Why cryptome sold web logs to their paying customers?

Travis Biehn tbiehn at gmail.com
Sun Oct 11 14:43:31 PDT 2015


It's simple.
Someone made a mistake. Best was initially assumed full of shit by JYA, as
he's a neophyte - and is consistently 'off-message' for this list.

Others, wishing to read more into it, other than face value of hubris, see
plans within plans.

At the end of the day, Bests' disclosures amount to nothing of consequence.
At best he overhyped them, being a neophyte. At worst he's JTRIGd the list,
hilariously easily. The technical cognoscenti on the list stay quiet, "code
compiling" as the good doctor says.

In general, this oversight is valuable because it demonstrates one thing:
Even if you try to delete it.
If there's a signal it will leak. Purposefully or not.

When the protocol you use doesn't provide metadata anonymity, don't expect
it because you won't get it. If you don't understand this - keep studying.

Why guess at 'motivation'? Do we need to FUD yet another leaker site? Put
your money where your mouth is - improve it, donate, write your own, fix
the bug & plug the hole.

Travis

On Sun, Oct 11, 2015, 5:28 PM Dr. J Feinstein <drjfeinstein at mail.com> wrote:

> Maybe, but why those foldersmonths only? Itd be good to hear from JYA,
> especially b/c Netsol contradicts him.
>
> > Sent: Sunday, October 11, 2015 at 9:13 PM
> > From: "Alfie John" <alfiej at fastmail.fm>
> > To: cypherpunks at cpunks.org
> > Subject: Re: Why cryptome sold web logs to their paying customers?
> >
> > On Mon, Oct 12, 2015, at 04:08 AM, Dr. J Feinstein wrote:
> > > Resend–HTML email scrubbed
> > >
> > > Calling bullshit. Mirimirs right, this makes no sense. And JYA says
> > > netsol won't let him delete the logs but Netsol says logs are disabled
> > > by default[
> > >
> https://www.networksolutions.com/support/how-to-enable-download-the-web-logs/
> ]
> > > and you have to turn them on.
> > >
> > > So how the fuckd this really happen?
> > >
> > > Mirimir <mirimir at riseup.net> Are you arguing that users could have
> > > found those logs?
> > >
> > > I almost can't imagine that. Logs are normally in /var/log/ somewhere,
> > > and I can't imagine making them searchable. And indeed, I can't
> > > imagine how Cryptome archives would have included anything from
> > > /var/log/, even after system restore from backups.
> > >
> > > <--SNIP-->
> > >
> > > > Should access logs be kept for that long? Absolutely not. From what
> > > > I> have read in the email exchange that was posted, the log files
> > > > were> included in a NetSol total restore. My guess is that
> > > > John/Cryptome did> not intentionally keep these files, and did not
> > > > realize these files were> included in the archive.
> > > But that's the thing. Logs should have been in /var/log/. And how
> > > would the "NetSol total restore" have changed that?
> >
> > Not necessarily...
> >
> > Logs in /var/log is where they should be by default, but if the box is
> > on a shared hosting account, then things are completely different. For
> > instance, Bluehost charges $3.95/month, which gets you a home directory
> > on a box shared with hundreds of other users. In your home directory,
> > you get something like (from memory, which was a long, long time ago):
> >
> >   ~/
> >   ~/public_www/
> >   ~/public_www/html/
> >   ~/public_www/access_log
> >   ~/public_www/error_log
> >
> > So as you can see, the user does have permissions to access logs, but
> > are kept in the user's _home_ directory. Now you can see why this could
> > have mistakenly been distributed:
> >
> >   tar zcf cryptome-backup.tar.gz ~/
> >
> > The backup would have also slurped in all the logs. There was no malice,
> > just an easy mistake that everyone here could have make given the same
> > circumstances.
> >
> > Alfie
> >
> > --
> >   Alfie John
> >   alfiej at fastmail.fm
> >
> >
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5046 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20151011/f8ddd42d/attachment-0002.txt>


More information about the cypherpunks mailing list