CDR: RE: Re: Visit a hacked site, loose your computers.
Trei, Peter
ptrei at rsasecurity.com
Tue Oct 31 12:49:21 PST 2000
Read the article. Of course the time is well known, and the logs
are stamped. You are naive, though, if you beleive that will stop
an LEA from trashing the lives of innocents...
...and of course they'll get away with it.
Peter
[Now, I'm not excusing the FBI's jackboot tactics in this case,
but I will point out that Mr. Salomon poked at 'unusual' ports,
and zone transfered yankee.com during his investigation. An
IDS might well trigger an attack alert under those conditions.
The government's theft of his property after all this was
explained, is of course inexcusable.]
> ----------
> From: mmotyka at lsil.com[SMTP:mmotyka at lsil.com]
> Reply To: mmotyka at lsil.com
> Sent: Tuesday, October 31, 2000 3:19 PM
> To: cypherpunks at cyberpass.net
> Subject: CDR: Re: Visit a hacked site, loose your computers.
>
> Wouldn't the time of the hack be pretty well known and wouldn't the RPI
> firewall logs be timestamped or am I naive?
>
> Is knowledge being used as evidence of guilt?
>
> Mike
>
> >Andres Salomon, a fairly clued in RPI student, heard on
> > IRC that the Yankees website had been hacked. He
> > checked it out, noted some well-known Red Hat
> > security holes, and came to the conclusion that
> > there had been a DNS redirect attack. Total time:
> > 5 minutes.
> >
> > The next day, the FBI raided his dorm room and
> > seized his computers (along with a copy of ORA's
> > DNS & BIND).
> >
> > Peter Trei
> >
>
More information about the cypherpunks-legacy
mailing list