From: security curmudgeon (jericho[at]attrition.org) To: gene black (firstname.lastname@example.org) Cc: Heathens (staff[at]attrition.org) Date: Wed, 25 Apr 2001 13:16:26 -0600 (MDT) Subject: Re: you insist , oh! : Namestyles has been in existance for over a year, has never had any traffic : (hits)or attempted break-ins previously and is not in any search engines I think you are one of two things here.. 1. uninformed. you simply weren't aware of the attempts. 2. lying. Given your past correspondance with us, it could easily be both. : (private network, for now). I don't know how or why the hacker came to be : aware of namestyles (internic I suppose, but that seems to be a needle in a They weren't aware of 'namestyles' per-say. They simply scan thousands of IP addresses at a time. This has been going on for over a year. Statistically, the odds of you never having a breakin attempt before now are akin to lottery odds. Thus #1 listed above. : the world frequenting your site. This can and does cause great financial : injury to others.Your actions cause far greater harm than the single hacker : (very elementary). I'm sorry, how exactly does this cause financial injury if they were broken into before appearing on our mirror? If they are hacked again, blaming it on us is ludicrous. They should spend more time securing their server. : Even though the constitution allows one to print anything, it still holds : the author liable for their actions in print.I'll re-iterate and state to : you that the list is causing me a problem, financially & emotionally. So as You can get help for those emotional problems. We typically only recommend security companies, but I'm sure one of us can recommend a good psychiatrist. : you remain smug and comfortable you might consider taking care of the : 'whinners' such as I. It's only smart business and all smart business owners : do it (refunds,discounts,settlements, etc.). You STILL fail to grasp this SIMPLE concept that has been BEATEN into your head. We are not a business. We are not a commercial outfit. We are not a profit organization. We do not conduct business. Can I make it any more clear? : Responding to your offer to compromise, I report my problem to you in : earnest. The entire content of our site was copied by you and reproduced Excuse me? Are you stupid or provoking us because you like our mail? We did not reproduce your entire site. If you actually LOOK at what we mirrored: http://www.attrition.org/mirror/attrition/2001/04/19/www.namestyles.com"/mirror.html There is no mirror of your normal site. Compare that with http://www.namestyles.com" and even a third grader could see the difference. Further, let me beat you over the head with a bit more since you are clearly drawing this mail out thread for a SINGLE reason, to provoke us. forced /home/web/mirror/attrition/2001/04/19/www.namestyles.com"# ls total 14 drwxrwxr-x 2 munge mirror 1024 Apr 19 22:58 ./ drwxrwxr-x 47 root mirror 2048 Apr 20 16:25 ../ -rw-rw-r-- 1 root root 384 Apr 19 22:58 index.html -rw-rw-r-- 1 munge private 4769 Apr 19 03:45 mirror.html -rw-r----- 1 munge private 2187 Apr 19 03:46 os -rw-rw-r-- 1 munge private 520 Apr 19 03:45 wget-log.www.namestyles.com" -rw-rw-r-- 1 munge private 512 Apr 19 03:45 www.namestyles.com"-nmap_results forced /home/web/mirror/attrition/2001/04/19/www.namestyles.com"# Do you see any graphics in there? Compare the file size of 'mirror.html' with your own 'index.html' or equiv. --04:45:36-- http://www.namestyles.com":80/ => `www.namestyles.com"/index.html' Connecting to www.namestyles.com":80... connected! HTTP request sent, awaiting response... 200 OK Length: 4,701 [text/html] 0K -> .... [100%] 04:45:37 (74.05 KB/s) - `www.namestyles.com"/index.html' saved [4701/4701] Converting www.namestyles.com"/index.html... done. FINISHED --04:45:42-- Downloaded: 4,701 bytes in 1 files Converting www.namestyles.com"/index.html... done. Looking at the wget-log, are you honestly telling me your entire site .. ALL of your content is 4,701 bytes and a single file? No. So quit fucking lying to yourself and to us. : For your info: I never recieved the initial e-mail you referenced from : attrition.org , nor was I ever aware of sites such as yours. I personally, Not our fault. We contacted the following: forced /home/web/mirror/attrition/2001/04/19/www.namestyles.com"# grep notified os email@example.com notified of defacement firstname.lastname@example.org notified of defacement @namestyles.com" notified email@example.com notified @namestyles.com" notified firstname.lastname@example.org notified @namestyles.com" notified email@example.com notified @namestyles.com" notified firstname.lastname@example.org notified You will clearly see your address there. : tracked your site from our server 1 day following the hack. I believe my : first e-mail to you was the same day or next day. Namestyles.com doesn't : have an e-mail address on the site or otherwise. The sites under Doesn't matter. We use two contact addresses at least. postmaster@(site.com) which is RFC compliant. If you didn't get that mail, it is your own fault for not being compliant with accepted internet standards. Second, we mailed 'email@example.com'. If you didn't receive that, that is once again your fault as you clearly can receive our mail. But, since you ignore 90% of what we are telling you, I have no doubt you ignored that mail too. : insecure during construction. . . maybe you can set aside your policy in : this instance on that basis and remove namesytles from your hack list : (cancellations unfortunately are part of every business). Oh hell no. Not after you lie and provoke us like this. In fact, I am thining of using your domain as an example in an article or two and discuss how you were hacked and defaced, and the subsequent e-mail. I'm also considering putting up all of this mail on our postal section for the world to see what kind of morons we have to deal with. You will have to forgive my rudeness, but I'm tired of your crap. You lied to us. You are provoking us. You show no signs of understanding the first thing about the web or technology. I have no sympathy for you .. just your customers.