lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALCvwp4wnVUY=cOUk8CDYbmqkCbw85RVL7WPk0curOdfU_aFRg@mail.gmail.com>
Date: Thu, 29 Sep 2011 23:04:12 +1000
From: xD 0x41 <secn3t@...il.com>
To: Benji <me@...ji.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: VPN provider helped track down alleged
	LulzSec member

indeed :)
but, it is how a proper anon person would operate, well, tht is how i once
did...
anyhow, it is to broad, and, yes, i qwould never believe in bulletproof,
unless i have used it maybe, for 10yrs, thru 10 botnets ;P wich, is very
rare but funnily, possible.
webhosters, are even more corrupt and better at hiding data.. face it, if
the vpn provider had not shat themself, then it would be a non story.



On 29 September 2011 23:00, Benji <me@...ji.com> wrote:

> 'Abuse' emails and court orders are very different.
>
> On Thu, Sep 29, 2011 at 1:59 PM, xD 0x41 <secn3t@...il.com> wrote:
>
>> err, you are limited in those countries dude... id really checkup on that
>> ... maybe some but, yea i agree, i dont think any hosting is anon, but, i
>> sure know i have kept an anon dedis in past, and was VERY easy to avoid
>> handing anything over. Unless they had personally seized from my company, i
>> was allowed to basically get away with, and if i want to, again, could do
>> the same  'anonymously' and, indeed keep those details, away.
>> it is not frigin hard dude, where did Yyou get the idea, that is not hard
>> to move a user around boxes :P
>>  and rename them, etc etc etc, always change ipv6 tunnels... there is
>> somany ways, you obv have not ran a dedicated server in a company
>> environment coz boi, they hide nets on legit hostin now, legit apparently*
>> companies...and they do it using those simple means, and, even show logs of
>> them 'removing and deleting' files of the apprent 'bad user' , this is, a
>> whole different level than even needing to deal with cops.. so, you are
>> scared too much by laws  wich can be smokescreened.
>> Run a dedis, or simply ask a admin, howmany abuse they get, and howmany
>> users they actually rm ;)
>> you would want this service, on your vps ?
>> i surely wouldnt,. i know, with me, if i offer anon, you stay damn anon,
>> if you bring cops to MY HOUSE, then i may have to try and, simply keep my
>> darn data secure ey ?
>> how about that ?
>> simple methods, defeat simple plans benji.
>> xd
>>
>>
>>
>> On 29 September 2011 22:53, Benji <me@...ji.com> wrote:
>>
>>> Yes they do. If you buy a server in America for example, even if you are
>>> located in Russia, they are required by federal law to hand over your
>>> details wherever you may reside. I dont know where you've obtained this idea
>>> that they can't.
>>>
>>> Just because something is advertised as 'anonymous' doesnt mean it's 'so
>>> anonymous you can break the law' and anyone using a EU/US-related country to
>>> do this is either stupid or naive.
>>>
>>> On Thu, Sep 29, 2011 at 1:50 PM, xD 0x41 <secn3t@...il.com> wrote:
>>>
>>>> They advertised as anonymous VPN to 'everyone'.
>>>> Then, that would mean, especially NOT locally, thats something wich is
>>>> also, subject to federal laws though so, in its own country, the provider
>>>> may have to, nomatter whats advertised, BUT outside of country customers,
>>>> should not be handed over.
>>>> isp's here dont do it, and havent, for like 20 yrs, they also do not
>>>> take down people,issue nor execute other peoples 'takedown orders', there is
>>>> many reasons for this but basically, they loose money from it.
>>>> Anyhow, in UK, you maybe right, but outside of there, then, they should
>>>> have maybe not advertised as anononymous vpn services for everyone and
>>>> anyone. thats obvious crap we know now.
>>>> anyhow, cheers,
>>>> xd
>>>>
>>>>
>>>>
>>>> On 29 September 2011 22:45, Benji <me@...ji.com> wrote:
>>>>
>>>>> Im sorry, why is it 'worrying' that a vpn provider that was a UK
>>>>> business and was located in the UK, is subject to UK law?
>>>>>
>>>>>
>>>>>
>>>>> On Thu, Sep 29, 2011 at 9:51 AM, Darren Martyn <
>>>>> d.martyn.fulldisclosure@...il.com> wrote:
>>>>>
>>>>>> Again, I hope this does not fail to send.
>>>>>> The reasoning behind the "Pure Elite" recruitment channel was A: to
>>>>>> recruit some talented people (and, by all accounts, there were some talented
>>>>>> programmers there) and B: development and idle talk. Now more interesting
>>>>>> was the reasoning behind the name - by putting the developers and coders and
>>>>>> potential recruits in a channel named "Pure Elite", it was essentially an
>>>>>> ego boost for the new guys, made them feel valued, etc, when in fact most
>>>>>> were but pawns to be used (IMHO).
>>>>>>
>>>>>> This co-operation between VPN providers and LEO, while being nothing
>>>>>> new - remember how hushmail caved in - is indeed worrying for those of us
>>>>>> who are privacy advocates as well as security researchers.
>>>>>>
>>>>>> On a more direct note, Laurelei, do not presume that you know all
>>>>>> there is to know about them. Doing so would be foolish. (Now don't go
>>>>>> assuming that I hate you, I bear you bugger all ill-will, etc).
>>>>>> Good day.
>>>>>>
>>>>>>
>>>>>> On Wed, Sep 28, 2011 at 5:44 AM, Laurelai Storm <
>>>>>> laurelai@...echan.org> wrote:
>>>>>>
>>>>>>> Its all good dude. What really concerns me is that vpn providers
>>>>>>> might give over logs to oppressive regemes. TOR is starting to look better
>>>>>>> and better.
>>>>>>> On Sep 27, 2011 11:40 PM, "GloW - XD" <doomxd@...il.com> wrote:
>>>>>>> > never did... was only for one buttcheek kid that i was alittle
>>>>>>> pissed and
>>>>>>> > thinking things wich, prolly were wrong at the time...
>>>>>>> > I am adult enough to apologise for what happened back then, and
>>>>>>> hopefully it
>>>>>>> > is just, cool.
>>>>>>> > :)
>>>>>>> > cheers, your loved by many, you just have many trollers to :sp
>>>>>>> > take care ,
>>>>>>> > xd
>>>>>>> >
>>>>>>> >
>>>>>>> > On 28 September 2011 14:32, Laurelai Storm <laurelai@...echan.org>
>>>>>>> wrote:
>>>>>>> >
>>>>>>> >> Im suprised, someone on the internet who *doesn't * hate me :p
>>>>>>> >> On Sep 27, 2011 11:29 PM, "GloW - XD" <doomxd@...il.com> wrote:
>>>>>>> >> > Hello Laurelai ,
>>>>>>> >> > Oh i agree it is still a terrible precedent to be set.. I dont
>>>>>>> even know
>>>>>>> >> > where, legally, i stand anymore...
>>>>>>> >> > It is rather disturbing, nomatter WHO it was laurela.
>>>>>>> >> > I am all for the hatred against the VPN provs, and this is not
>>>>>>> just
>>>>>>> >> > happening here, and i made a BIG statement about this, and
>>>>>>> privacy, in my
>>>>>>> >> > channel on efnet, first as i saw it.
>>>>>>> >> >
>>>>>>> >> > Then saw a torrentfreak feed,of someone who was an owner of a
>>>>>>> huge
>>>>>>> >> torrent
>>>>>>> >> > site, was handed to authorities, not by the hoster, no... but by
>>>>>>> the
>>>>>>> >> > frigging payment handler, ie paypal or alertpay most likely.
>>>>>>> >> >
>>>>>>> >> > This is not good, it makes a grey could now over what is 'anon'
>>>>>>> and what
>>>>>>> >> > isnt. and thats a bad thing for us all.
>>>>>>> >> > To much fraud is causing this, thats plain and simple.Abusing
>>>>>>> places like
>>>>>>> >> > Sony, and, major banks, only make the authorities turn to
>>>>>>> politics, whom
>>>>>>> >> in
>>>>>>> >> > turn can bully with federal and state laws of ANY country, i
>>>>>>> think this
>>>>>>> >> is
>>>>>>> >> > the dangerous part wich is affecting lulzsec members or whoever
>>>>>>> was apart
>>>>>>> >> of
>>>>>>> >> > it, and, i mean efnet is no recruiting grounds for decent hkrs.
>>>>>>> >> > Simple as that, you know it, maybe thru word of mouth ok, but
>>>>>>> not alone
>>>>>>> >> by
>>>>>>> >> > being in channels but that network, is one federal hideout
>>>>>>> now..and, that
>>>>>>> >> is
>>>>>>> >> > every channel, if it is not being spied (yea they have a module
>>>>>>> >> > m_spychannel.c or similar, wich, they actually had without
>>>>>>> realising,
>>>>>>> >> asked
>>>>>>> >> > a friend, to code for them.
>>>>>>> >> > This was rejected by me/her,but i believe they have the module
>>>>>>> running
>>>>>>> >> now.
>>>>>>> >> > So, what was to stop them adding theyre own hidden spy mode to
>>>>>>> it :s look
>>>>>>> >> at
>>>>>>> >> > what they did to my old channel #haqnet, they introduced
>>>>>>> drinemon and a
>>>>>>> >> > bunch of other things, when it could have been simply worked out
>>>>>>> with
>>>>>>> >> > words.. but anyhow, i will not brood on the past, i hope this is
>>>>>>> mutual
>>>>>>> >> > Laurelai, I have nothing bad to say about you, and in turn,
>>>>>>> expect the
>>>>>>> >> same.
>>>>>>> >> > Respect for respect dear.
>>>>>>> >> > I do agree with you about the situation and, as you can see, am
>>>>>>> not
>>>>>>> >> holding
>>>>>>> >> > 9undisclosed) crappy things wich happened along time ago, over
>>>>>>> one
>>>>>>> >> idiotic
>>>>>>> >> > kid, on efnet, whom now i know you do not associate with. So, i
>>>>>>> want
>>>>>>> >> that,
>>>>>>> >> > to be laid rest now.. please.
>>>>>>> >> > And, we can only hope that the greater common sense will prevail
>>>>>>> and
>>>>>>> >> > hopefully, places will be forced to proove anonymity in some
>>>>>>> way, wether
>>>>>>> >> > that be by showing people email interaction with requester's of
>>>>>>> peoples
>>>>>>> >> > info, or anything simple even, wich would be then a standard for
>>>>>>> VPN, I
>>>>>>> >> do
>>>>>>> >> > not use them but, if i bought anonymous vpn, id expect exactly
>>>>>>> >> that,without
>>>>>>> >> > political interaction and grey areas about who and what is now
>>>>>>> legal and
>>>>>>> >> not
>>>>>>> >> > legal on the internet, on chatrooms, and on even websites.
>>>>>>> >> > ok, thats plenty, cheers!
>>>>>>> >> > xd
>>>>>>> >> >
>>>>>>> >> >
>>>>>>> >> > On 28 September 2011 13:41, Laurelai <laurelai@...echan.org>
>>>>>>> wrote:
>>>>>>> >> >
>>>>>>> >> >> On 9/27/2011 10:10 PM, sandeep k wrote:
>>>>>>> >> >>
>>>>>>> >> >> Lolz members was really insane ,i m not why to use that crapy
>>>>>>> hma.
>>>>>>> >> >> On Sep 27, 2011 8:36 PM, "Ferenc Kovacs" <tyra3l@...il.com>
>>>>>>> wrote:
>>>>>>> >> >> > yeah, and usually the same goes for calling others "kids" ;)
>>>>>>> >> >> >
>>>>>>> >> >> > On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD <
>>>>>>> doomxd@...il.com> wrote:
>>>>>>> >> >> >> #pure-elite , rofl... yes indeed :P
>>>>>>> >> >> >> hehe... nice story tho...funny about the elite channel
>>>>>>> thing... why
>>>>>>> >> do
>>>>>>> >> >> ppl
>>>>>>> >> >> >> tag themselves as elite? usually when they are not...
>>>>>>> >> >> >> ohwell, thats efnut :s (irc sucks)
>>>>>>> >> >> >> xd
>>>>>>> >> >> >>
>>>>>>> >> >> >>
>>>>>>> >> >> >> On 27 September 2011 19:03, Darren Martyn
>>>>>>> >> >> >> <d.martyn.fulldisclosure@...il.com> wrote:
>>>>>>> >> >> >>>
>>>>>>> >> >> >>> Hope this sends correctly, new email client and all... But
>>>>>>> seeing as
>>>>>>> >> it
>>>>>>> >> >> is
>>>>>>> >> >> >>> an international investigation many people have been
>>>>>>> bending over
>>>>>>> >> >> backwards
>>>>>>> >> >> >>> to assist LEO on this. HMA and perfect privacy were the
>>>>>>> VPN's of
>>>>>>> >> choice
>>>>>>> >> >> for
>>>>>>> >> >> >>> them it would appear, oh, and he was part of the
>>>>>>> #pure-elite channel
>>>>>>> >> on
>>>>>>> >> >> that
>>>>>>> >> >> >>> IRC server, and hence, considered by LEO and others as
>>>>>>> "Part of
>>>>>>> >> >> LulzSec".
>>>>>>> >> >> >>>
>>>>>>> >> >> >>> TL;DR, this is nothing new.
>>>>>>> >> >> >>>
>>>>>>> >> >> >>> On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm <
>>>>>>> >> laurelai@...echan.org
>>>>>>> >> >> >
>>>>>>> >> >> >>> wrote:
>>>>>>> >> >> >>>>
>>>>>>> >> >> >>>> And the guy wasnt even a part of lulzsec
>>>>>>> >> >> >>>>
>>>>>>> >> >> >>>> On Sep 26, 2011 10:37 PM, "Jeffrey Walton" <
>>>>>>> noloader@...il.com>
>>>>>>> >> >> wrote:
>>>>>>> >> >> >>>> > On Mon, Sep 26, 2011 at 8:47 PM, Ivan . <
>>>>>>> ivanhec@...il.com>
>>>>>>> >> wrote:
>>>>>>> >> >> >>>> >>
>>>>>>> >> >> >>>> >>
>>>>>>> >> >>
>>>>>>> >>
>>>>>>> http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html
>>>>>>> >> >> >>>> > Though HMA claims they complied with a court order, it
>>>>>>> looks as
>>>>>>> >> if
>>>>>>> >> >> >>>> > they facilitated a law enforcement request. The US and
>>>>>>> the FBI
>>>>>>> >> have
>>>>>>> >> >> no
>>>>>>> >> >> >>>> > jurisdiction in the UK.
>>>>>>> >> >> >>>> >
>>>>>>> >> >> >>>> > Jeff
>>>>>>> >> >> >>>> >
>>>>>>> >> >> >>>> > _______________________________________________
>>>>>>> >> >> >>>> > Full-Disclosure - We believe in it.
>>>>>>> >> >> >>>> > Charter:
>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>> >> >> >>>> > Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>> >> >> >>>>
>>>>>>> >> >> >>>> _______________________________________________
>>>>>>> >> >> >>>> Full-Disclosure - We believe in it.
>>>>>>> >> >> >>>> Charter:
>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>> >> >> >>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>> >> >> >>>
>>>>>>> >> >> >>>
>>>>>>> >> >> >>> _______________________________________________
>>>>>>> >> >> >>> Full-Disclosure - We believe in it.
>>>>>>> >> >> >>> Charter:
>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>> >> >> >>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>> >> >> >>
>>>>>>> >> >> >>
>>>>>>> >> >> >> _______________________________________________
>>>>>>> >> >> >> Full-Disclosure - We believe in it.
>>>>>>> >> >> >> Charter:
>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>> >> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>> >> >> >>
>>>>>>> >> >> >
>>>>>>> >> >> >
>>>>>>> >> >> >
>>>>>>> >> >> > --
>>>>>>> >> >> > Ferenc Kovács
>>>>>>> >> >> > @Tyr43l - http://tyrael.hu
>>>>>>> >> >> >
>>>>>>> >> >> > _______________________________________________
>>>>>>> >> >> > Full-Disclosure - We believe in it.
>>>>>>> >> >> > Charter:
>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>> >> >> > Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>> >> >>
>>>>>>> >> >>
>>>>>>> >> >> _______________________________________________
>>>>>>> >> >> Full-Disclosure - We believe in it.
>>>>>>> >> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>> >> >>
>>>>>>> >> >> >From my understanding they used the channel as a possible
>>>>>>> recruitment
>>>>>>> >> >> ground, though only 6 people were officially a part of lulzsec
>>>>>>> , i find
>>>>>>> >> it
>>>>>>> >> >> disturbing that law enforcement considers being in an irc
>>>>>>> channel
>>>>>>> >> tantamount
>>>>>>> >> >> to being a part of lulzsec.
>>>>>>> >> >>
>>>>>>> >> >> _______________________________________________
>>>>>>> >> >> Full-Disclosure - We believe in it.
>>>>>>> >> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>> >> >> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>> >> >>
>>>>>>> >>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Full-Disclosure - We believe in it.
>>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Full-Disclosure - We believe in it.
>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Full-Disclosure - We believe in it.
>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>
>>>>
>>>>
>>>
>>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ