I like your mailbag. I find it amazing how you can keep a cool head even in
the face of such bad insults and critics from those hotheads. You have a quite
objective point of view, I like that. Keep up the good work.



Zair the Wise



I must admit that this is probably the first time that I've ever been called "objective" in my life =)







Well I have to admit your slipping. I kind of wonder about your intelligence sometimes. Why would you tell people who your favorite candidate is? Why bring politics into this arena? I think I found someone who actually thinks that Gore invented the internet! By the way it would be wise to keep your political opinion to yourself, rather than broadcasting it in the mail bag. Your going to lose a lot of voters that way, not to mention people who think your smart.



P.S. Just so you would know, Gore is a pompous idiot who doesn't have a clue on how to run a big business like America. Well then, I just did it myself then didn't I? So there Nyaah, Nyaah!!



Thank you,

Guy Luetgert



Personally, I think it's funny to hear a Bush supporter calling any of the other candidates idiots. Gore has **** things that are more intelligent than George W. Bush.







My father's machine was recently hacked into and destroyed, I believe, through MSN chat.
Do you happen to know how this happened, or what can be done to prevent it happening again.
His machine has been destroyed.



The first time they just popped up messages on his computer screen and rebooted his computer without permission.



The second time a box came up with something about obtaining pictures and then the machine shut down and was destroyed and the person sending it and destroying the machine even let my father know that was exactly what they were doing. Some message like "Your machine will be inoperable and have fun fixing it" came up on his screen.



I believe this was someone from MSN chat, as it happened both times while he was using the program.



I am a pretty savy computer person, and don't know how they are obtaining an IP address in chat, or if there is some other means by which they are getting into his machine over the dial up connection to the internet.



I am just trying to find out information so that once the machine is fixed, we can prevent it from happening or do something to deter it from happening. He has a virus protection, rather had, and was constantly updating the software as required. I think some physical being did this, not the virus.



Not sure.



My dad is 72 years old and I need to try to help him resolve this. I have sent a message to MSN.com and hopefully will get advice as well.



Thanks for any feedback,

Sheryle



Your father has a Trojan. Visit our fight-back section for more info about how to protect yourself from such things!







time for a random poll. you figure, the majority of visitors to antionline and anticode are guys, right. (yeah, no question mark) so, why is the "ask bub" a middle-aged, graying haired (soon to be blue) dude?? i realize the seriousness and integrity of the sites' value should not be compromised and the possibility of this happening may increase with an "ask bubette" instead. but hey, i navigate throughout this site regularly and i'm gettin kinda freaked having some old clean cut dude in a suit shadowing my every move, if you know what i mean. so, my question to the site and its minions is this, would there be any chance of buying rights out from a patricia arquette or a michelle pheifer and stickin her in there somewhere? sorry folks, this ain't a porn site nor would i want the distraction, but hey .. i'd pay to have one of these ladies hang on my tail while i'm in town...



peace

W Taylor



Poor Bub, always being picked on! First of all, if I had an Arquette or a Pheifer as the question answerer, I'd have to get an animated gif of some blond bobbing her head from side to side saying "Uhm, like, I dunno!". Secondly, AskBub was created in tribute to one of my early mentors, Bob (or as I called him, Bub) Davis. Thus the reason for having an old graying haired man.







Is there any way that I can monitor a particular web page to see exactly who
is visiting the page? I have a members section on our website and I want to
ensure that the password is not being freely passed around. Unfortunately we
are a small business and our method of authentication is very embarrassing
one login and password for all members. Any recommendations will certainly
be appreciated!



Kevin Morris



Just because your a small business doesn't mean that you have to have piss-poor security. I suggest you read up a little bit about access-lists that you can create if you install the free Apache Webserver software.







Dear John,



What is the professional name for someone who designs security systems
and then tests them out for companys



thanx

josh



The wonderful thing about the security industry is that you basically get to make up your own title. Come up with something creative and official sounding, like "Information Security Specialist" or how about "Computer Security Engineer" or maybe even "Divine God of Data Integrity". If you really want to be uberleet, you can use titles like Marc Maiffret does from the Eeye Company and call yourself "Chief Hacking Officer". Fjear!







"The FBI does not have the right to read someone's e-mail without a subpeona, just like they don't have the right to tap your phone lines without a subpoena. Just because an agency, like the FBI, has the ABILITY to do something, doesn't mean that they will DO IT unless it is done legally, with subpoena, as part of an active investigation. Carnivore is a tool that the FBI has to use when it's appropriate, just like the guns that they carry are tools to be used when appropriate, so on and so forth...."



that was a direct quote from the october 16 mail bag basically, what you said, is pure bull **** the fbi does what they want, when they want mumia abu jamal's phone had been taped since about the age of 15, he's now in jail for a murder he didnt commit. there was no subpoena involved. i could give you more examples, but quite frankly, i dont like you, so im not going to put any effort into this letter



open your eyes to the farce that governments are you have power, use it



-LoCo



Why doesn't it surprise me that someone mailed in the name of some middle-easterner as an example of someone that the FBI has been "taking advantage of".







Hi JP,



long time reader...first time writer to the mailbag.



I have a question which relates to a security measure being implemented
in my workplace. It has been decided that use of BIOS passwords will
be mandatory. I am a network security buff but hardly an expert and the
discussion began as to how secure this is. The question, basically, is
whether a machine with a bios password could be compromised in under 5
minutes without leaving a footprint and starting with the machine off.



I realize that using a number of easily available utilities (CMOSPWD for
example) and with access to the machine while booted the password could
be obtained in seconds. I also know that by opening the machine the
hard drive could be removed, copied and replace or that a reset could be
done with jumpers or removal of the internal battery. I suppose that
some sort of keystroke logger might also do the trick...but ultimately
these measures fall outside of the scenario at hand.



I experimented with a floppy with a bios flash update to know avail.
I'm thinking that a brute force attack would take too long. Finally, i
thought to ask an expert.



I am thrilled that our organization would take measures to further
secure their sensitive data and any step is a step in the right
direction but I do not wish them to be lulled into a false sense of
security and if there is a vulnerability, i think they should be aware.



Any thoughts you have on this would be much appreciated.



best regards,

pat



Pat, I'm confused. You listed about 5 different ways that the bios password could be bypassed in under 5 minutes, yet you state that each of those methods is "outside of the scenario at hand". I think that any way that exists to bypass a security measure should definitely be considered as "part of the scenario at hand". A bios password is a trivial form of security that every teenage techie knows how to bypass, period. If I were your company, I would consider using one of the inexpensive smart-card based security measures currently available on the market.







I'm a student with a simple question. I'll try to make it short so that you can use your time for other things.



Was it worth it, to leave the university of Pittsburgh?



Do you have any regrets?



That's it.

Thanks.

NeuroChronic UH



Some people need college, and others don't. That's a personal decision that you'll have to decide on. What I think you need to ask yourself, is that if you leave college now, do you have any marketable skills that will enable you to make a living, and do you have enough faith in yourself to develop those skills even further on your own? Now I'm starting to sound like a damn Guidance Counselor. Scary....







John,



I am writing in regards to your response to a letter from Dan Renner of R&B Computerhelp Inc.



He commented about your views on the words "hacker" and "cracker".

Now despite the fact of there actually being a difference in the two words you replied...



"Well, as far as I'm concerned, and as far as the laws are currently concerned, it's illegal to break into a server that's not your's regardless of motivation. Period."



Now even though you are 100% correct.



I find this amusing in the fact that your entire business is based on the actions of "hackers" and "crackers", who, if did not exist, chances are, neither would Antionline.com.
Now i'm speaking on no ones behalf but my own, I am not a hacker/cracker, just an enthusiast much like the rest of us.



Remember "Give credit, when credit is due."



- Keep up the good work.



John T.



Congratulations, you've just won the "That's the dumbest thing I've heard in weeks" award! I suppose that Janet Reno should take a day each year to thank all of the rapists, murderers, and terrorists in the country for enabling her to have such a great job?







J-dawg,



First off, general praise for a nice website that's developed well over the years. You've always made it educational and interesting to read. All right, I'm finally getting around to building a better system and, since I actually have some spare money for a change, I find myself needing to put some sincere thought into this. I've got a large interest in internet security, as I suppose is expected for people who read this list, and was generally wondering about the practicality of purchasing a hardware firewall. While I've got no particular brands in mind, this is going to be primarily for my personal educational use. Is this an overkill, or a worthwhile investment for a PC? I am very interested in pursuing my interest in security to a possible career and would like this computer to help me get familiar with the numerous aspects of computer security. Are there any other pieces of hardware that might be handy to have in that case, but I probably wouldn't think of right away?



Mad props,



Thomas Buchanan

Texas A&M University - Kingsville

The only computer-nerd in South Texas



Getting a hardware firewall for your PC definitely isn't overkill if you're getting it to learn from! We at AntiOnline have a Cisco Pix Firewall that we use for parts of our network, but they're not cheap. I suggest you get something like SonicWall.







Anyone:



I'm a third-year law student at Georgetown, and I'm trying to write
a paper on hacker websites and what hackers can (or believe they can) do with
the information on them. Where is the line drawn as to their legality,
constitutionality? What can be posted on the sites, what can be retrieved
from the sites, what's the point, etc.? I'm looking for any guidance.
Better yet, I really want to talk to a couple of actual hackers (novice,
expert, whatever) who would be willing to talk to me anonymously and candidly
without fearing incrimination or that I'm an agent or anything of that
nature. Anyway, like I said, any help/contacts would be helpful. I'm just a
student who doesn't know anything about any of this stuff.



Thanks.

Flastere



Well, for starters, you can visit AntiSearch and take a look at some of the hackgroup pages that we have listed. Then, you might want to jump on IRC.