| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4E84787A.7050108@wellandlighthouse.com>
Date: Thu, 29 Sep 2011 09:54:02 -0400
From: Louis McCoy <louie@...landlighthouse.com>
To: Benji <me@...ji.com>
Cc: secn3t@...il.com, full-disclosure@...ts.grok.org.uk
Subject: Re: VPN provider helped track down alleged
LulzSec member
User location determines Judicial Jurisdiction - how is that irrelevant?
On 9/29/2011 9:27 AM, Benji wrote:
> No, you are wrong.
>
> Either; the vpn provider complied with court order, or they face the
> legal ramifications of not doing so. User location is irrelevant.
>
> On Thu, Sep 29, 2011 at 2:04 PM, xD 0x41 <secn3t@...il.com
> <mailto:secn3t@...il.com>> wrote:
>
> indeed :)
> but, it is how a proper anon person would operate, well, tht is
> how i once did...
> anyhow, it is to broad, and, yes, i qwould never believe in
> bulletproof, unless i have used it maybe, for 10yrs, thru 10
> botnets ;P wich, is very rare but funnily, possible.
> webhosters, are even more corrupt and better at hiding data.. face
> it, if the vpn provider had not shat themself, then it would be a
> non story.
>
>
>
>
> On 29 September 2011 23:00, Benji <me@...ji.com
> <mailto:me@...ji.com>> wrote:
>
> 'Abuse' emails and court orders are very different.
>
> On Thu, Sep 29, 2011 at 1:59 PM, xD 0x41 <secn3t@...il.com
> <mailto:secn3t@...il.com>> wrote:
>
> err, you are limited in those countries dude... id really
> checkup on that ... maybe some but, yea i agree, i dont
> think any hosting is anon, but, i sure know i have kept an
> anon dedis in past, and was VERY easy to avoid handing
> anything over. Unless they had personally seized from my
> company, i was allowed to basically get away with, and if
> i want to, again, could do the same 'anonymously' and,
> indeed keep those details, away.
> it is not frigin hard dude, where did Yyou get the idea,
> that is not hard to move a user around boxes :P
> and rename them, etc etc etc, always change ipv6
> tunnels... there is somany ways, you obv have not ran a
> dedicated server in a company environment coz boi, they
> hide nets on legit hostin now, legit apparently*
> companies...and they do it using those simple means, and,
> even show logs of them 'removing and deleting' files of
> the apprent 'bad user' , this is, a whole different level
> than even needing to deal with cops.. so, you are scared
> too much by laws wich can be smokescreened.
> Run a dedis, or simply ask a admin, howmany abuse they
> get, and howmany users they actually rm ;)
> you would want this service, on your vps ?
> i surely wouldnt,. i know, with me, if i offer anon, you
> stay damn anon, if you bring cops to MY HOUSE, then i may
> have to try and, simply keep my darn data secure ey ?
> how about that ?
> simple methods, defeat simple plans benji.
> xd
>
>
>
> On 29 September 2011 22:53, Benji <me@...ji.com
> <mailto:me@...ji.com>> wrote:
>
> Yes they do. If you buy a server in America for
> example, even if you are located in Russia, they are
> required by federal law to hand over your details
> wherever you may reside. I dont know where you've
> obtained this idea that they can't.
>
> Just because something is advertised as 'anonymous'
> doesnt mean it's 'so anonymous you can break the law'
> and anyone using a EU/US-related country to do this is
> either stupid or naive.
>
> On Thu, Sep 29, 2011 at 1:50 PM, xD 0x41
> <secn3t@...il.com <mailto:secn3t@...il.com>> wrote:
>
> They advertised as anonymous VPN to 'everyone'.
> Then, that would mean, especially NOT locally,
> thats something wich is also, subject to federal
> laws though so, in its own country, the provider
> may have to, nomatter whats advertised, BUT
> outside of country customers, should not be handed
> over.
> isp's here dont do it, and havent, for like 20
> yrs, they also do not take down people,issue nor
> execute other peoples 'takedown orders', there is
> many reasons for this but basically, they loose
> money from it.
> Anyhow, in UK, you maybe right, but outside of
> there, then, they should have maybe not advertised
> as anononymous vpn services for everyone and
> anyone. thats obvious crap we know now.
> anyhow, cheers,
> xd
>
>
>
> On 29 September 2011 22:45, Benji <me@...ji.com
> <mailto:me@...ji.com>> wrote:
>
> Im sorry, why is it 'worrying' that a vpn
> provider that was a UK business and was
> located in the UK, is subject to UK law?
>
>
>
> On Thu, Sep 29, 2011 at 9:51 AM, Darren Martyn
> <d.martyn.fulldisclosure@...il.com
> <mailto:d.martyn.fulldisclosure@...il.com>> wrote:
>
> Again, I hope this does not fail to send.
> The reasoning behind the "Pure Elite"
> recruitment channel was A: to recruit some
> talented people (and, by all accounts,
> there were some talented programmers
> there) and B: development and idle talk.
> Now more interesting was the reasoning
> behind the name - by putting the
> developers and coders and potential
> recruits in a channel named "Pure Elite",
> it was essentially an ego boost for the
> new guys, made them feel valued, etc, when
> in fact most were but pawns to be used (IMHO).
>
> This co-operation between VPN providers
> and LEO, while being nothing new -
> remember how hushmail caved in - is indeed
> worrying for those of us who are privacy
> advocates as well as security researchers.
>
> On a more direct note, Laurelei, do not
> presume that you know all there is to know
> about them. Doing so would be foolish.
> (Now don't go assuming that I hate you, I
> bear you bugger all ill-will, etc).
> Good day.
>
>
> On Wed, Sep 28, 2011 at 5:44 AM, Laurelai
> Storm <laurelai@...echan.org
> <mailto:laurelai@...echan.org>> wrote:
>
> Its all good dude. What really
> concerns me is that vpn providers
> might give over logs to oppressive
> regemes. TOR is starting to look
> better and better.
>
> On Sep 27, 2011 11:40 PM, "GloW - XD"
> <doomxd@...il.com
> <mailto:doomxd@...il.com>> wrote:
> > never did... was only for one
> buttcheek kid that i was alittle
> pissed and
> > thinking things wich, prolly were
> wrong at the time...
> > I am adult enough to apologise for
> what happened back then, and hopefully it
> > is just, cool.
> > :)
> > cheers, your loved by many, you just
> have many trollers to :sp
> > take care ,
> > xd
> >
> >
> > On 28 September 2011 14:32, Laurelai
> Storm <laurelai@...echan.org
> <mailto:laurelai@...echan.org>> wrote:
> >
> >> Im suprised, someone on the
> internet who *doesn't * hate me :p
> >> On Sep 27, 2011 11:29 PM, "GloW -
> XD" <doomxd@...il.com
> <mailto:doomxd@...il.com>> wrote:
> >> > Hello Laurelai ,
> >> > Oh i agree it is still a terrible
> precedent to be set.. I dont even know
> >> > where, legally, i stand anymore...
> >> > It is rather disturbing, nomatter
> WHO it was laurela.
> >> > I am all for the hatred against
> the VPN provs, and this is not just
> >> > happening here, and i made a BIG
> statement about this, and privacy, in my
> >> > channel on efnet, first as i saw it.
> >> >
> >> > Then saw a torrentfreak feed,of
> someone who was an owner of a huge
> >> torrent
> >> > site, was handed to authorities,
> not by the hoster, no... but by the
> >> > frigging payment handler, ie
> paypal or alertpay most likely.
> >> >
> >> > This is not good, it makes a grey
> could now over what is 'anon' and what
> >> > isnt. and thats a bad thing for
> us all.
> >> > To much fraud is causing this,
> thats plain and simple.Abusing places like
> >> > Sony, and, major banks, only make
> the authorities turn to politics, whom
> >> in
> >> > turn can bully with federal and
> state laws of ANY country, i think this
> >> is
> >> > the dangerous part wich is
> affecting lulzsec members or whoever
> was apart
> >> of
> >> > it, and, i mean efnet is no
> recruiting grounds for decent hkrs.
> >> > Simple as that, you know it,
> maybe thru word of mouth ok, but not alone
> >> by
> >> > being in channels but that
> network, is one federal hideout
> now..and, that
> >> is
> >> > every channel, if it is not being
> spied (yea they have a module
> >> > m_spychannel.c or similar, wich,
> they actually had without realising,
> >> asked
> >> > a friend, to code for them.
> >> > This was rejected by me/her,but i
> believe they have the module running
> >> now.
> >> > So, what was to stop them adding
> theyre own hidden spy mode to it :s look
> >> at
> >> > what they did to my old channel
> #haqnet, they introduced drinemon and a
> >> > bunch of other things, when it
> could have been simply worked out with
> >> > words.. but anyhow, i will not
> brood on the past, i hope this is mutual
> >> > Laurelai, I have nothing bad to
> say about you, and in turn, expect the
> >> same.
> >> > Respect for respect dear.
> >> > I do agree with you about the
> situation and, as you can see, am not
> >> holding
> >> > 9undisclosed) crappy things wich
> happened along time ago, over one
> >> idiotic
> >> > kid, on efnet, whom now i know
> you do not associate with. So, i want
> >> that,
> >> > to be laid rest now.. please.
> >> > And, we can only hope that the
> greater common sense will prevail and
> >> > hopefully, places will be forced
> to proove anonymity in some way, wether
> >> > that be by showing people email
> interaction with requester's of peoples
> >> > info, or anything simple even,
> wich would be then a standard for VPN, I
> >> do
> >> > not use them but, if i bought
> anonymous vpn, id expect exactly
> >> that,without
> >> > political interaction and grey
> areas about who and what is now legal and
> >> not
> >> > legal on the internet, on
> chatrooms, and on even websites.
> >> > ok, thats plenty, cheers!
> >> > xd
> >> >
> >> >
> >> > On 28 September 2011 13:41,
> Laurelai <laurelai@...echan.org
> <mailto:laurelai@...echan.org>> wrote:
> >> >
> >> >> On 9/27/2011 10:10 PM, sandeep k
> wrote:
> >> >>
> >> >> Lolz members was really insane
> ,i m not why to use that crapy hma.
> >> >> On Sep 27, 2011 8:36 PM, "Ferenc
> Kovacs" <tyra3l@...il.com
> <mailto:tyra3l@...il.com>> wrote:
> >> >> > yeah, and usually the same
> goes for calling others "kids" ;)
> >> >> >
> >> >> > On Tue, Sep 27, 2011 at 10:30
> PM, GloW - XD <doomxd@...il.com
> <mailto:doomxd@...il.com>> wrote:
> >> >> >> #pure-elite , rofl... yes
> indeed :P
> >> >> >> hehe... nice story
> tho...funny about the elite channel
> thing... why
> >> do
> >> >> ppl
> >> >> >> tag themselves as elite?
> usually when they are not...
> >> >> >> ohwell, thats efnut :s (irc
> sucks)
> >> >> >> xd
> >> >> >>
> >> >> >>
> >> >> >> On 27 September 2011 19:03,
> Darren Martyn
> >> >> >>
> <d.martyn.fulldisclosure@...il.com
> <mailto:d.martyn.fulldisclosure@...il.com>>
> wrote:
> >> >> >>>
> >> >> >>> Hope this sends correctly,
> new email client and all... But seeing as
> >> it
> >> >> is
> >> >> >>> an international
> investigation many people have been
> bending over
> >> >> backwards
> >> >> >>> to assist LEO on this. HMA
> and perfect privacy were the VPN's of
> >> choice
> >> >> for
> >> >> >>> them it would appear, oh,
> and he was part of the #pure-elite channel
> >> on
> >> >> that
> >> >> >>> IRC server, and hence,
> considered by LEO and others as "Part of
> >> >> LulzSec".
> >> >> >>>
> >> >> >>> TL;DR, this is nothing new.
> >> >> >>>
> >> >> >>> On Tue, Sep 27, 2011 at 6:53
> AM, Laurelai Storm <
> >> laurelai@...echan.org
> <mailto:laurelai@...echan.org>
> >> >> >
> >> >> >>> wrote:
> >> >> >>>>
> >> >> >>>> And the guy wasnt even a
> part of lulzsec
> >> >> >>>>
> >> >> >>>> On Sep 26, 2011 10:37 PM,
> "Jeffrey Walton" <noloader@...il.com
> <mailto:noloader@...il.com>>
> >> >> wrote:
> >> >> >>>> > On Mon, Sep 26, 2011 at
> 8:47 PM, Ivan . <ivanhec@...il.com
> <mailto:ivanhec@...il.com>>
> >> wrote:
> >> >> >>>> >>
> >> >> >>>> >>
> >> >>
> >>
> http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html
> >> >> >>>> > Though HMA claims they
> complied with a court order, it looks as
> >> if
> >> >> >>>> > they facilitated a law
> enforcement request. The US and the FBI
> >> have
> >> >> no
> >> >> >>>> > jurisdiction in the UK.
> >> >> >>>> >
> >> >> >>>> > Jeff
> >> >> >>>> >
> >> >> >>>> >
> _______________________________________________
> >> >> >>>> > Full-Disclosure - We
> believe in it.
> >> >> >>>> > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> >> >> >>>> > Hosted and sponsored by
> Secunia - http://secunia.com/
> >> >> >>>>
> >> >> >>>>
> _______________________________________________
> >> >> >>>> Full-Disclosure - We
> believe in it.
> >> >> >>>> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> >> >> >>>> Hosted and sponsored by
> Secunia - http://secunia.com/
> >> >> >>>
> >> >> >>>
> >> >> >>>
> _______________________________________________
> >> >> >>> Full-Disclosure - We believe
> in it.
> >> >> >>> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> >> >> >>> Hosted and sponsored by
> Secunia - http://secunia.com/
> >> >> >>
> >> >> >>
> >> >> >>
> _______________________________________________
> >> >> >> Full-Disclosure - We believe
> in it.
> >> >> >> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> >> >> >> Hosted and sponsored by
> Secunia - http://secunia.com/
> >> >> >>
> >> >> >
> >> >> >
> >> >> >
> >> >> > --
> >> >> > Ferenc Kovács
> >> >> > @Tyr43l - http://tyrael.hu
> >> >> >
> >> >> >
> _______________________________________________
> >> >> > Full-Disclosure - We believe
> in it.
> >> >> > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> >> >> > Hosted and sponsored by
> Secunia - http://secunia.com/
> >> >>
> >> >>
> >> >>
> _______________________________________________
> >> >> Full-Disclosure - We believe in it.
> >> >> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> >> >> Hosted and sponsored by Secunia
> - http://secunia.com/
> >> >>
> >> >> >From my understanding they used
> the channel as a possible recruitment
> >> >> ground, though only 6 people
> were officially a part of lulzsec , i find
> >> it
> >> >> disturbing that law enforcement
> considers being in an irc channel
> >> tantamount
> >> >> to being a part of lulzsec.
> >> >>
> >> >>
> _______________________________________________
> >> >> Full-Disclosure - We believe in it.
> >> >> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> >> >> Hosted and sponsored by Secunia
> - http://secunia.com/
> >> >>
> >>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia -
> http://secunia.com/
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia -
> http://secunia.com/
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia -
> http://secunia.com/
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists