;-) And, cool, DefCon threats already. They're coming early this year....
John Preston Submitted The Following:
I'm a high school teacher at Lauren Hill Academy, in Montreal, Canada.
Recently, a student attending the school has made a web page with unappropriate comments about teachers and posting their phone numbers and addresses on the site.
What he did was create www.laurenhillacademy.com with a stolen credit card, and made an account with mydomain.com to redirect people to his hosting site (www.geocities.com/Heartland/Cabin/3940/). We have contacted mydomain.com and got them to shut down their first site (.com). However, they created a .org, .net .8m.com. How can I catch this student?
This is unacceptable behavior. I sent him an email, at his hotmail account, impersonating a student and he replied, i got his IP:
Date: Wed, 26 Jan 2000 12:50:07 GMT
But im pretty sure its a hacked account. What can I do to find this person?
Can you help us?
Since when did Teachers become police officers? To be frank, since he's doing this off of school grounds, and not during school hours, it's none of your business. So he created a site that says that your school sucks. Does it? As for the credit card theft and hacking, that will be up to the ISP that he used the stolen credit cards on to determine if they are going to turn that information over to the feds and assist in a prosecution. While I have always made a clear stand against malicious hackers, I have also made a clear stand against officious educators.
I'm interested if you can send me your deny list that
you use for apache. I currently use apache and would
like to set up a deny list against people who have
damaged the website.
I can not officially confirm nor deny the existence of a blackhole database compiled by AntiOnline LLP. at this time, heh
In response to your article about Kevin Mitnick and his release, I dont know wether to post an anti-2600 site, or an anit-antionline site. For a long time now, I have followed Kevin Mitnick, and figured that by supporting him I was supporting bringing down a govement that did not know what to do with someone, mediadcally put, as a "super hacker."
After reading our article I felt like ****! After all these years have been nothing more then a script kiddie. I always respected Emanuel, and 2600, but now I just feel like a pawn. Amazing article, it mad me really stop and think, and it dropped my self-esteem about six notches.
Glory Be! Yet another one converted and reborn again. Can I get an Amen?
Mindless Machine Submitted The Following:
I watched the Kevin Mitnick interview on 60 Minutes last week. You think Mitnick has learned a lesson? If anything, he seemed *proud* of what he had done. After three or four times in jail, one would *think* that he had learned something.