All, A quick note to let you know that I had some unexpected downtime on the jfet.org/al-qaeda.net node (the last remaining one, sadly) due to a change in my mailer configuration whose impact I had not anticipated. My sincere apologies, and thanks to J. A. Terranson for pointing it out to me. Enjoy, -=rsw
Actually, I was passing on an inquiry begun by Tyler Durden. As the list is so moribund that nobody noticed it was dead, I'm curious - how many people are still subscribed Riad? -- Yours, J.A. Terranson sysadmin_at_mfn.org 0xBD4A95BF "Military force is justified only in self-defense; naked aggression is the province of dictators and rogue states. This is the danger of a new 'pre-emptive first strike' doctrine." Ron Paul On Mon, 17 Sep 2007, Riad S. Wahby wrote:
On Mon, Sep 17, 2007 at 01:39:22PM -0500, J.A. Terranson wrote:
During all the downtime I kept forwarding articles, which apparently went right to /dev/null In case we need a new list home, I'd be quite happy to host a Mailman list, and actually assert everything stays up.
-- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
On Tuesday 18 September 2007 17:50:33 you wrote:
-- Robin <robin@kallisti.net.nz> JabberID: <eythian@jabber.kallisti.net.nz> Hostes alienigeni me abduxerunt. Qui annus est? PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8 7175 14D3 6485 A99C EB6D [demime 1.01d removed an attachment of type application/pgp-signature]
Hum...I was just paranoid enough to consider that perhaps 'they' had tried to pull down cpunks, thinking no one would really care, which is almost true. Meanwhile, I suppose everyone on the list is familiar with the nifty Tor hack done recently? Has Cryptome resurfaced anywhere yet? -TD> Date: Mon, 17 Sep 2007 10:39:57 -0400> From: rsw@jfet.org> To: cypherpunks@jfet.org> Subject: cpunks downtime> > All,> > A quick note to let you know that I had some unexpected downtime on the> jfet.org/al-qaeda.net node (the last remaining one, sadly) due to a> change in my mailer configuration whose impact I had not anticipated.> My sincere apologies, and thanks to J. A. Terranson for pointing it out> to me.> > Enjoy,> > -=rsw _________________________________________________________________ More photos; more messages; more whatever – Get MORE with Windows Live™ Hotmail®. NOW with 5GB storage. http://imagine-windowslive.com/hotmail/?locale=en-us&ocid=TXT_TAGHM_migration_HM_mini_5G_0907
On Thu, Sep 20, 2007 at 05:01:00PM -0400, Tyler Durden wrote:
Hum...I was just paranoid enough to consider that perhaps 'they' had tried to pull down cpunks, thinking no one would really care, which is almost true.
Given the sad joke the list has become I don't think anyone important considers us worth censoring.
Meanwhile, I suppose everyone on the list is familiar with the nifty Tor hack done recently?
Hack?
Has Cryptome resurfaced anywhere yet?
Did it ever go away? http://cryptome.org/ -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
At 11:41 PM +0200 9/20/07, Eugen Leitl wrote:
Given the sad joke the list has become
It's just resting... :-) Cheers, RAH -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Well, it would have been an opportune time to stamp out smouldering embers. Hell, WE didn't even notice it was down. Yes, Cryptome was gone for a few months when John Young's host backed out of Cryptome. As for Tor, no, not a hack, but whatever you call it. It was, I guess, no major surprise for the clued. -TD true.
hack
_________________________________________________________________ Kick back and relax with hot games and cool activities at the Messenger Cafi. http://www.cafemessenger.com?ocid=TXT_TAGLM_SeptWLtagline
On 9/23/07, Tyler Durden <camera_lumina@hotmail.com> wrote:
months? i recall a day, two tops? perhaps your endpoints is getting differentiated services... *cough*
As for Tor, no, not a hack, but whatever you call it. It was, I guess, no major surprise for the clued.
the exit sniffing was lame, that's what you call it. in addition to no surprise for the clued. sadly, all the big sites out there are in the same pot of hot water with their wireless hotspot users... they aren't even trying to fix it. best regards,
On 9/20/07, Tyler Durden wrote:
the exit wall of sheep (embassy passwds) was lame but the control port opener was nifty. sequence for the control port payload injection: - two vectors for form payload, a third for ip leakage across three proxies on broadband - javascript posts form automatically to localhost:9051 using: action="http://127.0.0.1:9051/" method="post" enctype="multipart/form-data" target="stylearea" [that last to keep the response from the tor control part spewing over the current page - this puts it in a hidden iframe] - all existing <FORM's in exit requests modified via proxies to inject the TEXTAREA with payload into a hidden form element while leaving the appearance of a legitimate form page (so any submit pwns, too late. even lynx on openbsd if your control port is on 127.0.0.1:9051 (or any accessible port if you've got a motivated attacker...)) - IP leakage for all IE on win32 users that aren't using a transparent proxy (janusvm) via SMB/NetBIOS and WebDAV to external host with tracking nonce directory name. even if the control port is not open, this will leak the origin of the request as webdav is below the browser, interpreted in the file system / win32 api context. (SMB is not nearly as useful as webdav since most ISPs filter NetBIOS and SMB/CIFS traffic even if you explicitly allow at the router.) - the purpose of the payload was an interesting 150-200k+ command set for the control port to apply. among various things this performed the following: - redirect the notice log to /dev/null on *nix like systems or to a webdav path on one of the proxies. (this leaks ip immediately on win32 in addition to routing ongoing notices messages to the proxy directly. - invalidate all known authentic nodes on the existing Tor network via ExcludeNodes with digests, configure three new rogue nodes as authoritative directories and exits, and finally starting a hidden service and posting the .onion name to the proxy server. - map local ports to the hidden service onion allowing an anonymous user on the rogue Tor network to arbitrarily connect to the client onion and interface with their Tor control port in real time. - vulnerable Tor clients (not using transparent proxy like janusvm) start falling by the thousands into the rogue Tor network for the duration of a few hours while the attack was being tested... of course, vmware just got their asses handed to them recently as well: http://secunia.com/advisories/26909/ qemu/virtual box looks much more promising; perhaps supported soon...
participants (8)
-
coderman -
Eugen Leitl -
J.A. Terranson -
Mike Owen -
R.A. Hettinga -
Riad S. Wahby -
Robin Sheat -
Tyler Durden