gthorne
10-09-2003, 03:52 AM
-=-
I have been noticing some things over the years that I wanted to talk about- and this seems to fit more into the social engineering topic than any other... (reverse engineering people's minds in a sense for those of you who are new)
This section is for traps for hackers, police, or other entities such as newbies, usually designed by hacker's or police or other entities such as con artists.
Here are a few that provoke thought...
-=-
- First let me say that the people of 2600 magazine have come up with the greatest public con game I have seen in the hacking world... the 'oldest server on the net' contest.
Many of you may already have figured it out -- good for you! This topic was opened for the purpose of like minds to think as a group as well as information propogation, so enjoy.
If you have ever seen exploits on the net that you SO WANTED to try, but found out that they were plugged security holes before you got the chance... and lessee... the staff of 2600 have plenty of those as well as some they come up with themselves...
What an idea: lets see if we can come up with a contest where people all over the world will send us links to live servers that are old enough that our exploits will work on them! Pretty ingenious isn't it?
(no I am not bashing 2600, I admire their bold creativity, besides they did post my comments regarding the time cracking.net was under threat of legal attack for our reverse engineering stuff back in the late 1990's)
-=-
- Hacktivismo.com's 6-4 anonymizing proxy (anonymity in a crowd)
This is one that REALLY looks great and I am hoping it is not a sham - this one looks like a nice way to secure anonymity since so many people are to login using the service - which reminds me of triangleboy (last year's net tool) or the invisible irc project.
Why this one concerns me -- and I do want this to be a concern that has no merit...
first, one article I read about them described them as being high level hackers who have members who are were from the Cult of the Dead Cow and even a presidential security advisor <-- reason to be concerned if you ask me.
The information in the site tells you that to be a member you must already be known. Now, if anyone remembers MOD or LOD there tended to be a person in the group who was caught and forced to catch the others in return for being set free or given a job tracking hackers. (Some of this I know from personal experience since one of them actually tracked me down in the early 1990's and gave me a warning along those same lines being a reverser.) <-- the point here is that no matter how close a group is, you can never be completely safe if there are people you 'trust'.
Here is a quote from the application to become a 'trusted peer':
"...we will be in touch to make inquiries regarding the security of your host and your trust/reputation..."
you supply your email address as long as server and port data for your location in order to put a server toward the cause.
Basically, if you are known to the world as an underground God, then there are people who want to get you. What better way to get you than to make something interesting enough to you that you would not only identify yourself directly but would use that service in order to do the things that you do that make them want to get you in the first place?
--> in layman's terms: get the well known hackers to sign up with us and use our service to hack so we have full logs of the evidence against them when we take them to court.
Some people would argue that any hacker worth their salt would not need the service to maintain anonymity in their online actions.
It could be a great thing for real, but i guarantee you that there are always people in high places who will do things to make sure they have insiders to keep an eye on things. I hope it turns out to be a safety net -- not a dragnet.
-=-
- JAP - the Java Anonymizing Proxy
(mentioned on my website at gthorne.reteam.org in the proxy section)
This one is pretty straightforward - it was designed as a nice piece of proxy software for anonymous usage of the net. The problem is that the German court system instituted a judgement that JAP must give the German police a back door into the proxy, removing obviously the anonymity of it. There is also an unlisted site that, if you use JAP to view it, you are automatically reported to the police for your apparent misanthropic views. That site is unknown, but i have seen some recently that are clearly traps in and of themselves.
No I cannot post their names here, because they look so bad that it is going to get you or I or both in trouble if we just look at them. If it looks to bad t be true, it probably is. (sad but that is how things can be sometimes)
-=-
I would love to see your thoughts on the subjects above, or other ideas, or even interesting things you have wondered about over the years.
+gthorne
* Whether you are paranoid or not -- they may still be out to get you... *
-=-
I have been noticing some things over the years that I wanted to talk about- and this seems to fit more into the social engineering topic than any other... (reverse engineering people's minds in a sense for those of you who are new)
This section is for traps for hackers, police, or other entities such as newbies, usually designed by hacker's or police or other entities such as con artists.
Here are a few that provoke thought...
-=-
- First let me say that the people of 2600 magazine have come up with the greatest public con game I have seen in the hacking world... the 'oldest server on the net' contest.
Many of you may already have figured it out -- good for you! This topic was opened for the purpose of like minds to think as a group as well as information propogation, so enjoy.
If you have ever seen exploits on the net that you SO WANTED to try, but found out that they were plugged security holes before you got the chance... and lessee... the staff of 2600 have plenty of those as well as some they come up with themselves...
What an idea: lets see if we can come up with a contest where people all over the world will send us links to live servers that are old enough that our exploits will work on them! Pretty ingenious isn't it?
(no I am not bashing 2600, I admire their bold creativity, besides they did post my comments regarding the time cracking.net was under threat of legal attack for our reverse engineering stuff back in the late 1990's)
-=-
- Hacktivismo.com's 6-4 anonymizing proxy (anonymity in a crowd)
This is one that REALLY looks great and I am hoping it is not a sham - this one looks like a nice way to secure anonymity since so many people are to login using the service - which reminds me of triangleboy (last year's net tool) or the invisible irc project.
Why this one concerns me -- and I do want this to be a concern that has no merit...
first, one article I read about them described them as being high level hackers who have members who are were from the Cult of the Dead Cow and even a presidential security advisor <-- reason to be concerned if you ask me.
The information in the site tells you that to be a member you must already be known. Now, if anyone remembers MOD or LOD there tended to be a person in the group who was caught and forced to catch the others in return for being set free or given a job tracking hackers. (Some of this I know from personal experience since one of them actually tracked me down in the early 1990's and gave me a warning along those same lines being a reverser.) <-- the point here is that no matter how close a group is, you can never be completely safe if there are people you 'trust'.
Here is a quote from the application to become a 'trusted peer':
"...we will be in touch to make inquiries regarding the security of your host and your trust/reputation..."
you supply your email address as long as server and port data for your location in order to put a server toward the cause.
Basically, if you are known to the world as an underground God, then there are people who want to get you. What better way to get you than to make something interesting enough to you that you would not only identify yourself directly but would use that service in order to do the things that you do that make them want to get you in the first place?
--> in layman's terms: get the well known hackers to sign up with us and use our service to hack so we have full logs of the evidence against them when we take them to court.
Some people would argue that any hacker worth their salt would not need the service to maintain anonymity in their online actions.
It could be a great thing for real, but i guarantee you that there are always people in high places who will do things to make sure they have insiders to keep an eye on things. I hope it turns out to be a safety net -- not a dragnet.
-=-
- JAP - the Java Anonymizing Proxy
(mentioned on my website at gthorne.reteam.org in the proxy section)
This one is pretty straightforward - it was designed as a nice piece of proxy software for anonymous usage of the net. The problem is that the German court system instituted a judgement that JAP must give the German police a back door into the proxy, removing obviously the anonymity of it. There is also an unlisted site that, if you use JAP to view it, you are automatically reported to the police for your apparent misanthropic views. That site is unknown, but i have seen some recently that are clearly traps in and of themselves.
No I cannot post their names here, because they look so bad that it is going to get you or I or both in trouble if we just look at them. If it looks to bad t be true, it probably is. (sad but that is how things can be sometimes)
-=-
I would love to see your thoughts on the subjects above, or other ideas, or even interesting things you have wondered about over the years.
+gthorne
* Whether you are paranoid or not -- they may still be out to get you... *
-=-