lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 1 Oct 2011 09:11:36 +1000
From: xD 0x41 <secn3t@...il.com>
To: Valdis.Kletnieks@...edu
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: VPN providers and any providers in general...

Oh, it is all old news and old stuff really nowdays... i have seen or, heard
rather of these newage bulletproofs,but, we never advertised that, we just
moved users around alittle ;)

thats also a simple way to stop many crimes, b4 they occur, is to get that
user moving away and maybe onto some diff boxes..making it abit harder
then...anyhow.. thats heresay.

regarding these statements...
Not sure how that should be parsed, and the parsing is crucial here - did
you mean
"they have to commit a crime in their country", or "They have to do
something that
*would* be a crime in their country"?

The general rule is that in order for an extradition to happen, several
things must
be true:

1) The two countries involved need to have extradition treaties in place.
2) The activity must constitute a crime in the country harboring the
accused.
3) The proposed punishment must not be drastically worse than what the
harboring country would impose

I meant, you must be committing crime, in theyre country, for them to even
consider executing the warrants if theyre even in place with, Panam, as i
named also, wich is an exmaqple only of one small small place, now, many
monarchies, would also be partial to being ordered around... remeber, there
is laws in thailand, and many people on 'death row' there, YET, i know for
fact the .aussie government will NOT push anything about it, no
prisoner-transfers, and even just being accessed appropriately, is NOT easy.
Consider China, would you see them executing a warrant, and, they do see
those kind of warrants as VERY invasive to theyre way of life, so, depending
on the FEROCITY of the crime, maybe then, they will accept that, there would
be widespread condemnation, nationally and internationally, that would cause
them, to have to execute this warrant, wich, is something such as
murder,kidnapping, but, you are talking here about seizing boxes, as they
MUST do, and they order this 'as-is' meaning, a business would have to
shutdown, to provvide theyre information, or, atleast be hassles by it
enough, that this is considered not serious, yet.
When it comes to Major fraud and the major fraud squadsm,, then you are
committing for example, a white collar-cyber crime, wich could maybe be
ripping off many people, of many millions, ofcourse they will act, theyre
OWN money is at stake here...
So, there is still alot of stigmata about this subject, it is still verymuch
taboo to committ an internet crime, and those people gettin caught for
stupid stuff like ddos, is really annoying,specially when, you run a dedis,
(free),and still have to accept that, these massive udp floods, cannot be
stopped... (sorry abit offtopic here but.. just saying... in my case
anyhow...) this, is seen abit nowdays, as a money looser, depending on the
intensity, and ofcourse, who is involved, and who has the money.If the
business hit has a massive reputation, or, the website even, then the
likeliness of anything atall happening is a chance, but, this would be rare
as we can see... Really, think of howmany cyber crims there is, compared to
actual busts.
face it, you know that, the amount is now plague proportions, where we are
seeing a revolution , because, we also have to create 'PoC' , wich was
once,seen as a threat and potentially , fatal error to report a bug, and,
seemingly still is , regarding 9bur.st) and, another provider i have had
this also happen with, and, even a bank... reporting things, and not being
even thanked.
i really applaud the stance google has taken with this, and hence, use
theyre services asmuch as i can, but, there is only a minority of this now,
and slowly it will grow, and there will be a ranking system, wich will be
where there will maybe be alot more defining points. At this stage though, i
see more theft than good, more bad than good, online. there is now crowds of
thousands of people all making even small money from ''click the link for an
infection!' popunder etc... for pittance... because, it is still MORE than
theyre wage in a month, in theyre country...
So, until there is finer, more appropriate security laws, to secure those
who are indeeded, trying only to help, and sometimes, receieve emails wich,
even lead to them gettin themself infected, just for the sake of helping to
stop some spam mail pretending to be a login, because face it as a sec
expert, if you are one, you would just knowingly help those who are blinder,
and, you know these scams are not there for theyre good spelling, they
actually *work* , so, ofcourse any sec person, would put theyre own box in
jeopardy, for the sake of the greater good.
or , so it is in the crowds i know...
i know this is a huge greay area, but legally or not, alot of it is still
todo with politics, and still alot of laws not in place for the crimes..
and, until there is, there will be less and less money in IT sec, simple as
that.
I would like to see this, whole situation changed within 5yrs, but, that is
probably too close.. but, it will happen, then, there willbe
official-treatys wich cannot be avoided, and, maybe less 'seizure' of boxes,
and more 'security work' , wich is, how the most effective takedowns work..
but, any isp manager knows the truth, isps recieve hundreds of
takedown-orders yearly, and, act on none.
So, it is not a matter of just law, there is still the grey clud of *wheres
the rest of the laws* to make it any real, good and viable direct way to
arrest someone, in one simple phone call and fax. that is where it will be,
once there is more NOC's around and feds online. The military, already
spends millions on its own sec, so, theyre no dummys, yet, they also use
facebook :P
the internet, is still evolving, once the evolution is abit more complete
legally, there will still be a cloud over each and every bust, as each one
is different, and, qwuestions raised as to what/why/who done what, and, as i
know of at this date there si still a guy being blamede for this, who says
it did not happen atall lately, but, over a year ago, and, he was
'questioned', now, i have his Private log of conversation, should i be
subject to, storing this for another country, and, holding it as evidence,
.... but, what the heck if my hd blows up :P
the cloud hovers...

great topic but, still a very grey area,unfortunately.
(Id like to know where id even be ranked! id like to think, a Gebneral or,
maybe PM!)
cheers,
xd



On 1 October 2011 08:36, <Valdis.Kletnieks@...edu> wrote:

> On Thu, 29 Sep 2011 23:55:18 +1000, xD 0x41 said:
>
> > there are KNOWN places, i have used, and known places wich will not store
> > data, or maybe, provide a proxxy but, they can certainly hide a botnet...
>
> As far as you know... :)
>
> > ONLy people who commit ANY crime in THEYRE country, will be
> arrested...ever
> > noticed the main BIGGER servers are hosted there, even chat ones ?
>
> Not sure how that should be parsed, and the parsing is crucial here - did
> you mean
> "they have to commit a crime in their country", or "They have to do
> something that
> *would* be a crime in their country"?
>
> The general rule is that in order for an extradition to happen, several
> things must
> be true:
>
> 1) The two countries involved need to have extradition treaties in place.
> 2) The activity must constitute a crime in the country harboring the
> accused.
> 3) The proposed punishment must not be drastically worse than what the
> harboring country would impose
>
> So the US can extradite somebody for murder from pretty much anyplace,
> because
> out of 213 or so recognized sovereign governments, there's something like 8
> that don't have reciprocal treaties in place for extradition, and murder is
> illegal in pretty much everywhere.  However, if you're going after somebody
> for
> cybercrime, it won't work unless the country has laws against cybercrime
> that
> cover the situation in question.  As for the third part, the US has on
> several
> occasions had to guarantee no death penalty for accused murderers they've
> extradited from countries that don't do capital punishment.
>
> So Gary McKinnon got hit with extradition even though he never got accused
> of
> breaking a British law (as far as I  know)- because the charge *would* have
> been a crime if he *had* targeted a British server rather than a US server.
> Meanwhile, Julian Assange's extradition on a rape charge hit some serious
> legal
> snags because the exact behavior that Assange was accused of didn't
> actually
> meet the definition of "rape" in England.
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ