RE: Hi, Xeno. Why do you keep 10 year IRC logs? ;) -nt- |
||
  Gamma Ker Revelation On 2008-01-20 22:24:20, Xenographic wrote >You make it sound like not much has changed since I left, even though I hardly recognize all the names now and I once knew nearly everyone active... :] > >Maybe I should reappear someday... > >Oh, right, being the 0mega guy, people might not believe it's me. I mean, if there were a worthy successor to me, they might very well do something pretending to me or something. > >Hmmm, something only I would know after all this time? Hmm, here's an ancient logfile. It also appears to be relevant to this discussion. 7 years ago? Has it been that long? Wow... > >----- > ><pengo> ah, ive done this sort of stuff heaps of times before man ><pengo> its nothing to worry about ><Kaladis> you've done these kinds of things before an auditorium of persons, too? ><pengo> yeah man ><Kaladis> Oh, that's new to me. About privacy issues? ><pengo> nah ><pengo> not about this ><pengo> thats why ill have to read up on some recent journals ><Kaladis> about what if I may ask? ><pengo> but that article u posted in z8 was good ><pengo> ill see if i can read that ><pengo> about the privacy / business stuff ><Kaladis> thx ><Kaladis> just to be sure. our main point of view is that governments need to be able to intervent in the internet as in they have the means of removing certain illegal sites etc by means of legality, BUT that they should not be allowed to undertake uncontrolled and unlimited spying. right? ><pengo> no no ><Kaladis> how would you define that then? ><pengo> i think... ><pengo> i think national governments shouldnt have jurisdiction or power over the net, because the net isn't a national thing ><pengo> its an international thing, and its stupid for national governments to try and control it ><Kaladis> that's true ><Kaladis> But there needs to be some control ><Kaladis> an international comitee would be needed ><pengo> i also think that the net is a good example of anarchy working - and that it functions best without government control or big business controlling it ><pengo> i think the net can regulate / control itself ><Kaladis> and laws need to be internationalised. Well, but what I said should be still our thing. I mean, lets take CAPF as example. The government takes down sites they report. There's no other way. The government just should not be allowed to penetrate privacy ><pengo> national governments controlling just doesnt work, imho ><Kaladis> the net cannot regulate and control itself according to your definition because the net in itself is not a legal authority. Only legal authorities are allowed to control and from that point of view there must be a certain degree of control from a governmantle point of view - just not too much ><pengo> its stupid when you hear of some country trying to block something on the net ><pengo> yeah, we have had some luck in controlling the net ><Kaladis> unfortunately you cannot remove and arrest child pornographers without the means of governmental help... so you cannot self-regulate the net ><pengo> well.. thats going beyond the net though... ><Kaladis> yeah, true. so? ><pengo> if they are child porn people in their own countries, thats illegal ><pengo> thats doing bad stuff in the real world :) ><Kaladis> and child porn sites? How will you want to remove them if not with help of the government?= ><Kaladis> and why did you agree to the fbi letter if you're not of the opinion that governmental help is needed? We asked for cooperation in that letter, ya know ><pengo> we can take down the sites... if the people who make the sites are in some country and breaking the laws of that country by having nude kiddy pics, then thats for their country to prosecute them ><Kaladis> yeah. sure. it's the national country law they violated by posting nude pics of kids on a server and thus they can be reported to the government and can be removed ><Kaladis> And so with malicious hackers that penetrated into a system ><pengo> but we are better at tracking and knocking out servers and stuff on the net than any government ><Kaladis> This is still a form of governmental control ><Kaladis> we can track and that's where we are good. And then we have to report to the government ><pengo> nah nah... ><pengo> only if its something really illegal in the real world, imho ><pengo> like they are taking pics of kiddies naked ><Kaladis> posting pics of kids is illegal ><Kaladis> hacking is illegal ><Kaladis> so why you say nah nah??? ><pengo> well, who is going to prosecute someone for hacking? ><pengo> say, you are in Turkey, and you hack a server in the UK through a proxy in Germany ><Kaladis> then the Turkey dude is to be judged upon ><pengo> well, you need some international system.... and the best way to regulate things its been shown is self-regulation, like how many professional groups regulate themselves, like accountants, lawyers, direct mailing in many countries is self regulated ><pengo> there is currently no international system that works ><Kaladis> in a practical and yet REALISTIC environment, how would your system looks like? ><pengo> basically, if an ISP does spamming, then other ISPs will delink from it and push it out of the internet ><pengo> this is what happens already ><pengo> what is stupid if someone in France for example, tries to sue this spammer who is in the US, using a UK mail server or something ><Kaladis> it's just too bad, but companies are cooperating and many ISPs will refuse to delink... ><pengo> well, if you end up in court and have companies sueing each other about spam or something, you end up with a court giving some insane court order because they dont understand the internet, and they allow all spam or something ><Kaladis> you see, your system won't work out. It needs a government or multi-governmental party to execute and a netizen party to legislate/track or whatnot ><pengo> why? ><pengo> yeah, you need someone who knows the internet ><Kaladis> because isps will refuse to delink from isps and no court order could handle that properly ><pengo> governments dont understand the net ><pengo> and they try to run it like it belongs to them ><Kaladis> along with other things like that the government will never allow what you're trying to achieve ><Kaladis> it's just unrealistic ><pengo> heh..// i dont care what they will allow. pracitally, they have no power over the internet ><pengo> did u follow what happened with the DeCSS case? ><Kaladis> I followed that partially ><pengo> it was the US Gov. trying to stop the DeCSS software from being on the net ><pengo> it completely failed ><pengo> its probably one of the most downlaoded bits of software on the net now ><pengo> also, things like Napster ><pengo> the US music companies have tried to ban napster... ><pengo> it doesnt work. just new variants like limewire pop up ><Kaladis> the gov wants to control the wrong things sometimes, yes ><Kaladis> But we're not focusing on that issue. Our focus is cybercrime ><Kaladis> cybercrime is a crime and it needs a government to judge ><pengo> national control of an international internet is: too slow (the net changes every day, but governments take years to come to decisions), too un-understanding (they dont understand the net), too restrictive (they can only make laws about their own country, and the net is global). thats why government regulation doesnt work. ><pengo> we are talking about different things man ><pengo> crime is crime ><pengo> i am just talking about regulation ><pengo> if someone commits a crime by using the net, then governments can sometimes prosecute them properly ><Kaladis> Nevertheless governments do the final judgments against the persons behind it ><pengo> yes ><Kaladis> An international consortium would be the only applicable solution I see ><pengo> defiantely ><pengo> an international group might work ><pengo> cyberarmy is an international consortium ><Kaladis> this consortium would have to consit of governmental representatives of each country as well as a company representative from every country and a user representative of every country ><pengo> that could work ><pengo> but im not sure if they could decide anything very easily with so many people ><Kaladis> they are debating about laws and such which always takes a long time, thats normal ><pengo> i think an internet based group instead of a government based group would work better ><Kaladis> lets get practical with that on three examples, malicious hacker, spammer and child porn ><Kaladis> no, that would not work. I'Ll tell you now why ><Kaladis> example 1 is the malicious hacker. According to the laws an intrusion was illegal and the hacker caused $$$ damage which is why he has to be proscecuted. ><pengo> how can someone cause much damage? ><pengo> its not real damage... its only electrons ><Kaladis> the consortium, or the courts of that, can then can judge and proscecute according to the approprirate laws ><Kaladis> it is damned much damage they can cause ><pengo> the net is only electrons... therefore, you cant cause any real damage on the internet ><Kaladis> You can cause millions of dollars in damage man ><pengo> give me an example ><Kaladis> a hacker invades amazon.com and steals customer information as well as setting amazon.com out of order for 2 days ><Kaladis> 2 days would mean several thousand dollars without revenue ><pengo> DOS attack? ><Kaladis> customer information is stolen and misued. millions of damage ><Kaladis> reputition of amazon damaged, again some millions ><pengo> that is amazon.com's fault, not the hackers fault, if they have vulnerable systems. ><Kaladis> ROFL ><Kaladis> Do you really think that? ><pengo> its like a bank leaving their customer information lying around, and then blaming someone for looking at the information ><pengo> they have a responsibility for security ><Kaladis> amazon was the victim ><pengo> they are negligent if they have been hacked ><Kaladis> and amazon and all other companies are security concerned these days. ><pengo> they have a duty to protect their user information ><Kaladis> that could have been that they neglected, but, they haven't done anything wrong. The hacker has done something wrong, he broke in ><pengo> i would be very angry with amazon.com if someone took their customer information, and my CC numbers... not the hacker ><pengo> its their duty to protect information about me ><Kaladis> so? It's the hackers fault, he's a criminal. Amazon would be suffering from that intrusion ><Kaladis> There are always holes in security and you cannot say someone neglected security if a hacker broke in ><pengo> no, i say its amazons fault ;) ><Kaladis> not even having spent a millions of dollars can ensure good security ><Kaladis> Your thought is simply not applicable ><Kaladis> It's the hackers fault, he is illegal ><Kaladis> you said that on your page, to ><pengo> maybe he got the information by mistake... ><Kaladis> we are against malicious hackers and those who abuse the free nature of the internet ><pengo> yes... ><pengo> we are ><Kaladis> lol, maybe maybe. Lets stay with the facts. he did a crime and he is guilty ><Kaladis> If you say something like that in front of that comitee they will laugh about us all thinking what weirdos we are ><pengo> but has the hacker done anything illegal? just by using the software amazon.com has provided on their website? or is amazon.com liable for misconfiguring their software so that anyone can see the customer info? ><Kaladis> hell man, the hacker broke in amazon.com, similar as if a thief breaks into your house ><Kaladis> You cannot be held responsible because you should have bought a door from company x rather than company y ><pengo> i would blame amazon.com .. but anyway... ><pengo> whats next? ><Kaladis> next is the fact that a hacker has to be proscecuted. anyways. the real next things is spamming example, but that's same as hackers ><Kaladis> the company did something illegal, judgment proscecution ><Kaladis> and so with child porn ><Kaladis> You cannot do without the government ><pengo> what has the hacker done wrong? ><pengo> what really has he done wrong? ><Kaladis> You can influence the laws by having a comitee of representatives like I mentioned above where everyones interest is heard ><Kaladis> government, users and companies ><Kaladis> The thing he has done wrong is that he broke in amazon.com, set them out of order for several days and stole customer information. That's more than enough to be guilty ><pengo> what has the hacker really done wrong? all he's done has been to use software on the amazon.com website, which gave him information about my details ><pengo> what does it mean to 'brake into amazon.com' ><Kaladis> sorry to say. but, are you blind or stupid? ><pengo> it means he used software on their site to get access ><Kaladis> He broke in ><pengo> amazon.com gave him access ><Kaladis> He did not use their software ><pengo> how? ><Kaladis> he broke in ><pengo> how? ><pengo> an exploit? ><Kaladis> A thief uses a set of lockpicking tools to find a weakness, a hacker uses software to find a weakness ><pengo> well, mostly he would use an exploit.... not software ><Kaladis> software, exploit whatever ><pengo> unix machines are configured to give varying amounts of access ><Kaladis> so is a door ><Kaladis> a door either lets you in or not ><pengo> if the software has been set to give this person access, then they cant blame him if he gets access ><Kaladis> but a hacker finds a weakness in the software to gain access ><Kaladis> similar as if a thief is able to lockpick a door ><pengo> not a weakness.. ><Kaladis> A WEAKNESS ><pengo> the software on a unix machine has to give you access ><Kaladis> it has not ><Kaladis> the hacker finds a hole in it, exploits it and intrudes amazon ><pengo> the most common cause is that software has been set to give permissions which let a guest have higher access levels than guest ><Kaladis> other than that crime he did several other crimes that make him guilty ><pengo> if they dont want guests to have that level of access, then they shouldnt set guests to have that level of access ><Kaladis> those guest do not have that level of access. guestuser is not root ><pengo> but some software lets guests run root commands ><Kaladis> a hacker exploits the system and gets root - he intrudes ><pengo> thats the most common level of access ><pengo> thats the most common exploit, i mean ><Kaladis> just because there is a flaw in the software like there are flaws in locks of doors ><Kaladis> Taking a completely other point of view ><pengo> if they have installed software which lets guests run root level commands, then thats their choice ><Kaladis> Lets say we'd got your theory in appliance worldwide ><Kaladis> lets assume amazon is guilty for beeing hacked ><Kaladis> then there would be companies selling top security products that are unhackable for several millions ><pengo> if I want to let guests run root commands, that is my choice ><Kaladis> No small company could afford that ><Kaladis> The whole economy will break apart ><Kaladis> Small companies will die ><pengo> im sure they have insurance ><Kaladis> Only the huge one will survive ><pengo> companies generally are liable to have a good level of security ><pengo> already ><Kaladis> so getting back to the facts. a hacker is guilty for hacking ><Kaladis> that's what we state on our webpage ><Kaladis> that is common sense ><Kaladis> that is reality ><Kaladis> your theory is not what we say on the webpage, is not common sense and everything else but reality ><pengo> anyway, another theory I have is that you can't actually cause any real damage on the internet. the net is only electrons traveling down wires. ><pengo> these claims that a 'hacker caused $5 million damage' are nonsense ><Kaladis> nah, its no harm to the company that they can't sell products for 5 days... not really, just a few million $ ><pengo> you cant damage electrons ><Kaladis> whos talking of electrons? We're talking of damage ><Kaladis> a company suffers huge damage from beeing hacked ><pengo> it's their fault for letting their computers go down for 5 days ><Kaladis> hell no ><Kaladis> it's the hacker who made that ><Kaladis> not the company ><pengo> or letting guest users have access to their machines ><Kaladis> they did not let guest users have access to their machines ><Kaladis> a hacker BROKE IN ><Kaladis> don't you understand that simple fact? ><Kaladis> He broke in ><pengo> then no one could have broken in unless the software somehow gave him access ><pengo> you cant break in without the system somewhere letting you have access ><Kaladis> aaaaaaaaaaaaaahhhhhhhhhhhhhhhhhhhhhhhhhhhh ><pengo> dont use the term 'break in' ><pengo> theres no such thing as 'breaking in' regarding computers ><pengo> its a matter of whether the system lets you in or not ><Kaladis> c'mon, forget about it. I'm out, if that's the philosophy of cyberarmy and if thats what I am supposed to be achieving via elaw and epolicy as well as propaganda then I'm out of the cyberarmy ><pengo> well... lets put it this way... ><pengo> 1/ would amazon.com be liable if they had all their customer's user info in an unprotected directory anyone could download? ><pengo> woudl you call someone a 'hacker' if they read that information? ><Kaladis> no, but thief ><pengo> if anyone could look at it? ><Kaladis> I'm not going into a supermarket and take away anything I like, too, ya know ><pengo> what am i stealing? electrons? ><Kaladis> you're stealing information ><pengo> but its still there! ><pengo> i havent taken anything! ><Kaladis> but you got that information, and you are not supposed to have that information because it is classified ><Kaladis> and you are not allowed to have these kinds of infomration ><pengo> but, it'd be amazon.com's fault if they had user info just available for anyone to see ? ><pengo> that is really negligent, right? ><Kaladis> of course that's a fault because they would have been obvious neglient. But that's an exception. The hacker would nevertheless be guilty ><Kaladis> And the normal thing is that a hacker actually hacks something, ie, he breaks in into something, and then amazon was not neglient ><Kaladis> and then the hacker holds all guilt on his behalf ><pengo> what if they had the info behind some really weak security? like username: amazon, password: amazon ><pengo> ? ><Kaladis> the hacker is guilty. Same as if I go to your bank account if I have your bank number ><Kaladis> You aren't responsible either if you choose 12345 as your bank account password ><pengo> what about really weak security? like they even told some people the password? ><Kaladis> as I said, that's an exception and amazon would be guilty for it but the hacker also! ><Kaladis> The normal case is that a hacker hacks into a system and is therefore the only guilty person ><pengo> well, what if they installed some software on their site which was well known to let anyone into their site? ><Kaladis> it was not known to them so they are not guilty ><pengo> if they installed sendmail version 2 on their website, which everyone knows can let any guest run root commands? ><pengo> if it was very well known... ><Kaladis> It yet wasn't known by them ><Kaladis> They did not do it on purpose ><pengo> well, thats their fault for not knowing, right? ><Kaladis> that didn't make them guilty ><Kaladis> you cannot charge anybody for not knowing things ><Kaladis> please try to be realistic ><pengo> its negligent though ><pengo> negligent with my information! ><pengo> they should have known! ><Kaladis> on one way, yes ><pengo> and now everyone has my CC number ><Kaladis> But it's yet the hackers fault ><Kaladis> and you cannot say that a 0-day exploit makes amazon neglient ><pengo> well, it doesnt matter who the hacker was though... someone would have done it if hacker #1 didnt do it ><Kaladis> so the other one would be guilty ><pengo> you cant do anything on a computer that you' ><Kaladis> lets say you open the door of your house and put a sign on it "thiefs in" ><pengo> that you're not allowed to do ><Kaladis> The thief enters robs you ><Kaladis> So the thief is innocent for having stolen???????????? ><pengo> you cant do anything on a computer that you're not allowed to do. any computer at some stage has to give you access ><Kaladis> man... be realistic ><pengo> i am ><Kaladis> you are not ><Kaladis> everything else but realistic ><pengo> yeah i am... i know amazom.com has a well known sendmail hole ><pengo> so i telnet to port 25, i say 'helo' and it says 'hi... have root' ><pengo> i assume amazon.com has given me root access ><Kaladis> you broke in, you're guilty ><pengo> it let me in ><Kaladis> it let you in because you pulled your thief tricks ><Kaladis> You lockpicked the door ><pengo> no, i just asked it to do something, and it let me get in ><Kaladis> you did not ask it ><Kaladis> You know that you have to do x and y ><pengo> lets talk about the mountd exploit ><Kaladis> and then the door unlocks because you exploited the door ><pengo> some older nix machines are configured to allow remote mounting ><pengo> so you can mount -nfs remote machine ><Kaladis> it's nonsense to talk about specific examples in that case man. We're with theory ><pengo> they are set to allow remote users have access ><pengo> if they are, i assume they dont mind me having access ><Kaladis> If someone breaks in something he's guilty ><pengo> im not breaking in, it just gave me access ><Kaladis> it gave you access to the system with that, right. But you are not allowed to be there, you are not allow to spy around ><Kaladis> It's like if someone opens his door at night ><pengo> all im saying is that its not something a government has to get involved in ><Kaladis> you are not allowed to go through that door and rob the house ><pengo> well, if it let me in then im allowed to be there. ><Kaladis> you can never say to the court "hey, he has his door opened, I thought he wanted to be robbed so I'm innocent" ><pengo> if it doesnt want to give me access to some files, then it should block those fiules out or restrict them ><Kaladis> cmon man, that's nonsense ><pengo> unix has the ability to block files from someone accessing them ><Kaladis> and you have the ability to close the door at night ><pengo> it should give me an 'access denied' error if it doesnt want me to have access ><Kaladis> it should be locked at night ><pengo> yeah, it should be... ><pengo> but it let me in ><Kaladis> because it was open? ><Kaladis> You're not allowed to be in there ><pengo> yeah ><Kaladis> you're not allowed to spy ><pengo> why> ><Kaladis> not allowed to steal ><pengo> ? ><pengo> it shouldnt let me in then ><Kaladis> you're seriously asking me that? ><pengo> if you dont want someone in your computer, then you can set passwords and set software not to allow guest access ><Kaladis> if you don't want anybody in your house you can lock your door at night ><pengo> if they set thigns so that guests can have access, then i assume they dont minding guests to have access ><pengo> precisely ><pengo> yes ><Kaladis> if you forgot to lock your door then a thief cannot assume that you do not mind to allow "access" ><pengo> but if you leave your door open to any guest at night, then i assume you are a whore :) ><Kaladis> the person is not allowed to enter your house. He would intrude your privacy. and if he steals stuff from there he's be guilty twice ><pengo> i am talking about an open door :) ><Kaladis> and so with computers ><Kaladis> so am i ><Kaladis> it's nonsense man ><pengo> well, if a computer allows guest access then you should be able to get any info you want there ><pengo> that is how the www. works. it assumes anyone can access any web page without having to prove why it is there ><pengo> i can go to any webpage and download it, and if people say 'that is private information!' i would just say that 'you shouldnt have put it on the web then!' ><Kaladis> who says that if you do lynx www.amazon.com you come to a page with all the ccs? ><Kaladis> amazon has got their ccs somewhere else and you cannot get access there by normal means ><pengo> why are you concerned with the difference between telnet and http ? ><Kaladis> huh? ><pengo> why is telnet access bad if guests can get access to info, but looking at any webpage is fine? ><Kaladis> telnet is for admins, there usually is no anonymous account ><pengo> it is bad if i am looking around in telnet, but looking at any webpage is ok ><Kaladis> on telnet you need to be authorised ><Kaladis> on web you don't need to be authorised ><pengo> sometimes you do have to be authorised on the web ><Kaladis> please man, some common sense would be nice ><pengo> sometimes you dont have to be authorised on telnet ><Kaladis> you always have to be authorised on telnet ><Kaladis> login: ><Kaladis> password: ><pengo> not always.... ><Kaladis> always ><pengo> it can be domain based or set to allow all, etc ><Kaladis> still you need username and password ><pengo> often not in single mode ><Kaladis> and if you are not supposed to have access there but yet enter username and password you're guilty ><pengo> depends on the boot mode ><pengo> guest : guest might be setup properly ><Kaladis> you're getting too sepecific there, you need to see that objectively ><Kaladis> you're still not supposed to have access there ><pengo> i dont mind if people access the wargames server as guest : guest ><pengo> i let them in ><Kaladis> because YOU allowed them to access ><Kaladis> if I put root password = nothing ><Kaladis> and you would login there ><Kaladis> YOU ARE GUILTY ><Kaladis> because ><Kaladis> YOU ARE NOT SUPPOSED TO BE THERE ><Kaladis> YOU BROKE IN ><Kaladis> YOU STOLE DATA ><Kaladis> understand? ><pengo> but you didnt set a password ><Kaladis> good, I'm getting sick of talking about that ><Kaladis> I'll post that on z8 and get some feedback ><Kaladis> cheers >* /part: insufficient parameters ><pengo> heh >Session Close: Sat May 19 04:51:58 2001 Replies:
|
||
| CyberArmy::Forum v0.6 Generated In 0.05232 seconds |
2007-10-20 23:48:21
2008-01-24 04:57:51
2008-01-05 05:24:54
2008-01-01 02:33:18
2007-11-06 06:33:15
2007-10-30 11:20:26