If you go to this page ( ALta-Vista search on "DISN equipment manager" )
http://tcoss.safb.af.mil/common/HTML/DSC_support.htm
there is a link for DISN Equipment manager that no longer exists.
The link originally would fetch a file called dem910.exe which sounds
very much like the self-extractor for the program MOD sent you.
****-up or completely benign program?



Trevor



Well, this would certainly put a damper on the MOD's claims wouldn't it? To give them
some credit though, the package that they had did come off of a server, and was running. I can tell this because it
did contain extensive log files and other info (such as mac addresses etc.) in databases. But non the less, I bet
the "going rates" they've been offered for this software have just gone down a bit, huh? =)






hey jp.,

i have been reading youre website for a long time. I hear you
talk of educating the public. Who are you educating? hackers?
think of it this way, if sites like youres did not release all those
exploits how many sites do you think would be hacked right now? some might
argue with me on that , saying that people would be offguard to attachs.
but, if you are really only here to "inform" people then why dont youre
just release patches? or , even just release source code that is
incomplete?



i think this would GREATLY reduce the amount of hacker attachs (and money
that businesses have to spend stopping them) , and also put an end to many
"genious" teenager hacking carreers, such as the oh so great analyzer that
you have glorified so.



do you think that analzer actually had anymore skills than any of us?
i mean all he did was run exploits that he found on sites such as yours.
i know you wont post this because you dont want people to know the truth.
you only want people to hear stuff that makes *YOU* look good.



-coder



Isn't reverse psychology great? Well, just as you probably suspected when you
wrote me, this letter did make it to the MailBag. As for your claims of AntiOnline and sites like it
doing more harm than good, check out the next letter.








Can people really be this naive?



I can't believe some of the comments that people made during this weeks
(Apr 20,98) installation of the Mailbag. How can people possibly think that
by providing information to the masses that it will inspire kids/people to
hack. The REAL problem that they seem to be overlooking is that hacking is
a two-way street, there is the hacker who uses known exploits (prob. 95% of
em) and there is the System Administrator who is responsible for patching
these holes. If the system is left open it deserves to be hacked PERIOD.
People need to be educated, specifically the so called "sys-admins" who are
responsible for the world's systems. I have met so many "sys-admins" who
seem to think they understand everything about the systems they are in
control of, but ALL of them are a lacking a _basic_ set of security
principles. I am a system administrator for a medium-sized corporation, and
let me tell all of you that I am ALWAYS monitoring security bulletins and
updating all of our servers, and I will never claim that our systems are
completely secure, no one should ... ever. If all of you think that the
Internet would be so much better if these hackers were removed, who will
secure our sites? Microsoft? Sun? CERT? What happens when a exploit is made
public, the software giants put their programmers into 24hr mode until they
come up with a "fix" for it, what if no exploits were made public at all,
would they magically get fixed or would our most sensitive information be
used against us _without_ our knowledge. I am just rambling now, but try to
understand from the other standpoint, if the U.S. government (or any other)
has unsecured sites on the global Internet they should either secure them
or take them off, period.



-Tim McManus




Boy, I'm glad someone out there sees it my way =)






Hi there, Nice site.

Are you going to attend Defcon?

I'll be there with the rest of the UK crowd, so hopefully meet up.

Rgds



-Jonathan



I don't know. It's been going around the grape vine that I will be making a trip out to vegas. We'll
have to wait and see ;-)






Congratulations,



Being rather new to the internet I was lucky to chance upon your site.
Presenting hackers' tricks and philosophy to the mainstream is an important job and deserves
the quality you at AntiOnline are showing. Reading through your latest mailbag I noticed that several of
the MOD critics manifested themselves in nationalistic terms. I would like to point that several of them come
from Europe; there are (acording to you) even two russians. Also, this is a writen medium so it would help
everybody if they paid more atention to their English classes (I assume most are in high school).
It was a pleasure to make contact and I hope that AntiOnline will stay online for a long time.



-fabio_pnz



Ok, I got the hint. I'm going to go buy myself a dictionary or one of those fancy spell
checker things. Spellin haz NEVER bin my best attribuite!






JP,

>From your Global History page:

http://www.antionline.com/quicktips/Tip1.html

I don't know if anyone has documented all of Nutscrape's 'about:' URLs, but

here are some others that work:

aboutlugins

about:hagan (ex-Nutscrape coder, should be others)

about:mozilla

about:cache

about:document

about:license

about:globalhistory

about:logo

about:qtlogo

about:coslogo (Communicator?)

about:visilogo (Communicator?)

about:tdlogo (Communicator?)

aboutdilogo (Communicator?)

about:mclogo (Communicator?)

about:ncclogo (Communicator?)

about:insologo (Communicator?)

about:symlogo (Communicator?)

about:mmlogo (Communicator?)

about:javalogo

about:rsalogo



-Lino Geo Lino Bailey



Wow! This is enough to keep me busy for hours =) Seriously thought, thanks for the tip.
It's scarry all the hidden "features" that programmers put in their applications, huh?






JP,



I was reading your Quick Tip concerning cookies:

http://www.antionline.com/quicktips/Tip3.html

and I thought I could add to it. In the cookie war, I have a quick tool that I
use to view what info is being stored. I believe that my method is the
shortest one.



I made a bookmark

Name: Lino's Show Cookie

URL: JavaScript:alert(unescape(document.cookie))



which, in Nutscrape anyway, pops a window and shows the cookie info for
whatever cookie-offering site is in your browser's window. To test it, go to
your favorite cookie spamming site, accept its cookie(s), and then select the
bookmark. If there are no cookies then you will see a blank window.



-Lino Geo Lino Bailey



Hey, this is a great tip! That's two great ones from Lino Geo Lino Bailey
this week! You get the unofficial "Official MailBag Contributor Of The Week Award"!






Your "Military Official" who commented on the recent intusions by MOD is far from an "official".
This person is clearly a "worker bee", probably in the grade of E5 or E6, which is a sergeant or
staff sergeant. I base this on the fact thay I was one of those workers bees myself.
That is like calling a landscaper, secretary, or programmer at Microsoft "Microsoft Officials". Not fair.



-skrud0zR



Point well taken.






John,



I'd like to thank you for providing an excellent source of up-to-date information about current computer security incidents. I've noticed you seem to be a day ahead of most
of the mainstream media - awesome work!



I'd also like to make a brief comment about this incident involving these MOD individuals;



I'm impressed. Not by the MOD's penetration of a computer system, not by their downloading of some publicly available maintennance software, but by the fact that they stated their intent was to commit espionage against the people of the United States of America.
In making that statement, these people have crossed a serious line. One so serious, they are unable to realize both the severity of the crime and the certainty of the punishment.
The MOD makes statements to the effect that they are untouchable, and have the Department of Defense at their mercy. Far from it. The MOD has already made the most
serious mistake possible; they have identified themselves as enemies of the citizens of this country, and the people who defend it. Further, they have made the most serious mistakes that can be made when conducting a criminal act;
more than one person is involved, and they're boasting about it. History has demonstrated that these three mistakes consistently lead criminals to capture.
The MOD is right... they are not our usual hacker kids. In their desperation to obtain the attention of the media, the people, and the government of the United States, they have crossed the line that divides honor from shame and have attempted to betray this nation. When they are caught, and
they surely will be, they will plead before the people not the "system", and the people will, as they always have with spies and traitors, turn a deaf ear.
Even as I right this, I'm sure that the wheels of justice
are turning. Slowly? True... but to grind MOD exceedingly fine.



As for you John...
KEEP UP THE GOOD WORK!



Sincerely,
Russ



With all the flack I've been getting lately, I thought I'd throw in just one more letter of good
praise. Just to be on the safe side =) Also, very interesting view on the whole MOD "mess"? I think this story has
gotten to the point that it can be called a "mess".








I got sooo many interesting emails this week. I'm sorry if I didn't have the opportunity to publish
yours. But keep sending me your comments, suggestions, questions, and answers, and maybe
it will find its way here =)