Bravo Submitted The Following:



I Have e-mailed you several times in the past, but gotten no response wich isn't a huge suprise to me. To continue, you have mentioned that Kevin Mitnick and made such statements as, and I quote "I don't find any humor in people that feel that they can break laws and piss on their fellow man, and not expect to pay any consequences for their actions" and "I do find a great deal of humor in a "Jewish Man" that didn't have any problems going against his religion when he was a fugitive from justice, but who then decides to bitch when they run out of Kosher Pickles in his jail cell" This coments greatly disturb me, I think you have greatly missed the point of the Kevin Mitnick case.



No one has disputed the fact that he committed a crime, as a matter of fact he even pleaded guilty, so against you comments he is accepting responsiblity, What is being disputed is his basic constitutional rights. He was denied a trial or even a court hearing for that matter for over 4 years. This is such a grave violation of the constitutional admendments of the United States that im suprised that more people haven't raised there eye brow to this matter. It's a very scary situation when one can be denied all his constitutional rights by simply looking at code. This does affect you and me because it CAN be done to us, and this proves it. Second, it is law that Kevin Mitnick be supplied Kosher food due to religious beliefs, so his captures are as big or bigger criminals than him. I strongly urge you to honestly review the FACTS of the situation. You can acuse me of having inacurate facts but at least give your readers a chance to reivew the facts them self's at http://www.kevinmitnick.com. And you should real
ly be concered with the mitnick trial more so because of the grave charges and facts the attrition posted at http://www.attrition.org/negation/ which could have you end up along side kenvin in jail.



sincerly,

Bravo



As for Mitnick, I suggest you actually read both sides, instead of relying on propaganda fed to you by the Official Kevin Mitnick website. Truth be told, he waived his right to a speedy trial, and in several instances it was HIS attorneys asking for extensions. I'm not even going to get into all of that. Someone needs to write a book about the "aftermath" of the Mitnick trial I suppose.



As for the negation section of the Attrition website. Why does it not surprise me that some of the very same people that I've helped the FBI to investigate are making up lies to try and tarnish my credibility? The New York Times did a story last week quoting the FBI themselves about this matter. Personally, I liken the Attrition website to a group of crackheads holding up signs cursing the police for taking away their pipes.









Funny you mentioning BroncBuster. He went to a small
community college where the freshman *nix users
idolized him. He is bright (to an extent), but from
what I remember his political cries are a ploy to
cover up his 'showing off'. Wonder what he's doing
now?



-Lek



Birds of a feather flock together. He's currently an Attrition guru who spends many hours a day showing off his 2600 shell account. He's also working on a project (to what extent, I'm not sure), to create a new *nix based operating system called "Foonix". Personally, I think Foolnix would be more appropriate of a name for it, but hey.








Hello JP,



Just wanted to laugh at you in writing. One has to love your latest news spoof about attrition.org. Do I detect a little pent up hostility? I think I am going to just create a site, and all that site will do is spoof every news story and thing about your entire site. Just for laughs. Then I can read the mailbag and see your "500 unsuccessful hack attempts a day" crap. I'm sure that you have no real security skills and instead depend on your staff. I wonder if I should name the site AntiSpoof. I think I might try that, you know, with the domain name prices falling and all.



By the way, is that your grandpa or dad in the ask Bub pic?
I see that you are the founder of Antionline? Where was it before you found it? Would you try to sue me if I did an Antispoof site? How about a domain name of antonline or antyonline just to catch those mispellers out there? Write you later I have to go check on some domain names....



JT



Well, I hate to break this to you, but you're sure as hell not the first person that decided he was going to waste his time making spoofs of everything I say or do. ttp://www.AntiOffline.com/ is one of literally dozens of examples.








Chris Roseberry Submitted The Following:



Hi John!



Thanks for being honest with us "average Joe & Josephine" Internet users. Hey, isn't it about time that AntiOnline run some kind of a security contest itself? If you ever do, I think I have a really cool ("kewl" for you braindead script kiddies out there) prize suggestion. You know how that every lame hacker wannabee wants to meet Kevin Mitnick, the idol of their warped fantasies .... well, maybe you could do something along those lines with a more positive spin. If AntiOnline holds a contest - have the prize a night out on "the Burgh" with you, the winner, and Carolyn Meinel. A night out with two "real" legends.



Thanks John.



Call me strange, but I think that someone's planning a double homicide. On a serious note, AntiOnline currently co-sponsors several "challenges", such as the LinuxPPC Challenge, hack the computer, and you can keep it. Not as sexy as a night out with Meinel, I know, but hey, we do what we can.








Well I have to admit Im frustrated JP



In my mailbag letter to you regarding the electronic timecard system I
discussed the universal password, but never mentioned that the userid is
the employees social security number. This fact, in addition to the
universal password used and now the company's response to the situation
they have created, have smoke pouring out of my ears in frustration.



Your mailbag response indicates that you dont like the universal
password, and I suspect that had I added the part regarding the social
security number being used as the userid you would have been similarly
negatively impressed.



As a concerned individual I not only contacted you, but also Fidelity
Investments (the keeper of the password table), my employer (A mega
aerospace company in USA), and the social security administration.



Fidelity thanked me for my input and is now probably blowing it off.



My employer basically ignored my concerns, until I e-mailed the CEO (who
has a "please contact me regarding any concerns" policy). Our CEO
acknowledged the situation but offered no information regarding if or
when this situation would be rectified.



Actually responses within my company (Below the level of CEO) varied
from "you must be some kind of hacker" to "dont you TRUST us?" and "you
must be on drugs".



(I see why you added the part about telling you if I still had my job in
your mailbag response...)



The social security administration actually sent me a very thoughtful
response which sadly informed me that social security numbers were "fair
game" for non government workers / non students, and my employer could
do just about anything they wanted with it including selling the
information to another party.



At least the Social Security Administration acknowledged that there is a
legitimate concern in such free use of the SSN but also said that they
require more identification than a SSN to do business with them i.e. I
shouldnt worry about someone looting my SSA account with just my SSN.
(Hasnt congress done that already?)



I also got a kick out of seeing a link (on your site I believe) pointing
out that you can now purchase "identity theft" insurance through some
insurance carriers.



Another news link on your site claiming that a survey showed (did I get
it right? something like 60% of companies surveyed have had their
information systems compromised at least once, and most of these
intrusions were "inside jobs")



Well all in all I have to say that I have tried to do my best to inform
these numbskulls that by implementing these policies they are really
asking for it.....But there is little acknowledgement that a significant
problem exists, nor any "call to action" in reply. So I am not hopeful
that they will remedy the situation unless there is a disaster of some
type.



It is so incredibly frustrating that these parties can show such poor
judgement in information systems security. Furthermore it appears that
they basically answer to noone. (Well that isnt totally true, since I
suppose if [when?] something DID happen, and it righteously fouled
things up, there might be such an outcry that something would be done --
but this is no consolation at all since the whole point is to secure the
system in anticipation of a problem, not after the disaster happens.)



I think it shows complete arrogance on the part of Fidelity (and my own
company's computer folks as well) to treat information system security
in such a callous manner.



Yes JP Im still employed. (But now Im watching my back a little)



(And Ill continue to "bang the drum" for better IS Security in my
workplace)



Thanks JP! I really appreciate the work you put into antionline. Thanks
to your efforts I have learned enough to fend off the attacks on my LAN
here at home (so far), and keep informed of the latest exploits and
vulnerabilities to be wary of. I only wish I could be as successful at
work in implementing reasonable IS Security.



Sometime youll have to write about how to "be the bearer of bad news"
regarding a information system security concern and not end up in the
shredder for your efforts! So many people dont react rationally
regarding these kinds of things. Difficult to be vigilant and remain
employed.



Steve Lubman



Well, what to do? Why not suggest to your boss, that for added security, each of you wear ID tags while in the office. But, instead of putting your names on them, have your credit card numbers printed on them! Your desks should all have locked drawers on them, to keep important files in. Hey, why not make those so that your house keys open them. Less keys to carry around, right? Of course, your boss would have to have a copy incase you lost yours. You should all be using PGP for important internal memos, why not have your passphrases be your yearly salaries? Heck, think how much trouble it would save your employer, they'd have something akin to a key recovery system in place, with no added work! I think your company is onto something which will revolutionize the security industry forever. Pfft. However, your e-mail has inspired the following story, "I'm Sorry To Tell You, But..."








I understand that many articles you post have great importance to the
security community, like myself. What I dont understand is why many of
the articles you post in links require registration just to read them!?
Why? I just don't have time to register to every site that requires us
to just to read an article! Plus ontop of that I can't possibly remember
MORE passwords and usernames than I already have to! I do enjoy the fact
that the links open in another browser window so that I can continue to
browse AntiOnline but PLEASE do something about this. Whether it is
making a permission copy posted on your own site, or detailing the news
articles perhaps in brief, so that us who are not "users" of the
websites can get the news(atleast vague idea) of the article.



thanks for listening and your time.

Rev




Well, this may come as a shock to some of you, but not even I have the powers to direct the policy of websites like the New York Times. I suggest you just register for these sites, and get it over with. All of the sites that we link to that require registration (I think there's only two), are free to register with, and allow you to save your ID and password as cookies, so that you don't need to remember them, and in fact, don't even need to type them in each time. Ok, before I get yelled at. Yes, usually I think it a BAD idea to save registration information in cookie files. But hey, it's a NyTimes registration. Your life will not end if someone gets onto your computer and steals your NyTimes identity, I promise. Personally, I use a program called Gator, which allows you to store all of your IDs and Passwords in an encrypted file, and sits in your taskbar while you surf. When needed, the Gator pops up, and fills in all of the forms on a site. It's about as handy of a little tool as they come, and best of all, it's free.









The next two e-mails are posted to show the astounding intellect of some of the people that write to me on a daily basis:



I got ****ed up the ass by 2 hackers. They stole my lap top and left me for dead. But I got up and punted their asses cuz 1'm 31337!



novel00@hotmail.com








PATZ Submitted The Following:



Dear John,



I just thought that I would write and thank you good people
for all of the hard work every week. I really enjoy the site
and it has helped me a lot with a subject in which I am very interested but not yet well versed. I am, in the vernacular, a LEW-zer.



I mean, I am so LEW-zer that I still haven't been able to find the 'Any-Key.' (Is this an escape function or what?)



I am so LEW-zer that I couldn't detect a port scan if I were Sam Spade.



(I got a million of 'em.)



I am so LEW-zer that I think a Parody Bit is a comedy routine.



(You get what I'm tellin' ya.)



I am so LEW-zer that I think an IO Error means that I made a logical mistake about how much I need to pay on one of my bills.



I am so LEW-zer that I couldn't tell my vulnerable port from a whole in the ground.



.. Oh ... Sorry ... sorry ... I'll stop that now. Anyway, thanks a mil. And, keep up the good work.



PATZ