lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 29 Sep 2011 14:27:16 +0100
From: Benji <me@...ji.com>
To: secn3t@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: VPN provider helped track down alleged
	LulzSec member

No, you are wrong.

Either; the vpn provider complied with court order, or they face the legal
ramifications of not doing so. User location is irrelevant.

On Thu, Sep 29, 2011 at 2:04 PM, xD 0x41 <secn3t@...il.com> wrote:

> indeed :)
> but, it is how a proper anon person would operate, well, tht is how i once
> did...
> anyhow, it is to broad, and, yes, i qwould never believe in bulletproof,
> unless i have used it maybe, for 10yrs, thru 10 botnets ;P wich, is very
> rare but funnily, possible.
> webhosters, are even more corrupt and better at hiding data.. face it, if
> the vpn provider had not shat themself, then it would be a non story.
>
>
>
>
> On 29 September 2011 23:00, Benji <me@...ji.com> wrote:
>
>> 'Abuse' emails and court orders are very different.
>>
>> On Thu, Sep 29, 2011 at 1:59 PM, xD 0x41 <secn3t@...il.com> wrote:
>>
>>> err, you are limited in those countries dude... id really checkup on that
>>> ... maybe some but, yea i agree, i dont think any hosting is anon, but, i
>>> sure know i have kept an anon dedis in past, and was VERY easy to avoid
>>> handing anything over. Unless they had personally seized from my company, i
>>> was allowed to basically get away with, and if i want to, again, could do
>>> the same  'anonymously' and, indeed keep those details, away.
>>> it is not frigin hard dude, where did Yyou get the idea, that is not hard
>>> to move a user around boxes :P
>>>  and rename them, etc etc etc, always change ipv6 tunnels... there is
>>> somany ways, you obv have not ran a dedicated server in a company
>>> environment coz boi, they hide nets on legit hostin now, legit apparently*
>>> companies...and they do it using those simple means, and, even show logs of
>>> them 'removing and deleting' files of the apprent 'bad user' , this is, a
>>> whole different level than even needing to deal with cops.. so, you are
>>> scared too much by laws  wich can be smokescreened.
>>> Run a dedis, or simply ask a admin, howmany abuse they get, and howmany
>>> users they actually rm ;)
>>> you would want this service, on your vps ?
>>> i surely wouldnt,. i know, with me, if i offer anon, you stay damn anon,
>>> if you bring cops to MY HOUSE, then i may have to try and, simply keep my
>>> darn data secure ey ?
>>> how about that ?
>>> simple methods, defeat simple plans benji.
>>> xd
>>>
>>>
>>>
>>> On 29 September 2011 22:53, Benji <me@...ji.com> wrote:
>>>
>>>> Yes they do. If you buy a server in America for example, even if you are
>>>> located in Russia, they are required by federal law to hand over your
>>>> details wherever you may reside. I dont know where you've obtained this idea
>>>> that they can't.
>>>>
>>>> Just because something is advertised as 'anonymous' doesnt mean it's 'so
>>>> anonymous you can break the law' and anyone using a EU/US-related country to
>>>> do this is either stupid or naive.
>>>>
>>>> On Thu, Sep 29, 2011 at 1:50 PM, xD 0x41 <secn3t@...il.com> wrote:
>>>>
>>>>> They advertised as anonymous VPN to 'everyone'.
>>>>> Then, that would mean, especially NOT locally, thats something wich is
>>>>> also, subject to federal laws though so, in its own country, the provider
>>>>> may have to, nomatter whats advertised, BUT outside of country customers,
>>>>> should not be handed over.
>>>>> isp's here dont do it, and havent, for like 20 yrs, they also do not
>>>>> take down people,issue nor execute other peoples 'takedown orders', there is
>>>>> many reasons for this but basically, they loose money from it.
>>>>> Anyhow, in UK, you maybe right, but outside of there, then, they should
>>>>> have maybe not advertised as anononymous vpn services for everyone and
>>>>> anyone. thats obvious crap we know now.
>>>>> anyhow, cheers,
>>>>> xd
>>>>>
>>>>>
>>>>>
>>>>> On 29 September 2011 22:45, Benji <me@...ji.com> wrote:
>>>>>
>>>>>> Im sorry, why is it 'worrying' that a vpn provider that was a UK
>>>>>> business and was located in the UK, is subject to UK law?
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thu, Sep 29, 2011 at 9:51 AM, Darren Martyn <
>>>>>> d.martyn.fulldisclosure@...il.com> wrote:
>>>>>>
>>>>>>> Again, I hope this does not fail to send.
>>>>>>> The reasoning behind the "Pure Elite" recruitment channel was A: to
>>>>>>> recruit some talented people (and, by all accounts, there were some talented
>>>>>>> programmers there) and B: development and idle talk. Now more interesting
>>>>>>> was the reasoning behind the name - by putting the developers and coders and
>>>>>>> potential recruits in a channel named "Pure Elite", it was essentially an
>>>>>>> ego boost for the new guys, made them feel valued, etc, when in fact most
>>>>>>> were but pawns to be used (IMHO).
>>>>>>>
>>>>>>> This co-operation between VPN providers and LEO, while being nothing
>>>>>>> new - remember how hushmail caved in - is indeed worrying for those of us
>>>>>>> who are privacy advocates as well as security researchers.
>>>>>>>
>>>>>>> On a more direct note, Laurelei, do not presume that you know all
>>>>>>> there is to know about them. Doing so would be foolish. (Now don't go
>>>>>>> assuming that I hate you, I bear you bugger all ill-will, etc).
>>>>>>> Good day.
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Sep 28, 2011 at 5:44 AM, Laurelai Storm <
>>>>>>> laurelai@...echan.org> wrote:
>>>>>>>
>>>>>>>> Its all good dude. What really concerns me is that vpn providers
>>>>>>>> might give over logs to oppressive regemes. TOR is starting to look better
>>>>>>>> and better.
>>>>>>>> On Sep 27, 2011 11:40 PM, "GloW - XD" <doomxd@...il.com> wrote:
>>>>>>>> > never did... was only for one buttcheek kid that i was alittle
>>>>>>>> pissed and
>>>>>>>> > thinking things wich, prolly were wrong at the time...
>>>>>>>> > I am adult enough to apologise for what happened back then, and
>>>>>>>> hopefully it
>>>>>>>> > is just, cool.
>>>>>>>> > :)
>>>>>>>> > cheers, your loved by many, you just have many trollers to :sp
>>>>>>>> > take care ,
>>>>>>>> > xd
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > On 28 September 2011 14:32, Laurelai Storm <laurelai@...echan.org>
>>>>>>>> wrote:
>>>>>>>> >
>>>>>>>> >> Im suprised, someone on the internet who *doesn't * hate me :p
>>>>>>>> >> On Sep 27, 2011 11:29 PM, "GloW - XD" <doomxd@...il.com> wrote:
>>>>>>>> >> > Hello Laurelai ,
>>>>>>>> >> > Oh i agree it is still a terrible precedent to be set.. I dont
>>>>>>>> even know
>>>>>>>> >> > where, legally, i stand anymore...
>>>>>>>> >> > It is rather disturbing, nomatter WHO it was laurela.
>>>>>>>> >> > I am all for the hatred against the VPN provs, and this is not
>>>>>>>> just
>>>>>>>> >> > happening here, and i made a BIG statement about this, and
>>>>>>>> privacy, in my
>>>>>>>> >> > channel on efnet, first as i saw it.
>>>>>>>> >> >
>>>>>>>> >> > Then saw a torrentfreak feed,of someone who was an owner of a
>>>>>>>> huge
>>>>>>>> >> torrent
>>>>>>>> >> > site, was handed to authorities, not by the hoster, no... but
>>>>>>>> by the
>>>>>>>> >> > frigging payment handler, ie paypal or alertpay most likely.
>>>>>>>> >> >
>>>>>>>> >> > This is not good, it makes a grey could now over what is 'anon'
>>>>>>>> and what
>>>>>>>> >> > isnt. and thats a bad thing for us all.
>>>>>>>> >> > To much fraud is causing this, thats plain and simple.Abusing
>>>>>>>> places like
>>>>>>>> >> > Sony, and, major banks, only make the authorities turn to
>>>>>>>> politics, whom
>>>>>>>> >> in
>>>>>>>> >> > turn can bully with federal and state laws of ANY country, i
>>>>>>>> think this
>>>>>>>> >> is
>>>>>>>> >> > the dangerous part wich is affecting lulzsec members or whoever
>>>>>>>> was apart
>>>>>>>> >> of
>>>>>>>> >> > it, and, i mean efnet is no recruiting grounds for decent hkrs.
>>>>>>>> >> > Simple as that, you know it, maybe thru word of mouth ok, but
>>>>>>>> not alone
>>>>>>>> >> by
>>>>>>>> >> > being in channels but that network, is one federal hideout
>>>>>>>> now..and, that
>>>>>>>> >> is
>>>>>>>> >> > every channel, if it is not being spied (yea they have a module
>>>>>>>> >> > m_spychannel.c or similar, wich, they actually had without
>>>>>>>> realising,
>>>>>>>> >> asked
>>>>>>>> >> > a friend, to code for them.
>>>>>>>> >> > This was rejected by me/her,but i believe they have the module
>>>>>>>> running
>>>>>>>> >> now.
>>>>>>>> >> > So, what was to stop them adding theyre own hidden spy mode to
>>>>>>>> it :s look
>>>>>>>> >> at
>>>>>>>> >> > what they did to my old channel #haqnet, they introduced
>>>>>>>> drinemon and a
>>>>>>>> >> > bunch of other things, when it could have been simply worked
>>>>>>>> out with
>>>>>>>> >> > words.. but anyhow, i will not brood on the past, i hope this
>>>>>>>> is mutual
>>>>>>>> >> > Laurelai, I have nothing bad to say about you, and in turn,
>>>>>>>> expect the
>>>>>>>> >> same.
>>>>>>>> >> > Respect for respect dear.
>>>>>>>> >> > I do agree with you about the situation and, as you can see, am
>>>>>>>> not
>>>>>>>> >> holding
>>>>>>>> >> > 9undisclosed) crappy things wich happened along time ago, over
>>>>>>>> one
>>>>>>>> >> idiotic
>>>>>>>> >> > kid, on efnet, whom now i know you do not associate with. So, i
>>>>>>>> want
>>>>>>>> >> that,
>>>>>>>> >> > to be laid rest now.. please.
>>>>>>>> >> > And, we can only hope that the greater common sense will
>>>>>>>> prevail and
>>>>>>>> >> > hopefully, places will be forced to proove anonymity in some
>>>>>>>> way, wether
>>>>>>>> >> > that be by showing people email interaction with requester's of
>>>>>>>> peoples
>>>>>>>> >> > info, or anything simple even, wich would be then a standard
>>>>>>>> for VPN, I
>>>>>>>> >> do
>>>>>>>> >> > not use them but, if i bought anonymous vpn, id expect exactly
>>>>>>>> >> that,without
>>>>>>>> >> > political interaction and grey areas about who and what is now
>>>>>>>> legal and
>>>>>>>> >> not
>>>>>>>> >> > legal on the internet, on chatrooms, and on even websites.
>>>>>>>> >> > ok, thats plenty, cheers!
>>>>>>>> >> > xd
>>>>>>>> >> >
>>>>>>>> >> >
>>>>>>>> >> > On 28 September 2011 13:41, Laurelai <laurelai@...echan.org>
>>>>>>>> wrote:
>>>>>>>> >> >
>>>>>>>> >> >> On 9/27/2011 10:10 PM, sandeep k wrote:
>>>>>>>> >> >>
>>>>>>>> >> >> Lolz members was really insane ,i m not why to use that crapy
>>>>>>>> hma.
>>>>>>>> >> >> On Sep 27, 2011 8:36 PM, "Ferenc Kovacs" <tyra3l@...il.com>
>>>>>>>> wrote:
>>>>>>>> >> >> > yeah, and usually the same goes for calling others "kids" ;)
>>>>>>>> >> >> >
>>>>>>>> >> >> > On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD <
>>>>>>>> doomxd@...il.com> wrote:
>>>>>>>> >> >> >> #pure-elite , rofl... yes indeed :P
>>>>>>>> >> >> >> hehe... nice story tho...funny about the elite channel
>>>>>>>> thing... why
>>>>>>>> >> do
>>>>>>>> >> >> ppl
>>>>>>>> >> >> >> tag themselves as elite? usually when they are not...
>>>>>>>> >> >> >> ohwell, thats efnut :s (irc sucks)
>>>>>>>> >> >> >> xd
>>>>>>>> >> >> >>
>>>>>>>> >> >> >>
>>>>>>>> >> >> >> On 27 September 2011 19:03, Darren Martyn
>>>>>>>> >> >> >> <d.martyn.fulldisclosure@...il.com> wrote:
>>>>>>>> >> >> >>>
>>>>>>>> >> >> >>> Hope this sends correctly, new email client and all... But
>>>>>>>> seeing as
>>>>>>>> >> it
>>>>>>>> >> >> is
>>>>>>>> >> >> >>> an international investigation many people have been
>>>>>>>> bending over
>>>>>>>> >> >> backwards
>>>>>>>> >> >> >>> to assist LEO on this. HMA and perfect privacy were the
>>>>>>>> VPN's of
>>>>>>>> >> choice
>>>>>>>> >> >> for
>>>>>>>> >> >> >>> them it would appear, oh, and he was part of the
>>>>>>>> #pure-elite channel
>>>>>>>> >> on
>>>>>>>> >> >> that
>>>>>>>> >> >> >>> IRC server, and hence, considered by LEO and others as
>>>>>>>> "Part of
>>>>>>>> >> >> LulzSec".
>>>>>>>> >> >> >>>
>>>>>>>> >> >> >>> TL;DR, this is nothing new.
>>>>>>>> >> >> >>>
>>>>>>>> >> >> >>> On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm <
>>>>>>>> >> laurelai@...echan.org
>>>>>>>> >> >> >
>>>>>>>> >> >> >>> wrote:
>>>>>>>> >> >> >>>>
>>>>>>>> >> >> >>>> And the guy wasnt even a part of lulzsec
>>>>>>>> >> >> >>>>
>>>>>>>> >> >> >>>> On Sep 26, 2011 10:37 PM, "Jeffrey Walton" <
>>>>>>>> noloader@...il.com>
>>>>>>>> >> >> wrote:
>>>>>>>> >> >> >>>> > On Mon, Sep 26, 2011 at 8:47 PM, Ivan . <
>>>>>>>> ivanhec@...il.com>
>>>>>>>> >> wrote:
>>>>>>>> >> >> >>>> >>
>>>>>>>> >> >> >>>> >>
>>>>>>>> >> >>
>>>>>>>> >>
>>>>>>>> http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html
>>>>>>>> >> >> >>>> > Though HMA claims they complied with a court order, it
>>>>>>>> looks as
>>>>>>>> >> if
>>>>>>>> >> >> >>>> > they facilitated a law enforcement request. The US and
>>>>>>>> the FBI
>>>>>>>> >> have
>>>>>>>> >> >> no
>>>>>>>> >> >> >>>> > jurisdiction in the UK.
>>>>>>>> >> >> >>>> >
>>>>>>>> >> >> >>>> > Jeff
>>>>>>>> >> >> >>>> >
>>>>>>>> >> >> >>>> > _______________________________________________
>>>>>>>> >> >> >>>> > Full-Disclosure - We believe in it.
>>>>>>>> >> >> >>>> > Charter:
>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>> >> >> >>>> > Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>> >> >> >>>>
>>>>>>>> >> >> >>>> _______________________________________________
>>>>>>>> >> >> >>>> Full-Disclosure - We believe in it.
>>>>>>>> >> >> >>>> Charter:
>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>> >> >> >>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>> >> >> >>>
>>>>>>>> >> >> >>>
>>>>>>>> >> >> >>> _______________________________________________
>>>>>>>> >> >> >>> Full-Disclosure - We believe in it.
>>>>>>>> >> >> >>> Charter:
>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>> >> >> >>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>> >> >> >>
>>>>>>>> >> >> >>
>>>>>>>> >> >> >> _______________________________________________
>>>>>>>> >> >> >> Full-Disclosure - We believe in it.
>>>>>>>> >> >> >> Charter:
>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>> >> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>> >> >> >>
>>>>>>>> >> >> >
>>>>>>>> >> >> >
>>>>>>>> >> >> >
>>>>>>>> >> >> > --
>>>>>>>> >> >> > Ferenc Kovács
>>>>>>>> >> >> > @Tyr43l - http://tyrael.hu
>>>>>>>> >> >> >
>>>>>>>> >> >> > _______________________________________________
>>>>>>>> >> >> > Full-Disclosure - We believe in it.
>>>>>>>> >> >> > Charter:
>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>> >> >> > Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>> >> >>
>>>>>>>> >> >>
>>>>>>>> >> >> _______________________________________________
>>>>>>>> >> >> Full-Disclosure - We believe in it.
>>>>>>>> >> >> Charter:
>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>> >> >>
>>>>>>>> >> >> >From my understanding they used the channel as a possible
>>>>>>>> recruitment
>>>>>>>> >> >> ground, though only 6 people were officially a part of lulzsec
>>>>>>>> , i find
>>>>>>>> >> it
>>>>>>>> >> >> disturbing that law enforcement considers being in an irc
>>>>>>>> channel
>>>>>>>> >> tantamount
>>>>>>>> >> >> to being a part of lulzsec.
>>>>>>>> >> >>
>>>>>>>> >> >> _______________________________________________
>>>>>>>> >> >> Full-Disclosure - We believe in it.
>>>>>>>> >> >> Charter:
>>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>> >> >>
>>>>>>>> >>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Full-Disclosure - We believe in it.
>>>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Full-Disclosure - We believe in it.
>>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Full-Disclosure - We believe in it.
>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ