Dear John

Id just like to say the media including you are making such a big deal out of these DOS attacks. I find them very funny and me and my friends laughed alot about it. Now I know you must think im young and immature for finding humour in this well the fact is Im 20 and have a Good grasp on networking in general. We have seen the madness that these E-business have had on the stock market facts are they dont even deserve to be publically registered and there turn overs are not particually spectaular. I like to see goliaths in our society take a wooping now and then and I bet the guys who did the DOS attack sat back after wards and drank a cold beverage and smiled to them selves knowing they just ****ed over the best Uni`s crime enforcment and online sits the pitiful state of america has.

This attack was truly one against the US and If enough people could get toghether they could bring down your entire country.

And this is coming from a man that's probably sitting on a camel with a towel on his head. I guess it's true. If your nation doesn't have an infrastructure, there's nothing to take down.

I have one comment. There has been a lot of debates about the definition of the word hacker. Whenever I don't know the meaning of a word, or there is a dispute about the correct meaning of a word, the logical place to go is to a dictionary. This is not only what I do, but what everyone else does.

Here is Merriam Webster's definiton:

1 : one that hacks

2 : a person who is inexperienced or unskilled at a particular activity; a tennis hacker

3 : an expert at programming and solving problems with a computer

4 : a person who illegally gains access to and sometimes tampers with information in a computer system

Now, these morons will still dispute an undisputable fact like this, because one of their fellow idiots created "his" own definiton. Sorry fellas, but that's not how it works. Merriam Webster is the standard. If you say the press uses the word incorrectly, you are wrong, the media is right.

No, these "non malicious" people will probably just hack into the Webster Website and change the definition to read "one who does good".


This is the best adjective for your article "Newbie Hacker Trackers".

Your copy is a proof that media and government are completely blind in the
hackerdoom issue.

they are a blind man in a shooting match!

virtually yours,


Yeah, and something tells me that after my editorial, I'm bound to get hit with his stray bullets.

Hello jp,

First off, let me say that I have followed your site for quite some time now. I particularly took interest in the Attrition/Antionline "online scuffle" that took place during the past summer. I can imagine though, it was quite a headache for you. On one side you have an individual who is trying to play a positive role in computer security, and on the other side is a group of immature bullies. Every morning I would go to their site and read the daily anti-Antionline posts and then head to Antionline to hear your rebuttal. I have to admit, most (if not all) of their posts were pathetic attempts to discredit you and essentially equivalent to the childish taunt -- "jp is a poopy-head". And these are the groups that were supposed to take security advice from?

In my opinion hackers have been over-glorified by everyone. Why do young kids interested in computers inherently become interested in hacking? There are many more jobs for computer programmers and network engineers. Why not instead of trying to break or break into something, try to invent something? Sadly, companies do hire ex-hackers (or hackers who have claimed to give up hacking) but this practice should be stopped. What credibility does someone who used to break into computers (maybe even the company that hired him/her) have? In my opinion none. Just like the credibility of sites that claim to be pro-security but are the first to release step by step instructions to the next exploit, or even worse an executable claiming to be "for educational purposes only".

Of all the things that piss me off -- is Kevin Mitnick claiming he is the victim. He committed crimes by breaking into computer systems (he even admits to this) , he got caught, so why should he not be imprisoned? Criminals usually only commit crimes when they think the probability of them getting caught is nil. This is why hackers seem to have the run of the internet, there isn't a large enough force to catch them and prosecute them (and god forbid if necessary extradite them). Whose job is it, the FBI? The Secret Service? Do they have the trained personnel? Is the security of businesses even their responsibility? Should the business itself be in part responsible for it's own security. This leads me to the point of my letter (sorry it took so long):

Are there plans to add a section to your site that provides security tips aimed at the ECommerce developer? ECommerce is big on the net right now. Alot of the time, the big rush is to get on the net, and security is often an afterthought. I am a developer for a startup company that would like to join the ranks of commerce consultants. I spend about an hour or more a day researching various security aspects related to the platform and software I use (NT and SiteServer). Because of this I know most of the exploits for my target platform and tools and how to fix or program around them. But, I have found many sites that, in their haste to get the site up and running or lack of knowledge for the platform/tools they are using) fall prey to the exploits. They sit clueless waiting to be targets. When they get hit, everyone in the ECommerce field gets hit. People stop and question the security of all online commerce, because basically it's near impossible to tell how secure each site actually is to your average Joe Internet Shopper. A section aimed at commerce security, or even a "credible" agency that a business could hire to examine it's site and give it some sort of stamp of approval would be beneficial to the entire industry.

This is not really a "Mailbag" worthy letter, so please don't post it there. (Although I do take pleasure in reading the Mailbag)



I'm the final judge of what's mailbag worthy and what isn't, and this letter is definitely mailbag worthy. To answer your questions, we're currently working with a group to bring some interesting e-commerce stuff to the site. Just give me a couple of weeks

Definatly a great prespective on today's problems poured into one story. that **** made me laugh far too hard, any shrink would tell you that you need to blow off steam more so it doesn't erupt into one of your news articles. heh that was cool man keep it up


You think that one was bad. I've been blowing off steam into one long article for a week now. I just have to see if I'm going to get sued if I go live with it first. Heh.

From: deborah lacomb
Subject: Kevin Mitnick???

What in the name of all that is decent would motivate the Senate to
invite Kevin Mitnick to appear before the Senate to advise them on how
to protect their computer systems? This is a man who served five
years in prison for his last offense, ( he was not new to a prison
cell), and when he gets out he still claims he did nothing that bad.
This is man who hasn't been allowed near a computer for five years or
for the next three years. What? Technology hasn't changed in the last
five years?

I am the mother of five children and I try very hard to teach them right
from wrong. What kind of message does this send to the young people in
our country? If you're really good at breaking the law you'll become a
celebrity, a hero, and even be asked to advise the government on how to
protect themselves from people like you.

There are thousands of computer security experts all over the world and
you choose Kevin Mitnick - the hackers of the world applaud you.

respectfully yours,

a concerned parent

Hahahaha. My mommy cc'd this letter to me that she sent to Senator Lieberman. Cracks me up. She's as bad as I am. I know you told me not to put this in my mailbag, but I just had to mommy. Sorry!

Dear JP,

You must be insane! I was reading your article about how you had been hacked. 1 in 3.1 million is a great record, so why don't you go into business by securing other websites. You could make some serious money I bet for a little while anyway. It may seem greedy but that's the essence of free trade. I guess you would just be happier reporting and stopping hackers than protecting other sites for profit.


Nope, I am just going to continue informing the masses like I always have. It's what I enjoy doing the most ;-) There are enough companies out there already willing to offer services and products that no one knew they needed.

Perhaps I'm just missing it John but as a matter of full disclosure shouldn't you let us know which 3rd party CGI Script is vulnerable??? I mean I very well may unknowingly have a defective CGI script on my corporate web server. Were you able to record any of the exploite code??? WIll you be investigating this as a possible CERT advisory? Was this exploite already known? I only read your one article "AntiOnline's AntiCode Defaced" and it left me with more quesitons than answers. Could you provide some guidance or are you at a loss? You didnt' mention if you had contacted the third party to provide them with an opportunity to fix the exploite. I really like your work and contribution to the security industry but afraid ya have me confused on this one.

Greggory Peck

Yes, well, unlike some "security companies" that like to inform thousands of hackers about new vulnerabilities right away, we at AntiOnline would much sooner wait until we can inform thousands of system admins about a patch first. We have notified the vendor, and expect a patch this week. Stay tuned.

JP - thought you might like to see a copy of comments I sent earlier to
Ernst & Young concerning their website's treatment of AntiOnline's hack.
Keep up the good work, dude.


-----Original Message-----

From: David M Hines


Subject: Comments

I've had my doubts about E&Y's apparent "set a thief to catch a thief"
approach to network security. However, my doubts have been put to rest with
the "news" on your website practically crowing over the hack of AntiOnline.
That a firm with the reputation of E&Y would be a party to such garbage
pretty much confirms my suspicions that you folks are the LAST ones I'd
trust to help me secure a network or anything else. It's truly sad to see
how far you've fallen.

David M Hines

Well, E&Y has Ken Williams now. What do you expect?

Do you mind telling everyone, including me, why these hackers aimed so many
attacks of your site? What kind of business is

Comment appreciated.


Well, it depends who you ask. If you ask hackers, we're a malicious empire that pays people to illegally break into websites so that we have stories to write. In our spare time, we ruin the lives of 37 year old college students. If ask me, we're an organization devoted to putting an end to malicious hackers and educating users about security related issues. We do consulting for the FBI and are on several DOD Research Contracts at the moment. Wonder which of us is telling you the truth?

To whom it may concern,

Please comment on the following:

1)To protect system software from piracy.

2)To reduce the possibility of computer program files being subjected to outside hacking.

In order to realize the above goals I propose to link the system software(Windows or other)to the monochromator capable of very high resolution and providing thousands of distinct "streams"of energy of differing wavelenght.

In the visible light,ultra-violet light and infra-red light bands of electromagnetic radiation there is a very high number of possible frequencies usable.

A good monochromator(difraction grating)has capability of resolution of 0.01 nanametres.
If we make initiating signal for installed software identical with one of these wavelenghts frequencies,there will be no possibility to copy this software to other computer without also exporting matching monochromator(sold with the software),which would of course disable original software(remember that software and monochromator are linked).
If there is any program in the software to be altered it must be done by utilizing the proper wave lenght of monochromator and should be able to be done only by manual control of monochromator by the user.

The same applies when adding or downloading any new program.

In short, any programming needs to be routed through the monochromator.

To realize the second goal: I understand that price for this monochromator specific software may be more than average,individual home user want to spend on software.

For that reason regular version of the software should be still available.

However,for the fast,powerful computers (such, as are misused by hackers for "smurfing" or other illegal or annoying activities)it may be right solution as any signal from the Internet should be also routed through the monochromator.The regular browsing or owner directed activities(within intended program) from outside would be unaffected by monochromator,but unknown(cookies)or unwanted(java applets or viruses,etc.)would be automatically screened and not allowed into any program unless manually "specified"by owner of computer through the monochromator.

I admit,that technical knowhow of making distinction between wanted and unwanted entry and the practical symbiosis of the software and the monochromator is beyond my knowledge and education.

What in the HELL is this guy talking about?