lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 29 Sep 2011 14:00:29 +0100
From: Benji <me@...ji.com>
To: secn3t@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: VPN provider helped track down alleged
	LulzSec member

'Abuse' emails and court orders are very different.

On Thu, Sep 29, 2011 at 1:59 PM, xD 0x41 <secn3t@...il.com> wrote:

> err, you are limited in those countries dude... id really checkup on that
> ... maybe some but, yea i agree, i dont think any hosting is anon, but, i
> sure know i have kept an anon dedis in past, and was VERY easy to avoid
> handing anything over. Unless they had personally seized from my company, i
> was allowed to basically get away with, and if i want to, again, could do
> the same  'anonymously' and, indeed keep those details, away.
> it is not frigin hard dude, where did Yyou get the idea, that is not hard
> to move a user around boxes :P
>  and rename them, etc etc etc, always change ipv6 tunnels... there is
> somany ways, you obv have not ran a dedicated server in a company
> environment coz boi, they hide nets on legit hostin now, legit apparently*
> companies...and they do it using those simple means, and, even show logs of
> them 'removing and deleting' files of the apprent 'bad user' , this is, a
> whole different level than even needing to deal with cops.. so, you are
> scared too much by laws  wich can be smokescreened.
> Run a dedis, or simply ask a admin, howmany abuse they get, and howmany
> users they actually rm ;)
> you would want this service, on your vps ?
> i surely wouldnt,. i know, with me, if i offer anon, you stay damn anon, if
> you bring cops to MY HOUSE, then i may have to try and, simply keep my darn
> data secure ey ?
> how about that ?
> simple methods, defeat simple plans benji.
> xd
>
>
>
> On 29 September 2011 22:53, Benji <me@...ji.com> wrote:
>
>> Yes they do. If you buy a server in America for example, even if you are
>> located in Russia, they are required by federal law to hand over your
>> details wherever you may reside. I dont know where you've obtained this idea
>> that they can't.
>>
>> Just because something is advertised as 'anonymous' doesnt mean it's 'so
>> anonymous you can break the law' and anyone using a EU/US-related country to
>> do this is either stupid or naive.
>>
>> On Thu, Sep 29, 2011 at 1:50 PM, xD 0x41 <secn3t@...il.com> wrote:
>>
>>> They advertised as anonymous VPN to 'everyone'.
>>> Then, that would mean, especially NOT locally, thats something wich is
>>> also, subject to federal laws though so, in its own country, the provider
>>> may have to, nomatter whats advertised, BUT outside of country customers,
>>> should not be handed over.
>>> isp's here dont do it, and havent, for like 20 yrs, they also do not take
>>> down people,issue nor execute other peoples 'takedown orders', there is many
>>> reasons for this but basically, they loose money from it.
>>> Anyhow, in UK, you maybe right, but outside of there, then, they should
>>> have maybe not advertised as anononymous vpn services for everyone and
>>> anyone. thats obvious crap we know now.
>>> anyhow, cheers,
>>> xd
>>>
>>>
>>>
>>> On 29 September 2011 22:45, Benji <me@...ji.com> wrote:
>>>
>>>> Im sorry, why is it 'worrying' that a vpn provider that was a UK
>>>> business and was located in the UK, is subject to UK law?
>>>>
>>>>
>>>>
>>>> On Thu, Sep 29, 2011 at 9:51 AM, Darren Martyn <
>>>> d.martyn.fulldisclosure@...il.com> wrote:
>>>>
>>>>> Again, I hope this does not fail to send.
>>>>> The reasoning behind the "Pure Elite" recruitment channel was A: to
>>>>> recruit some talented people (and, by all accounts, there were some talented
>>>>> programmers there) and B: development and idle talk. Now more interesting
>>>>> was the reasoning behind the name - by putting the developers and coders and
>>>>> potential recruits in a channel named "Pure Elite", it was essentially an
>>>>> ego boost for the new guys, made them feel valued, etc, when in fact most
>>>>> were but pawns to be used (IMHO).
>>>>>
>>>>> This co-operation between VPN providers and LEO, while being nothing
>>>>> new - remember how hushmail caved in - is indeed worrying for those of us
>>>>> who are privacy advocates as well as security researchers.
>>>>>
>>>>> On a more direct note, Laurelei, do not presume that you know all there
>>>>> is to know about them. Doing so would be foolish. (Now don't go assuming
>>>>> that I hate you, I bear you bugger all ill-will, etc).
>>>>> Good day.
>>>>>
>>>>>
>>>>> On Wed, Sep 28, 2011 at 5:44 AM, Laurelai Storm <laurelai@...echan.org
>>>>> > wrote:
>>>>>
>>>>>> Its all good dude. What really concerns me is that vpn providers might
>>>>>> give over logs to oppressive regemes. TOR is starting to look better and
>>>>>> better.
>>>>>> On Sep 27, 2011 11:40 PM, "GloW - XD" <doomxd@...il.com> wrote:
>>>>>> > never did... was only for one buttcheek kid that i was alittle
>>>>>> pissed and
>>>>>> > thinking things wich, prolly were wrong at the time...
>>>>>> > I am adult enough to apologise for what happened back then, and
>>>>>> hopefully it
>>>>>> > is just, cool.
>>>>>> > :)
>>>>>> > cheers, your loved by many, you just have many trollers to :sp
>>>>>> > take care ,
>>>>>> > xd
>>>>>> >
>>>>>> >
>>>>>> > On 28 September 2011 14:32, Laurelai Storm <laurelai@...echan.org>
>>>>>> wrote:
>>>>>> >
>>>>>> >> Im suprised, someone on the internet who *doesn't * hate me :p
>>>>>> >> On Sep 27, 2011 11:29 PM, "GloW - XD" <doomxd@...il.com> wrote:
>>>>>> >> > Hello Laurelai ,
>>>>>> >> > Oh i agree it is still a terrible precedent to be set.. I dont
>>>>>> even know
>>>>>> >> > where, legally, i stand anymore...
>>>>>> >> > It is rather disturbing, nomatter WHO it was laurela.
>>>>>> >> > I am all for the hatred against the VPN provs, and this is not
>>>>>> just
>>>>>> >> > happening here, and i made a BIG statement about this, and
>>>>>> privacy, in my
>>>>>> >> > channel on efnet, first as i saw it.
>>>>>> >> >
>>>>>> >> > Then saw a torrentfreak feed,of someone who was an owner of a
>>>>>> huge
>>>>>> >> torrent
>>>>>> >> > site, was handed to authorities, not by the hoster, no... but by
>>>>>> the
>>>>>> >> > frigging payment handler, ie paypal or alertpay most likely.
>>>>>> >> >
>>>>>> >> > This is not good, it makes a grey could now over what is 'anon'
>>>>>> and what
>>>>>> >> > isnt. and thats a bad thing for us all.
>>>>>> >> > To much fraud is causing this, thats plain and simple.Abusing
>>>>>> places like
>>>>>> >> > Sony, and, major banks, only make the authorities turn to
>>>>>> politics, whom
>>>>>> >> in
>>>>>> >> > turn can bully with federal and state laws of ANY country, i
>>>>>> think this
>>>>>> >> is
>>>>>> >> > the dangerous part wich is affecting lulzsec members or whoever
>>>>>> was apart
>>>>>> >> of
>>>>>> >> > it, and, i mean efnet is no recruiting grounds for decent hkrs.
>>>>>> >> > Simple as that, you know it, maybe thru word of mouth ok, but not
>>>>>> alone
>>>>>> >> by
>>>>>> >> > being in channels but that network, is one federal hideout
>>>>>> now..and, that
>>>>>> >> is
>>>>>> >> > every channel, if it is not being spied (yea they have a module
>>>>>> >> > m_spychannel.c or similar, wich, they actually had without
>>>>>> realising,
>>>>>> >> asked
>>>>>> >> > a friend, to code for them.
>>>>>> >> > This was rejected by me/her,but i believe they have the module
>>>>>> running
>>>>>> >> now.
>>>>>> >> > So, what was to stop them adding theyre own hidden spy mode to it
>>>>>> :s look
>>>>>> >> at
>>>>>> >> > what they did to my old channel #haqnet, they introduced drinemon
>>>>>> and a
>>>>>> >> > bunch of other things, when it could have been simply worked out
>>>>>> with
>>>>>> >> > words.. but anyhow, i will not brood on the past, i hope this is
>>>>>> mutual
>>>>>> >> > Laurelai, I have nothing bad to say about you, and in turn,
>>>>>> expect the
>>>>>> >> same.
>>>>>> >> > Respect for respect dear.
>>>>>> >> > I do agree with you about the situation and, as you can see, am
>>>>>> not
>>>>>> >> holding
>>>>>> >> > 9undisclosed) crappy things wich happened along time ago, over
>>>>>> one
>>>>>> >> idiotic
>>>>>> >> > kid, on efnet, whom now i know you do not associate with. So, i
>>>>>> want
>>>>>> >> that,
>>>>>> >> > to be laid rest now.. please.
>>>>>> >> > And, we can only hope that the greater common sense will prevail
>>>>>> and
>>>>>> >> > hopefully, places will be forced to proove anonymity in some way,
>>>>>> wether
>>>>>> >> > that be by showing people email interaction with requester's of
>>>>>> peoples
>>>>>> >> > info, or anything simple even, wich would be then a standard for
>>>>>> VPN, I
>>>>>> >> do
>>>>>> >> > not use them but, if i bought anonymous vpn, id expect exactly
>>>>>> >> that,without
>>>>>> >> > political interaction and grey areas about who and what is now
>>>>>> legal and
>>>>>> >> not
>>>>>> >> > legal on the internet, on chatrooms, and on even websites.
>>>>>> >> > ok, thats plenty, cheers!
>>>>>> >> > xd
>>>>>> >> >
>>>>>> >> >
>>>>>> >> > On 28 September 2011 13:41, Laurelai <laurelai@...echan.org>
>>>>>> wrote:
>>>>>> >> >
>>>>>> >> >> On 9/27/2011 10:10 PM, sandeep k wrote:
>>>>>> >> >>
>>>>>> >> >> Lolz members was really insane ,i m not why to use that crapy
>>>>>> hma.
>>>>>> >> >> On Sep 27, 2011 8:36 PM, "Ferenc Kovacs" <tyra3l@...il.com>
>>>>>> wrote:
>>>>>> >> >> > yeah, and usually the same goes for calling others "kids" ;)
>>>>>> >> >> >
>>>>>> >> >> > On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD <doomxd@...il.com>
>>>>>> wrote:
>>>>>> >> >> >> #pure-elite , rofl... yes indeed :P
>>>>>> >> >> >> hehe... nice story tho...funny about the elite channel
>>>>>> thing... why
>>>>>> >> do
>>>>>> >> >> ppl
>>>>>> >> >> >> tag themselves as elite? usually when they are not...
>>>>>> >> >> >> ohwell, thats efnut :s (irc sucks)
>>>>>> >> >> >> xd
>>>>>> >> >> >>
>>>>>> >> >> >>
>>>>>> >> >> >> On 27 September 2011 19:03, Darren Martyn
>>>>>> >> >> >> <d.martyn.fulldisclosure@...il.com> wrote:
>>>>>> >> >> >>>
>>>>>> >> >> >>> Hope this sends correctly, new email client and all... But
>>>>>> seeing as
>>>>>> >> it
>>>>>> >> >> is
>>>>>> >> >> >>> an international investigation many people have been bending
>>>>>> over
>>>>>> >> >> backwards
>>>>>> >> >> >>> to assist LEO on this. HMA and perfect privacy were the
>>>>>> VPN's of
>>>>>> >> choice
>>>>>> >> >> for
>>>>>> >> >> >>> them it would appear, oh, and he was part of the #pure-elite
>>>>>> channel
>>>>>> >> on
>>>>>> >> >> that
>>>>>> >> >> >>> IRC server, and hence, considered by LEO and others as "Part
>>>>>> of
>>>>>> >> >> LulzSec".
>>>>>> >> >> >>>
>>>>>> >> >> >>> TL;DR, this is nothing new.
>>>>>> >> >> >>>
>>>>>> >> >> >>> On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm <
>>>>>> >> laurelai@...echan.org
>>>>>> >> >> >
>>>>>> >> >> >>> wrote:
>>>>>> >> >> >>>>
>>>>>> >> >> >>>> And the guy wasnt even a part of lulzsec
>>>>>> >> >> >>>>
>>>>>> >> >> >>>> On Sep 26, 2011 10:37 PM, "Jeffrey Walton" <
>>>>>> noloader@...il.com>
>>>>>> >> >> wrote:
>>>>>> >> >> >>>> > On Mon, Sep 26, 2011 at 8:47 PM, Ivan . <
>>>>>> ivanhec@...il.com>
>>>>>> >> wrote:
>>>>>> >> >> >>>> >>
>>>>>> >> >> >>>> >>
>>>>>> >> >>
>>>>>> >>
>>>>>> http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html
>>>>>> >> >> >>>> > Though HMA claims they complied with a court order, it
>>>>>> looks as
>>>>>> >> if
>>>>>> >> >> >>>> > they facilitated a law enforcement request. The US and
>>>>>> the FBI
>>>>>> >> have
>>>>>> >> >> no
>>>>>> >> >> >>>> > jurisdiction in the UK.
>>>>>> >> >> >>>> >
>>>>>> >> >> >>>> > Jeff
>>>>>> >> >> >>>> >
>>>>>> >> >> >>>> > _______________________________________________
>>>>>> >> >> >>>> > Full-Disclosure - We believe in it.
>>>>>> >> >> >>>> > Charter:
>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> >> >> >>>> > Hosted and sponsored by Secunia - http://secunia.com/
>>>>>> >> >> >>>>
>>>>>> >> >> >>>> _______________________________________________
>>>>>> >> >> >>>> Full-Disclosure - We believe in it.
>>>>>> >> >> >>>> Charter:
>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> >> >> >>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>> >> >> >>>
>>>>>> >> >> >>>
>>>>>> >> >> >>> _______________________________________________
>>>>>> >> >> >>> Full-Disclosure - We believe in it.
>>>>>> >> >> >>> Charter:
>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> >> >> >>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>> >> >> >>
>>>>>> >> >> >>
>>>>>> >> >> >> _______________________________________________
>>>>>> >> >> >> Full-Disclosure - We believe in it.
>>>>>> >> >> >> Charter:
>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> >> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>> >> >> >>
>>>>>> >> >> >
>>>>>> >> >> >
>>>>>> >> >> >
>>>>>> >> >> > --
>>>>>> >> >> > Ferenc Kovács
>>>>>> >> >> > @Tyr43l - http://tyrael.hu
>>>>>> >> >> >
>>>>>> >> >> > _______________________________________________
>>>>>> >> >> > Full-Disclosure - We believe in it.
>>>>>> >> >> > Charter:
>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> >> >> > Hosted and sponsored by Secunia - http://secunia.com/
>>>>>> >> >>
>>>>>> >> >>
>>>>>> >> >> _______________________________________________
>>>>>> >> >> Full-Disclosure - We believe in it.
>>>>>> >> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>> >> >>
>>>>>> >> >> >From my understanding they used the channel as a possible
>>>>>> recruitment
>>>>>> >> >> ground, though only 6 people were officially a part of lulzsec ,
>>>>>> i find
>>>>>> >> it
>>>>>> >> >> disturbing that law enforcement considers being in an irc
>>>>>> channel
>>>>>> >> tantamount
>>>>>> >> >> to being a part of lulzsec.
>>>>>> >> >>
>>>>>> >> >> _______________________________________________
>>>>>> >> >> Full-Disclosure - We believe in it.
>>>>>> >> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>> >> >>
>>>>>> >>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Full-Disclosure - We believe in it.
>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Full-Disclosure - We believe in it.
>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>
>>>
>>>
>>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ