Why cryptome sold web logs to their paying customers?
Cryptome is run by a crank who refuses to use HTTPS and thinks it's better to just let all the passive observers see completely what is being read by anyone who accesses Cryptome. If you ask him why, you'll get a deluge of crazy. I think the role of Cryptome would be better served by someone who actually wants to use cryptography to secure content delivery. Call me crazy... Cue claims i've been deluded by the CA cabal or don't understand SSL/TLS attacks. I don't care. Fuck your plaintext On Sunday, October 11, 2015, Dr. J Feinstein <drjfeinstein@mail.com> wrote: > Calling bullshit. Mirimirs right, explanation makes no sense. And JYA says netsol won't let him delete the logs but Netsol says logs are disabled by default <https://www.networksolutions.com/support/how-to-enable-download-the-web-logs/> and you have to turn them on. > > So how the fuckd this really happen? > > Mirimir <mirimir@riseup.net <javascript:_e(%7B%7D,'cvml','mirimir@riseup.net');>> > Are you arguing that users could have found those logs? > > I almost can't imagine that. Logs are normally in /var/log/ somewhere, > and I can't imagine making them searchable. And indeed, I can't imagine > how Cryptome archives would have included anything from /var/log/, even > after system restore from backups. > > <--SNIP--> > > >* Should access logs be kept for that long? Absolutely not. From what I > *>* have read in the email exchange that was posted, the log files were > *>* included in a NetSol total restore. My guess is that John/Cryptome did > *>* not intentionally keep these files, and did not realize these files were > *>* included in the archive. > * > But that's the thing. Logs should have been in /var/log/. And how would > the "NetSol total restore" have changed that? > > >* When I do incremental backups or updates on my own systems, I don't > *>* usually go back and check the integrity of files I've already archived > *>* in my closed system. I can see where this could be an honest mistake > *>* that has gotten blown way out of proportion. It's a good lesson to be > *>* more aware of these types of glitches. > * > I still don't get how logs would have ended up in archives. Maybe JYA > prepared a special set of archives for a collaborator. Maybe for someone > helping him to understand what had happened. And then maybe he forgot > about doing that. Hard to say. > > -- Tony Arcieri
Should access logs be kept for that long? Absolutely not. From what I> have read in the email exchange that was posted, the log files were> included in a NetSol total restore. My guess is that John/Cryptome did> not intentionally keep these files, and did not realize these files were> included in the archive. But that's the thing. Logs should have been in /var/log/. And how would
When I do incremental backups or updates on my own systems, I don't> usually go back and check the integrity of files I've already archived> in my closed system. I can see where this could be an honest mistake> that has gotten blown way out of proportion. It's a good lesson to be> more aware of these types of glitches. I still don't get how logs would have ended up in archives. Maybe JYA
I call it less crazy than anything JYAs said on it Sent: Monday, October 12, 2015 at 12:33 AM From: "Tony Arcieri" <bascule@gmail.com> To: "Dr. J Feinstein" <drjfeinstein@mail.com> Cc: "cypherpunks@cpunks.org" <cypherpunks@cpunks.org> Subject: Re: Why cryptome sold web logs to their paying customers? Cryptome is run by a crank who refuses to use HTTPS and thinks it's better to just let all the passive observers see completely what is being read by anyone who accesses Cryptome. If you ask him why, you'll get a deluge of crazy. I think the role of Cryptome would be better served by someone who actually wants to use cryptography to secure content delivery. Call me crazy... Cue claims i've been deluded by the CA cabal or don't understand SSL/TLS attacks. I don't care. Fuck your plaintext On Sunday, October 11, 2015, Dr. J Feinstein <drjfeinstein@mail.com> wrote: Calling bullshit. Mirimirs right, explanation makes no sense. And JYA says netsol won't let him delete the logs but Netsol says logs are disabled by default[https://www.networksolutions.com/support/how-to-enable-download-the-web-logs...] and you have to turn them on. So how the fuckd this really happen? Mirimir <mirimir@riseup.net> Are you arguing that users could have found those logs? I almost can't imagine that. Logs are normally in /var/log/ somewhere, and I can't imagine making them searchable. And indeed, I can't imagine how Cryptome archives would have included anything from /var/log/, even after system restore from backups. <--SNIP--> the "NetSol total restore" have changed that? prepared a special set of archives for a collaborator. Maybe for someone helping him to understand what had happened. And then maybe he forgot about doing that. Hard to say. -- Tony Arcieri
On 10/11/15, Tony Arcieri <bascule@gmail.com> wrote:
Cryptome is run by a crank who refuses to use HTTPS ...
let it be known it's never too late to teach old dogs new tricks :P https://cryptome.org/ Certificate: Data: Version: 3 (0x2) Serial Number: bc:2b:0f:c5:4d:7d:c0:2e:02:e9:85:8e:3a:e4:93:04 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=VA, L=Herndon, O=Network Solutions L.L.C., CN=Network Solutions EV Server CA 2 Validity Not Before: Jul 20 00:00:00 2015 GMT Not After : May 8 23:59:59 2016 GMT Subject: serialNumber=010748/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=New York/1.3.6.1.4.1.311.60.2.1.1=New York/businessCategory=Business Entity, C=US/postalCode=10024, ST=NY, L=New York/street=251 West 89th Street, O=Natsios Young Architects, OU=Secure Link EV SSL, CN=www.cryptome.org Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c0:db:07:97:b1:e4:ed:ce:1f:37:88:99:d7:ad: 9d:04:8f:ae:e7:5d:6b:60:0d:f0:fd:5d:ff:c4:43: c7:8f:99:46:01:43:08:06:e7:9a:5f:7b:88:4a:76: 11:7f:0f:6e:ce:f9:d8:6e:ce:06:6d:ba:62:40:4b: 7e:27:dd:10:9b:b7:8a:45:c0:84:a2:4a:51:c9:a9: 63:9b:05:9d:8d:f6:4e:7f:90:6f:22:b6:29:8c:7f: 67:08:e4:77:b8:28:b5:d4:5e:08:53:df:1c:e7:bf: 4b:fd:f0:1b:67:f8:5f:d8:10:7c:19:d4:0d:71:75: 6f:9f:98:3a:ff:8e:cb:74:92:05:42:aa:bf:82:50: 99:86:81:62:4d:f3:2b:7e:90:a4:53:3c:2f:11:cd: 84:9f:d2:54:83:da:2d:2d:33:15:34:ba:1c:0d:5d: ec:b6:7a:b1:f7:35:db:6b:bc:f0:3f:fb:b2:91:b9: e8:c5:5e:4c:2e:65:47:ae:91:32:93:00:63:b6:4d: 6a:99:09:92:22:d7:f6:97:76:ce:4f:11:40:23:0d: 35:ef:eb:ce:8c:1f:02:51:cf:e1:d2:d9:38:93:0c: 90:85:4b:06:92:27:a7:5e:84:80:35:16:c6:2c:a1: d2:94:25:5e:f1:3e:56:45:e0:b8:31:86:fb:7b:5c: 9e:c5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:8F:37:4A:84:9C:F4:8E:C7:66:96:90:B4:AE:8F:BA:5E:A2:16:AA:C4 X509v3 Subject Key Identifier: E2:1A:09:8B:4E:83:D9:A8:50:34:D3:0D:ED:03:C9:C3:11:C8:B6:BA X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.782.1.2.1.8.1 CPS: http://www.networksolutions.com/legal/SSL-legal-repository-ev-cps.jsp X509v3 CRL Distribution Points: Full Name: URI:http://crl.netsolssl.com/NetworkSolutionsEVServerCA2.crl Authority Information Access: CA Issuers - URI:http://crt.netsolssl.com/NetworkSolutionsEVServerCA2.crt OCSP - URI:http://ocsp.netsolssl.com X509v3 Subject Alternative Name: DNS:www.cryptome.org, DNS:cryptome.org 1.3.6.1.4.1.11129.2.4.2: ......v.h....d..:...(.L.qQ]g..D. g..OO.....N..d......G0E.!.....\..>.....e....Q.Z.T..3.f@..{. +`..O.!...F./b......... w...H.I..u.......X......gp <5.......w... .....N..d......F0D. #.J.k....bk......|...I......L..U. V\..r-.!.!...&.p.gF}..a{;....... Signature Algorithm: sha256WithRSAEncryption 8e:0e:32:04:f8:f3:8f:be:9c:eb:98:c2:41:96:04:e3:f7:f4: 0d:78:9e:cd:99:aa:bd:53:a4:ec:b8:6f:1e:4d:9c:45:a2:71: ab:d7:80:c3:91:7e:e3:2f:75:16:6e:b8:6f:26:0c:5d:f0:07: 98:bd:c9:d6:0e:0b:5d:95:a6:ac:cd:b9:64:54:a8:3a:e3:ef: 04:1e:a3:dc:34:46:5b:1a:db:d9:f2:48:e3:6c:bf:42:09:83: 31:3a:b1:60:22:26:b2:e6:8b:25:2e:f1:82:69:50:65:ef:e6: 7e:2b:f8:f5:3c:e8:37:01:d2:ed:13:39:0e:a7:3e:39:41:e8: af:8b:a0:a6:e6:48:31:f6:e7:9d:83:b2:45:90:e0:99:01:5e: c5:3c:28:cf:48:d5:59:8d:e7:ea:d6:f3:3d:9e:a2:df:58:66: 23:23:cc:ab:bf:1a:20:97:10:3e:2f:81:18:44:9f:b4:f3:33: d2:40:16:6b:10:14:d0:cf:10:a5:22:19:7c:c5:2f:98:8c:5d: fe:a0:2a:9b:0c:7b:40:e8:64:1e:5d:72:0a:c0:eb:5c:64:1e: 50:07:cd:22:b3:1b:f2:d3:d2:29:94:61:5e:e2:51:1c:37:78: 98:ab:b8:ea:0f:44:a4:55:30:18:c0:3e:cc:90:b5:05:27:d6: ed:a9:d9:ed -----BEGIN CERTIFICATE----- MIIHITCCBgmgAwIBAgIRALwrD8VNfcAuAumFjjrkkwQwDQYJKoZIhvcNAQELBQAw ejELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlZBMRAwDgYDVQQHEwdIZXJuZG9uMSEw HwYDVQQKExhOZXR3b3JrIFNvbHV0aW9ucyBMLkwuQy4xKTAnBgNVBAMTIE5ldHdv cmsgU29sdXRpb25zIEVWIFNlcnZlciBDQSAyMB4XDTE1MDcyMDAwMDAwMFoXDTE2 MDUwODIzNTk1OVowggEtMQ8wDQYDVQQFEwYwMTA3NDgxEzARBgsrBgEEAYI3PAIB AxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMITmV3IFlvcmsxGTAXBgsrBgEEAYI3PAIB ARMITmV3IFlvcmsxGDAWBgNVBA8TD0J1c2luZXNzIEVudGl0eTELMAkGA1UEBhMC VVMxDjAMBgNVBBETBTEwMDI0MQswCQYDVQQIEwJOWTERMA8GA1UEBxMITmV3IFlv cmsxHTAbBgNVBAkTFDI1MSBXZXN0IDg5dGggU3RyZWV0MSEwHwYDVQQKExhOYXRz aW9zIFlvdW5nIEFyY2hpdGVjdHMxGzAZBgNVBAsTElNlY3VyZSBMaW5rIEVWIFNT TDEZMBcGA1UEAxMQd3d3LmNyeXB0b21lLm9yZzCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAMDbB5ex5O3OHzeImdetnQSPrudda2AN8P1d/8RDx4+ZRgFD CAbnml97iEp2EX8Pbs752G7OBm26YkBLfifdEJu3ikXAhKJKUcmpY5sFnY32Tn+Q byK2KYx/Zwjkd7gotdReCFPfHOe/S/3wG2f4X9gQfBnUDXF1b5+YOv+Oy3SSBUKq v4JQmYaBYk3zK36QpFM8LxHNhJ/SVIPaLS0zFTS6HA1d7LZ6sfc122u88D/7spG5 6MVeTC5lR66RMpMAY7ZNapkJkiLX9pd2zk8RQCMNNe/rzowfAlHP4dLZOJMMkIVL BpInp16EgDUWxiyh0pQlXvE+VkXguDGG+3tcnsUCAwEAAaOCAuswggLnMB8GA1Ud IwQYMBaAFI83SoSc9I7HZpaQtK6Pul6iFqrEMB0GA1UdDgQWBBTiGgmLToPZqFA0 0w3tA8nDEci2ujAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUE FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwbgYDVR0gBGcwZTBjBgwrBgEEAYYOAQIB CAEwUzBRBggrBgEFBQcCARZFaHR0cDovL3d3dy5uZXR3b3Jrc29sdXRpb25zLmNv bS9sZWdhbC9TU0wtbGVnYWwtcmVwb3NpdG9yeS1ldi1jcHMuanNwMEkGA1UdHwRC MEAwPqA8oDqGOGh0dHA6Ly9jcmwubmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRp b25zRVZTZXJ2ZXJDQTIuY3JsMHsGCCsGAQUFBwEBBG8wbTBEBggrBgEFBQcwAoY4 aHR0cDovL2NydC5uZXRzb2xzc2wuY29tL05ldHdvcmtTb2x1dGlvbnNFVlNlcnZl ckNBMi5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLm5ldHNvbHNzbC5jb20w KQYDVR0RBCIwIIIQd3d3LmNyeXB0b21lLm9yZ4IMY3J5cHRvbWUub3JnMIIBAwYK KwYBBAHWeQIEAgSB9ASB8QDvAHYAaPaY+B9kgr46jO65KB1M/HFRXWeT1ETRCmes u09P+8QAAAFOrO1kwwAABAMARzBFAiEAmg7F9FwSAj7hC+XHtWWj34vDUYNan1SZ iDO0ZkDqm3sCICtghO9PiyGpxuZGCy9i/RbttwyHoR7oCnfhualI+knvAHUApLkJ kLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFOrO1k2QAABAMARjBEAiAj z0qzawH50tZia5If/7ah1nzg7wJJvdoAnQWWTO3jVQIgVlwRpnIt0CHlIZWCFSbF cNxnRn3UzmF7O5wX9xTIEP0wDQYJKoZIhvcNAQELBQADggEBAI4OMgT484++nOuY wkGWBOP39A14ns2Zqr1TpOy4bx5NnEWicavXgMORfuMvdRZuuG8mDF3wB5i9ydYO C12VpqzNuWRUqDrj7wQeo9w0Rlsa29nySONsv0IJgzE6sWAiJrLmiyUu8YJpUGXv 5n4r+PU86DcB0u0TOQ6nPjlB6K+LoKbmSDH2552DskWQ4JkBXsU8KM9I1VmN5+rW 8z2eot9YZiMjzKu/GiCXED4vgRhEn7TzM9JAFmsQFNDPEKUiGXzFL5iMXf6gKpsM e0DoZB5dcgrA61xkHlAHzSKzG/LT0imUYV7iURw3eJiruOoPRKRVMBjAPsyQtQUn 1u2p2e0= -----END CERTIFICATE-----
participants (3)
-
coderman -
Dr. J Feinstein -
Tony Arcieri