Harvard's response to the Packet Storm incident 207
Harvard University News Office wrote in with their response to the whole Packet Storm ordeal.
Hit the link below to read more, but it looks as if Harvard is returning the backups, but no longer hosting the site.
As a service to the Internet community, Harvard agreed to host a Packet Storm Security Website for security-related materials only. Without Harvard's knowledge, unrelated content was put on the Harvard server, including sexually-related material and personal attacks on an individual not affiliated with the University. A Harvard administrative site focused on security issues is not the forum for this type of material. We are returning the content on the site and hope that Packet Storm will make its security tools available through its own Website.
Joe Wrinn
Director, Harvard News Office
1350 Massachusetts Ave., Rm. 1060
Cambridge, MA 02138
Phone: 617-495-1585
Fax: 617-495-0754
joe_wrinn@harvard.edu
Re:What a lame excuse (Score:1)
Don't be foolish. PacketStorm had *nothing* to do with porn, and Ken is not a "kid" who no one is willing to host. Instead of making groundless claims, why don't you check http://packetstorm.nl.linux.org/ and actually look at the content.
[this is where PacketStorm readers have started reconstructing the site from the things they downloaded]
I went to Ken's site every day
to check for the latest vunerabilities that would affect the servers I admin @ work. So did every other admin who cares about security.
Re:PacketStorm (Score:1)
The reason Ken had an anti-JP page, quite frankly, is because he didn't like JP. JP, contrary to the image he likes to portray, is nothing more than an obnoxious little IRC packet warrior that has a web site. Ken made fun of him, and he got his revenge. Now, one wonders how much success he'll have against some of the other websites that mock him. http://www.antioffline.com comes to mind. Then again, one wonders how much success his little tattle-tale-I'll-turn-you-in business will have now that no one....NO ONE....in the mainstream OR underground will talk to him.
CString
Re:What good security sites are left? (Score:1)
www.opensec.net
Re:What about antionline? (Score:1)
If they didn't give back the data ... (Score:1)
escalation proclamation (Score:2)
Conflicts will persist.
The truth is out there.
Perpetuating FUD is BAD!
Kevin and those who rally around him like a circle of vultures should take a breather and try to understand how they were indeed libelous and displaying sexually explicit content at the expense of others. It is understandable that these actions may have seemed innocent and in good fun at the time, but really, everyone needs to grow up and respect people as people. At risk of sounding moralistic: learn to forgive! Open development is based on people's willingness to recognize faults and work towards fixing them. The random emotional outbursts from people like 'kevlar' are a bit reactionary and not based on anything but rage.
AntiOnline needs to do a little bit more of the same type of constructive forgiveness. A polite message to Kevin before going to Harvard would have been more appropriate. This can be tough. But, if Kevin couldn't be taught to provide a little more respect, then further action could ensue. Strongarming is not allowed in football, and it shouldn't be in used in general.
To the rest of the community: learn from all of this--you never know when you'll step on somebody else's toes. If you do know, learn how to minimize it. Also, learn to read the content behind the emotion. My use of 'strongarming' above could be considered by some as 'exagerated', and by others as 'too weak' (and to still others, an odd reference).
Try walking in someone else's shoes. --To Kill a Mockingbird (paraphrased?)
The General Debugger
See for yourself. (Score:2)
They "lost" all backups of the security archive but managed to keep that directory! My new formula:
Antionline=Packetstorm
The full Jp packetstorm FUD letter (Score:5)
PacketStorm Is Shut Down
An AntiOnline Editorial
Thursday , July 01 1999
Apparently for some time now, PacketStorm Security, a popular underground collection of security related tools and information, has been maintaining a vast archive of
materials about AntiOnline. These materials included entire stories, copies of the weekly mailbag, e-mails, and other materials copyrighted by AntiOnline LLP.
On top of that, and what was far more serious, the site contained dozens and dozens of items which included: e-mails, messages, documents, images, and even public
surveys. These materials were libelous, and in some cases, were blatant threats against members of my immediate family, myself, and my company.
While I value the right to free speech as much, if not more, than the average American, I do not believe in individuals posting threatening and harassing documents
about another individual, and their family members. It was for this reason, and no other, that I contacted Harvard University, which was hosting the PacketStorm
Website, and requested that it be shut down. I did not threaten legal action, but simply directed University Administration to the website, for them to view, and to judge,
on their own. Below is a copy of that letter:
Greetings:
May I first say that I did my best to see that this letter got sent to the appropriate individuals. I had some difficulty determining who those individuals may be, so if I
have made an error, I would greatly appreciate it if you would forward this letter on to the appropriate individual(s).
My name is John Vranesevich, and I am the Founder and General Partner of AntiOnline LLP, a computer security company based outside of Pittsburgh, PA.
Earlier today, one of my colleagues forwarded me the following URL:
http://packetstorm.harvard.edu/jp/
Needless to say, I was shocked and outraged at what I saw. This page contains a large archive of libelous and, to put it bluntly, sick material. Everything from archives
of copyrighted material from our website, to altered pictures of my family, to 'stories' about me which contain images ranging from people engaged in homosexual
activities, to a nun that appears to be covered in seminal fluid.
I am astounded that an institution as prestigious Harvard would be party to the dissemination of this type of material. It is my hope that the University Administration
was unaware of this site, and now that it has been brought to their attention, it is my hope that it will be dealt with promptly.
I have worked to help several educational institutions develop 'Acceptable Use Policies', and if Harvard is similar to them, the above URL would be a clear violation
of that policy.
It is my hope that the above mentioned domain will be shut down immediately, and that the individual responsible will be seriously reprimanded.
I hope to hear from you soon about this matter, and what you may have done regarding it.
Yours In CyberSpace,
John Vranesevich
Founder, AntiOnline
Tonight, Ken Williams, the founder of Packet Storm Security, released a letter to the public. The letter read in part:
Funny how I spent the past few years donating my time, literally thousands of hours, to "the security community", never making even a penny off the time and work I
invested, and have now lost it all because some asshole named John Vranesevich is able to make a quick phone call, fabricate absurd stories about criminal activity
and bullshit I never did, and effectively ruin years of work, my education, my career, my life.
Ken, I know what it's like to dedicate many, many, thankless hours into a project, believe me. But, you did not loose your site because of me, you lost it because of you. I
could not stand by and watch your site be used as a platform to harass and threaten my family, myself, and the business which I have worked hard to start. While you,
and others who 'follow you' may criticize me for what I did, I think everyone that's reading this, who has family members that they love, and a career that they enjoy,
will admit to themselves that if in my shoes, they would have done at least the same. I hold absolutely no grudge towards you as a person, and I hope that you have the
best of success in all that you do.
Due to the types of threats that I have been receiving, and that sites like PacketStorm have been propagating, local law enforcement agencies were put on alert, and
began doing extensive extra patrolling of the residence of my family members, my own residence, and the AntiOnline Offices. I realize that the actions that I have taken
against PacketStorm may greatly increase the immediate threat against my family, myself, and my company; and that the harassment will now only get worse. However,
I will not allow my family, myself, nor my company to become a victim. I am standing my ground, and will continue AntiOnline's mission of putting an end to malicious
hackers.
People in this country have the right to say and do whatever they please, unless that is, what they say and do infringes on the rights of another - anonymous.
Yours In CyberSpace,
John Vranesevich
Founder, AntiOnline
An outsider's view (Score:5)
They received an email about this
Remember, Harvard was hosting the site as a favor to the creator and the community. It WAS an extremely popular site and was sucking up huge amounts of bandwidth, but it was deemed worthwhile.
So, while the issue was being investigated, (and from what I understand, the assumption was that there'd be some discussion about removing the offending material and hopefully PacketStorm would be back up shortly) Ken started this flame attack on Harvard, and communities such as this one completely accepted what he said at face value.
Suddenly Harvard, which was trying to do a Good Thing by hosting the site, was turned into the bad guy and being flamed across the net.
So they figured "Screw this" and told Ken to take his files and find somewhere else to host the site.
There was NEVER any intention of destroying the files, and with a bit of thought you should understand why. Even if Harvard was some malicious beast in this event, they'd still want the files to back up their allegations, right?
------
I know you won't believe this, since I'm not one of you. But that's the 'unofficial' story.
This event triggered my first visit to the slashdot forums, and frankly I was stunned by how many people took Ken's letter as total truth (ie, the big organization is stomping the poor little guy angle) but when the big organization responds, they're clearly lying.
Weird
Flame away.
Re:What about antionline? (Score:1)
Re:Ken Williams denies sexual explicit content (Score:1)
Placing the blame (Score:1)
If not, then Harvard and JP are at fault.
If so, then: Was the offensive material there before Harvard offered to host the site?
If it was, then Harvard is at fault, either for pulling the site or for offering to host it in the first place knowing what was there.
If it wasn't, then Ken is at fault for placing the material there.
Re:I'll do yours first because it was scathing and (Score:1)
It's "moot", Sparky. Irregardless
What Counts (Score:2)
Yeah, the rest of the incident shows them to be completely spineless. So? Hey, as an ISP they have a right to yank anybody's web site if they want too; in this case, at least Packet Storm can go back up.
----
Re:Antionline (Score:2)
Libel not Slander (Score:1)
Oy. When is this boy going to learn the difference?
Ooops. I believe I just "slandered" him.
There's something about this whole proceeding that reminds me of the Kennedy assassination.
-----------------------------
Computers are useless. They can only give answers.
Harvard is not an ISP, its a University (Score:1)
--
Python
That would mean (Score:2)
Anybody else see the irony? (Score:2)
Re:How do we know who's telling the Truth?.... (Score:1)
Re:What Counts (Score:2)
That's what happens when you only read one side of the story and judge prematurely.
I think Harvard acted very professionaly here.
Re:What Counts (Score:2)
Depending on how friendly I was with him, I *might* just ask him to get rid of the extra content, but with Harvard upper management now in the loop, I don't think they were out of line in the least by refusing to further host his site.
Remember -- this was done as a favor, not a contractual agreement.
Facts?? (Score:2)
Remember, Harvard agreed to host this site as a FAVOR, and Williams abused their trust by using the site for rather scandalous personal reasons. I think Harvard was perfectly justified in doing what they did.
An institution's belief in the "facts" has nothing to do with this.
YES (Score:2)
On one hand I'm really glad Slashdot is as popular and has so many posters as it does, but on the other hand, it's really quite embarassing how many people here go off on what OBVIOUSLY little information that's been provided.
The Slashdot authors are just as guilty as anybody else. Read the headlines/abstracts for some of these stories. It's very easy to believe just one side of an obviously partisan story instead of trying to get the full range of facts.
Re:Ken Williams denies sexual explicit content (Score:2)
Why would he send a letter to Harvard describing pornographic content when Harvard would just be able to look for themselves and see that he was just blowing a lot of hot air? The fact that Harvard DID act quickly and finally lends credence to the original complaint.
That's my opinion, anyways.
Re:Cool! But what happened? (Score:2)
Remember, this entire Slashdot thread was started by a message from Williams (the "victim"), and included only his side of the story. It's quite possible he embellished quite heavily.
Re:Ken Williams denies sexual explicit content (Score:2)
I'm just annoyed by everyone labeling one person's side of things as gospel truth before even hearing the other side of the story. When you do hear things from all THREE parties (including Harvard), stuff starts to make a LOT more sense.
Huh? (Score:3)
The fact is that Williams e-mailed Slashdot with his whiny story, and Slashdot went with it. They simply thought to themselves, "Wow, the evil guy with money destroyed a valuable resource!" They made no effort to look at the "other" side of the story or validate any of the things Williams said. They simply assumed that what he said was FACT. For things like factual articles, where people are offering links to *real* news sites, this is a PERFECTLY FINE way to run a news site like Slashdot, but when you get into personal things like this, you're basically posting an editorial, not objective news.
That's what I was objecting to.
I don't expect Slashdot to do its own reporting and investigating, but I DO expect them to at least TRY not to be biased or partisan when they do post things like this. The instant I read the abstract I *knew* there was a lot more to this story than what was being said. Everyone else should have been smart enough to realize this as well.
FYI I've probably read more Slashdot articles and posted more informative Slashdot comments than you ever will. Don't go tell me to "Try reading" before I post, and *especially* don't do it as an AC.
securityfocus.com (Score:1)
Re:I actually agree with harvard (Score:1)
So where is it? What is it? Do you know? If not, then why are you supporting one side or the other, sight unseen??
Ken Williams denies sexual explicit content (Score:2)
JP is loving this attention (Score:1)
Hosting power. (Score:1)
The other issue then would be the disturbing practice of police to some and confiscate all of of someones computer equipment, backups, etc. on some phoney-balony charge (several stories come to mind) - thereby silencing that person.
--
Re:Verbal agreements and Phantom Machines (Score:1)
Of course, there was also the whole porn thing...
PacketStorm (Score:1)
Re:PacketStorm (Score:1)
Moral of this story... (Score:2)
When you put data on a server that's not yours, you're assuming that there's reliable hardware and the ISP is doing regular backups. From experience, those are both assumptions that aren't good to make. Harddrives are cheap, CD-Burners are cheap. Keep a copy of your site. Even if it was four gig of data, that's five, maybe six CD's. Its not like all of it changes all the time.
Hell even if it IS your server, you should always keep copies of the data separate from your backups and the server. The government has been known to inappropriately seize servers at ISP's and things like that.
Williams did not back up /jp/ (Score:1)
[quote]
Here is the REAL scoop on
John Vranesevich, aka JP
AntiOnline Founder, Jackass, Crackhead, Cock Smoker, Narc, Media Whore,
and the gimp who is currently diving into Carolyn Meinel's muff
--Mirror made available by doxavg@Genocide2600.com
[/quote]
J.
FUD == Status Quo (Score:1)
Re:What a lame excuse (Score:1)
Re:YES (Score:1)
I searched for information yesterday and read the statement posted above. Seems to me like Harvard holds most the cards. They have the original JP message as well as any communications with Ken. Despite the education they are dishing out, it looks like they were the student in this issue!
Can you spell A R C H I V E (Score:1)
Re:I think Ken is lying (Score:1)
Next Business - Anti Virus Software (Score:1)
JP is no angel. (Score:1)
Pretty good evidence and a pretty conclusive argument that JP is funding the very people he proports to help defend against.
I'll do yours first because it was scathing and... (Score:1)
1) Intelligent people will support Harvard, ergo anyone criticizing their action must be intelligence challenged(tm).
Reply: Yes. But. Never did I say they would "support" Harvard. Not finding fault in something is not the same as supporting it. I'll even give you an anology to play with: "I can't fault the chicken for crossing the road, but its certainly not an action I would support." - I'll even give you a more relevent one - "I wouldn't fault Packet Storm's admin for posting his opinions of antionline's admin, but if I were hosting his box and recieved a letter like that, and had a familly to care for, its certainly not an opinion I would be able to support."
2) Censoring isn't very "Harvard", so rather than "censor" by requesting the removial of controversial materials, it is somehow more ethical and less "censorous" to go off half-cocked and delete EVERYTHING the site offered with no due process
You really think Harvard gives a rats-rear-end about the public criticisms from Slashdot readers and the 'haqer' community? You seem to think you wield a lot more power behind your keyboard than I think you do.
3) What harvard did was right. It was OK for them to spew FUD (untruths) because they needed "time."
Welcome to the real world. It isn't a pretty place and it hasn't been for as long as I've been alive. Harvard did what needed to be done at the time, yes.
If I understand your arguments correctly, burning entire libraries and spreading FUD about the personal lives and actions of the libraries is OK, even noble, as to do anything less (like lock up an objectionable book) would be "censorship." Anyone objecting to the burning of said libraries would clearly be stupid, as any intelligent person in the security community would support burning the entire library over the censorship the removal of one controversial book would imply. Interesting definitions.
A - The library wasn't burned. It was simply closed. Even if they did indeed 'rm -rf
"If I open a private library with an office complex from which I lease free space (lets just say I pay a dollar a month), I go into that relationship knowing that at any day I could be kicked out of that space. But lets take it a step further, you see at this library you can only check out books on terrorism. How to stop terrorism, how to start terrorism, terrorism-terrorism-terrorism. But in one section of my "library" I have nothing but deragatory comments about Jesse Helms. Corresopondence with him are posted, what I think about him is posted, deflamatory pictures of him are posted on all the walls in the section of my "library".
Does the lessor have the "OK" to kick me out of my "library"?
Re:Credibility & A Rodent's Posterior (Score:1)
Exactly what community and its view was I representing in any of my posts? I was speaking soley for myself, using "I" almost everywhere. I am quite comfortable in the real world though not always happy to be a part of it. The people that seem to be unable to grasp the concept of the real world are those that are arguing the injustice of doing the "right thing" (legally, socially, and politically vs. doing the "right thing" morally, heartfelt, utopianly.
Yes, Harvard cares very little about what the Slashdot community has to say. We are talking about a learning institution with a history that dwarfs even that of computers in general. Never did I say they shouldn't give a rats-rear-end about what Slashdot readers have to say, simply that they don't.
Yeah I know (Score:1)
I'll have a W.O.P.R. with fries and a coke. (Score:3)
Sure, they would be praised if they had simply contacted Packet Storms admin and told him that the offensive material would have to go or they would be forced to shut down the site. But then they would have become censors. Censoring content just doesn't seem very Harvard to me.
What they did was right. The actions they took, and the preliminary FUD they spewed merely gave them the time they needed to weigh thier options, without bringing about the wild accusations and rumors that would have flown in the face of silence.
Re:PacketStorm (Score:1)
I couldn't agree more...
JP is pissing in his own backyard with stunts like this. Any admin at any ISP who hosts Antionline (including the current one) would do well to consider that he/she is hosting a service that is apparently committed to destroying the sites that all competent admins need.
If I worked for his ISP I'd have been on the phone yesterday, "What the... You did what!? PacketStorm was one of my primary sources of security information! I think you'd better leave."
Irony... --nm-- (Score:1)
--
A host is a host from coast to coast...
Possible way to set up a critic for a AUP fall (Score:1)
ls -l /jp
and used XV to look at every file?
Doubt it. More likely they just pointed a browser at the URL from thier own desk.
Now consider hypothetical site A which posts critique about hypothetical site B.
Site A may contain hyperlinks and inlines to graphics on site B as examples. If site B wanted to make Site A look bad, they could clone their excerpted files, modify the clone to use unique URLs, then change the files that original URLs pointed to so they now point to nasty stuff.
The effect of this is when someone pulls up the critique on site A, the see a bunch of nasty text and graphics. If that someone is the sysadmin checking for acceptable use, is he going to look at the HTML to see if the content is actually stored locally on the site, or is it going to be assumed that content was purposefully put there by site A because thats whose address is in the address textbox in the browser window?
Unless fraud is suspected from the beginning, I can see the latter being the likely case.
Therefore it is entirely possible that site A could be set up to look like a porn provider or other nasty thing just because site A had hyperlinked content, without site A being rooted or expoited at all.
Was Packetstorm set up like this? Only the backup tapes can tell.
What good security sites are left? (Score:2)
I hate it when I hear about a (potentially) useful website only when it is shut down. By many accounts, Packetstorm was a valuable security reference. The published words and acknowledged actions of AntiOnline's owner makes me averse to having my IP in their server logs.
So, what good security resources are left out there? If Packetstorm were still up, I would undoubtedly have scoped it out for usefulness, and bookmarked it as a resource if it met my needs. Is there anyplace else comparable I can check out?
phil
Re:I'll do yours first because it was scathing and (Score:1)
Re:PGP - one of us must be wrong (Score:1)
Re:What about antionline? (Score:1)
Re:What Counts (Score:1)
Rights", and we need to start boycotting ISPs
that don't support that bill of rights.
That sounds like a fine idea, but I wouldn't be shoving a Bill of Rights into the face of the private institution that has agreed to host my site for free, given that it serves a specific purpose.
Remember, ISP's are not in the business of defining constitutional rights, they provide bandwidth and try not to rock the boat. I wouldn't want to have to spend money to defend my ISP (if'n I had an ISP) from lawsuits of people libelled by my users. Even if their cases have no merit, you still have to hire a lawyer to point that out.
If I had an ISP, I wouldn't agree to your bill of rights unless it included the ability of the ISP to yank any content that is cruisin' for a lawsuit.
Off subject, have you all seen Geocities new agreement that says that anything you put on Geolcities becomes their property?
Re:What Counts (Score:2)
I don't know what ISP would host a site as popular as that free of charge (unless banner ads were allowed). But I think that the next move would be to actually receive the data and start looking.
I sincerely hope that any people that sent complaints to AntiOnline or Harvard that specifically referenced Slashdot were written with cool heads and a moderation of actual flaming and insults; it would certainly make us look a lot more mature in the eyes of the outsiders. Of course, I know that this is just wishful thinking, especially after some of the comments made to yesterday's article here. [smile]
Anyway, things look a bit better now, and I hope that a new site can be set up quickly.
--
Re:I'll have a W.O.P.R. with fries and a coke. (Score:2)
Removal of a site is also censorship.
Maybe if they forwarded the complaint to the maintainer of the site and have the maintainer explain exactly how he was going to react to the complaint (remove the materials, shut down his own site, etc.) and then have the web admins decide if the action was enough. This seems nicer in theory, but it would have taken some time and the offending materials may have still been available.
However, whether or not the offending materials were ever removed, the fact remains that they may have been there, and they may have been accessible to anybody who knew their location. If so, the claim of damage may have still been valid and a lawsuit could possibly still been filed. (Of course, I don't even play a lawyer on TV...!)
I sincerely think that Harvard had a right to shut down the site, for whatever reason. And I think it proper for them to return the data, if that's what they are claiming that they will do. I cannot see how you can fault them too much for this at this point.
Again, we'll see if Packet Storm reappears in a new location. And I think that it will have a much better agreement with the entities hosting them than they did with Harvard... I hope that this may be a learning experience for Packet Storm AND for all of us.
--
Learn a good quote, John. (Score:1)
People in this country have the right to say anddo whatever they please, unless that is, what they say and do infringes on the rights of another - anonymous.
Yeah. The real reason this is anonymous is because no fool would want to be known for ranting this absurd statement!
In absolute terms, any right someone has automatically infringes upon the rights of others. You enact a law to outlaw murder. It infringes on my right to kill. 'Rights' are like energy, they can't be created or destroyed, only redirected/modifed, etc.
What an absolutely obtuse quote. The law is (or at least was) in place to provide safety to people more than it was to protect 'rights'.
I don't know much about John Vranesevich. But based on what I've read [from|about] him, that's probably not a bad thing.
Re:you do not have a right to kill other people. (Score:1)
Just because I believe murder is wrong doesn't mean, from an absolute, perspective that it is. This belief , the ability to reason and opine, on one's own is what separates man from animals.
This said, law isn't put in place to 'give' rights -- any law that gives rights to one group removes rights from another -- and thus, there is no way to grant rights that don't infringe on rights of others.
On a more down-to-earth example, but equal in principle, I have the right to free speech. However, there are limits on this. I can't yell 'Fire!' in the theatre, I can't incite riot, as there are laws that limit my speech in those respects. These impinge on my 'rights'. But they transfer the 'right' to safety to those around me. They're for the good of the people; that is the basis of law. There has been no loss of 'rights'. Just transferral.
I'd recommend some John Locke. Good reading.
Your Side Note... (Score:1)
With regards to the topic at hand, I can't believe people are on this board bitching and moaning about Harvard, AN EDUCATIONAL INSTITUTION, protecting it's own ass from being sued by someone using the bandwidth they DONATED. Packet Storm should be greatful that Harvard is giving their data back...
:-)
However, I am not saying Packet Storm didn't get screwed over by whomever made those calls to Harvard... those people who made the calls are to blame, not Harvard. Harvard should be thanked for how they handled it.
and no, i don't attend harvard, i attend U of L [louisville.edu]
------------------------------------------
Reveal your Source, Unleash the Power. (tm)
An odd sense of right and wrong (Score:3)
1) Intelligent people will support Harvard, ergo anyone criticizing their action must be intelligence challenged(tm).
2) Censoring isn't very "Harvard", so rather than "censor" by requesting the removial of controversial materials, it is somehow more ethical and less "censorous" to go off half-cocked and delete EVERYTHING the site offered with no due process, no notification, and no opportunity for the web page maintainer to copy his material to an offsite location (their belated agreement to give him the backups after being subjected to a storm of public criticism hardly counts).
3) What harvard did was right. It was OK for them to spew FUD (untruths) because they needed "time."
4) Finally, of course, we see the success of their strategy, in the resoundling lack of accusations and outrage their lack of silence has engendered.
If I understand your arguments correctly, burning entire libraries and spreading FUD about the personal lives and actions of the libraries is OK, even noble, as to do anything less (like lock up an objectionable book) would be "censorship." Anyone objecting to the burning of said libraries would clearly be stupid, as any intelligent person in the security community would support burning the entire library over the censorship the removal of one controversial book would imply. Interesting definitions.
Checksum or CRC code? (Score:2)
Is it an encrypted checksum or cyclic redundancy check code? If it's just a checksum, you can fiddle with the altered message to produce the same sum. It's far more difficult to produce the same CRC code (I think), but which is being used here?
The most secure way that I know of to encode a message to verify that it's from you is to encrypt the whole thing with your private key. The receiver runs it through your public key as if they were sending it as a reply to you, and the plaintext pops out.
OTOH, this requires you to encode the entire message with RSA, which PGP doesn't.
Harvard acted fine! Slashdot'ers overreact AGAIN. (Score:2)
Would your little University admins host a non-students web site? I freaking doubt it...
(as I assume well over 50% of you are still students) Hell, for those of you in the "real"
world (sic:jargon file) would your company in ANY
way wish to associate itself with hosting a non-involved site if you were not an ISP? Doubtfull at best.
Not returning the backups WAS out of line, however
they have returned what some courts have held up to be personal property, as an author. (web content) Harvard has distanced itself from a
controversial situation that their academic
charter has nothing to do with. (the anti-online
vs. anyone who objects thang)
Where did Harvard REALLY go wrong? Allowing their admin to host the site in the first place. Anyone
wanna bet he/she was severely reprimanded? Possibly threatened with release? A little birdie tells me he was getting his resume' together over this one...
da' fly
Re:I'll have a W.O.P.R. with fries and a coke. (Score:1)
Censorship is a serious issue, and it still does exist in modern democracies today. (There's nothing like the threat of a huge libel suit to silence someone without the resources to defend himself.) Please don't trivialise it by applying it to things that are not.
cjs
Antionline (Score:1)
echo You Suck | mail JP@antionline.com
Re:HAHAHAHAH (Score:1)
Re:I'll have a W.O.P.R. with fries and a coke. (Score:1)
I actually agree with harvard (Score:2)
Re:HEL-LO, Harvard is *not* an ISP (Score:1)
Re:What Counts (Score:1)
> they have a right to yank anybody's web site if > they want too; in this case, at least Packet
> Storm can go back up.
It actually bother's the hell out of me that
*all* ISPs are this spineless. Their legal
agreements all *suck*. "We get to do anything
we want, we guarantee you nothing, we take no
responsibility for what you do, but if we don't
think it's appropriate we'll stop you, we're the
sole arbiters of what's appropriate, and by the
way we can change this agreement without notice
and you've still got to follow it."
Is this anyway to run a brave new world of free information?
I'm beginning to think we need a "User's Bill of
Rights", and we need to start boycotting ISPs
that don't support that bill of rights.
Re:What Counts (Score:1)
> contractual agreement.
The point is that you wouldn't be any better off
with a website with Harvard or with a commecial
ISP: everyone's stated policy seems to be to cave
in the moment they get a scary legal notice.
What's wrong with saying "This has nothing to
do with us, we're just carrying the information,
we didn't put it up there. Take it up with the
person who's responsible for the content."
If you make an obscene phone call, can they
sue the phone company?
And would it make sense to require the phone company to screen all calls for obscene content,
to make sure that no one is misusing the service?
Re:Ken Williams denies sexual explicit content (Score:1)
Re:What Counts (Score:1)
content on the server specially the
which seems to be the cause of this whole problem
and I am pretty sure that if they (Harvard) were
aware of this then they would have asked that
the pornographic and libelous content be removed
or else. Harvard offered to host the site
because of the security related content. Nuns
covered in seminal fluid doesn't fit in this
category regardless of public opinion
Re:Harvard acted very poorly: It's our party! (Score:1)
Keep in mind that Ken was _INVITED_ to run the
site using Harvard's network connectivity and therefore
this is Harvard's party, if you do not like the
rules then you can take your business elsewhere.
I am impressed at Harvard handled the entire
situation by deciding to not host the site.
The same thing goes with anything. How would you like it when
you invite me over to your house and then suddenly you see law enforcement
raiding the entire place just because I had a search warrant and I didn't tell you.
As you're reading that response, consider... (Score:2)
That letter at hackernews.com is not PGP Signed, as his first, highly publicized letter was.
Just a thought.
There's a reason for PGP.
Zeitgeist
Irresponsible.. (Score:1)
In another thread above, someone posted the url of an alleged copy [genocide2600.com] of the data that was in the disputed directory. I don't know whether this is the actual content from the page but it seems likely.
Re:Ken Williams denies sexual explicit content (Score:1)
Re:An outsider's view (Score:1)
On a side note, I remember a story on segfault, called an anti-/. kit.... perhaps there is really a market to detect abnormal traffic (e-mail, hits on web sites, DOS etc..) and firing off alerts on various pagers?
Re:What a lame excuse (Score:1)
This wasn't a kid that was using his student's home page for distributing the latest and greatest script kiddy warez.
Ken did a lot of good and hard work (with a server like this, you probably have more to do to secure your site than the average web admin, esp. mass downloads and hacking attempts).
He refused also to do banner ads to get some money (I never understood why...).
Some time (a week?) ago he was _offered_ that harvard hosts his site - you don't get a url like packetstorm.harvard.edu just for asking or because you are a student.
Again - they offered to host him, and if I were him I too would have had the impression they would know what they get.
He has every right to complain....
Re:It's a matter of trust (Score:1)
Re:What Counts (Score:1)
Re:PGP - one of us must be wrong (Score:2)
Of course PGP relies on the ability for the user doing the verification that the "public" key they have actually came from the party in question. Look up PGP and web of trust for more information.
Re:How do we know who's telling the Truth?.... (Score:1)
My My My... (Score:3)
For me it boils down to who owns the computers - Harvard. Just as I don't have to have any program on MY computer that I don't want (are you listening MS?) Harvard doesn't have to have ANYTHING on THEIR computers that they don't want, irregardless of free speech or who owns the content. So Harvard did the right thing.
As for the rest, well, it reminds me of two 10 year olds fighting. Personally I don't thing either is telling the whole truth. JP may well just be a "wannabe" who is pumping himself up. But I have also seen some of the "evidence" published by a great many other sources that are, to say the least, laughable and and insult to the intelligence of anyone on
Is JP a rogue bastard who is selling snake oil, making up "hacks" so he can ride in and save the day? Sure, its possible.
Its also possible that Ken has enginieered a great many of these so-called "evidence" logs and irc sessions as a disinformation/smear campaign. Either scenario is just as plausible as the other.
Frankly I don't care who is right or wrong. Both sides are indulging in Ad Homenem attacks, which is the least logical, poorly premised and misguided of all arguement. If you can't attack the aguement attack the arguer...
This is incredibly childish. I don't beleive either side. The sad part is that two fairly decent sites for getting security information (anti-code that is, not antionline) are gone (for now) and we are all losing out on information.
Now, when the teenagers are done with the pissing contest, perhaps us adults can get down to the business of discussing some REAL issues...
Re:What Counts (Score:1)
Harvard acted very poorly (Score:2)
Since there were no written agreements between the creator of the site and Harvard (according to the creator of the site), I find it hard to believe that Harvard had set up any rules prior to this incident regarding site content. If they want to create rules after the fact, then they should have, at the very least, given the guy an opportunity to remove whatever they objected to before permanently revoking his ability to access the server and shutting it down. It would have been *very* simple to just temporarily turn off http and ask the site creator to remove the content that they didn't like.
Harvard overreacted in an extreme way that reflects very poorly on them.
Re:What Counts (Score:1)
Do we have _proof_ that Harvard threatened to destroy all data, or was it just the accusation of a lone man?
Re:Verbal agreements and Phantom Machines (Score:1)
Overall, what OSU wants the high-speed internet access to be used for is a phat modem. Web, irc, mail, (firewall borks ICQ, yes even w/ firewall settings in ICQ) is okay, but no servers. Not even telnet. Man, OSU internet access sucks. (/whining)
So, thats how my college works (or doesn't).
-jeff
Mob mentality (Score:2)
Even if every
Re:escalation proclamation (Score:1)
Re:I'll do yours first because it was scathing and (Score:3)
Survey says...XXX!
Living in the real world is no excuse for doing the Wrong Thing. Spreading untruth is almost always the Wrong Thing, and it is more so for Harvard.
Not only is Harvard a college, it has a valid (though disputable) claim of being the best college in the world. Harvard is in the business of education. They are in the business of dissemenating knowledge. They are in the business of dissemenating truth.
Every lie, every piece of FUD that Harvard puts out attacks their own credibility, their own reputation. Where are they without that?
Re:Ken Williams denies sexual explicit content (Score:1)
Verbal agreements and Phantom Machines (Score:4)
Colleges also tend to have a high level of trust. If you work for the college in any sort of technical capacity, you can get away with a lot of things, because it's assumed that you have a good reason for breaking the rules.
It's pretty common for people around here (CMU) to have vanity domains and private web servers on their work machines. It's also pretty common for people to create accounts on their machines for friends, or even put machines on the network for outside friends to play with. This is all strictly against policy, but so long as nobody complains, we don't worry about it too much.
If we were to get a letter from someone who was threatening to sue us because of the actions of someone who isn't even affiliated with the university, we'd stomp on them hard and fast. Covering our collective ass is more important than looking the other way while someone breaks the rules.
I don't know if this was the situation between Harvard and Packetstorm, but it does sound that way. Universities run on paper, and there's no way that they'd officially permit an outsider to run a machine on their network with only a verbal agreement.
Re:The full Jp packetstorm FUD letter (Score:2)
I know Ken Williams, and although I didn't see the material in question or talk to him yet about all this, I do not think he would put the kind of content being described on his site. It seems (from Harvard's email) that he is getting his data back, which is good - I know that he has put a LOT of time into it.
If I knew more about this, I would comment on it, but PacketStorm is no longer up, so I can't see what JP alleged was on the site. The 'public letter' that JP refers to is at his old site [genocide2600.com], which is now inoperative.
It's too bad Vranesevich didn't contact Ken directly instead of Harvard. If he wanted the offending material removed, Ken could have done that, not Harvard. No, he wanted the ENTIRE SITE removed. That's pretty selfish; there was so much more to the site that just the small part the he had a problem with.
It's also interesting that Vranesevich describes AntiOnline's mission as 'putting an end to malicious hackers', but does any of the material that offended him really have anything to do with hacking? From his (JP's) description of it, it doesn't seem so. Assuming, of course, that what he said was on the site really was - which I am not convinced of. Perhaps a better question is, is Ken a malicious hacker? Not as far as I know, and in fact it seems that since he provided for free a very large and useful website that took much of his time to maintain, he definately NOT a 'malicious hacker'. In fact, I believe Ken (and PacketStorm) were (and hopefully will be again) very useful to many people around the world. I certainly don't think PacketStorm was getting 400,000+ hits/day because of AntiOnline insults/threats (if there were any there in the first place). Maybe JP should define what exactly a 'malicious hacker' is.
-Dan Streetmanddstreet@eos.ncsu.edu
Another story here on ZDNet (Score:2)
Re:How do we know who's telling the Truth?.... (Score:2)
"Never ascribe to malice that which can be adequately ascribed to incompetence." - Some Dead Guy ;)
Re:See for yourself. (Score:2)
--DoXaVG
--Security Admin - Genocide2600.com
--doxavg@Genocide2600.com
How do we know who's telling the Truth?.... (Score:2)
-Heckler
P.S. Pardon my newness, but whats the "FUD" in a "FUD Letter"?