From jericho at attrition.org Thu Jan 4 04:50:51 2007 From: jericho at attrition.org (security curmudgeon) Date: Thu, 4 Jan 2007 04:50:51 -0500 (EST) Subject: [attrition] attrition torrents Message-ID: http://attrition.org/torrent/ We're too ghetto to have a real tracker, so make do with this page. Here are some files that we want to share without completely saturating our connection. Use your favorite torrent client to leech away. 54.3m - BH-2006-foundstone_interview.mov.torrent - BlackHat 2006, Foundstone set up a series of interviews for various contributors to the security scene. At the last minute McAfee lawyers changed their mind about releasing the videos saying waivers must be signed. The videos were given to the people to do with as they please, including releasing them if we chose to. This is an interview with Jericho and Lyger who talk at length about attrition, dataloss, OSVDB and the security industry. 327.1m - attrition-gallery.tar.gz.torrent - Attrition Image Gallery, closed on 09.05.03 due to bandwidth problems. From lyger at attrition.org Sun Jan 7 00:05:46 2007 From: lyger at attrition.org (lyger) Date: Sun, 7 Jan 2007 00:05:46 -0500 (EST) Subject: [attrition] postal: flirt squirt blurt Message-ID: http://attrition.org/postal/p0013.html HE STARTED IT for those who ever doubted the definition of inane generation grudge shades of mick jagger providing public service slow learner BeAsTaH-ality free trade one-stop movie shop From jericho at attrition.org Sun Jan 7 14:44:22 2007 From: jericho at attrition.org (security curmudgeon) Date: Sun, 7 Jan 2007 14:44:22 -0500 (EST) Subject: [attrition] Just Cancel the @#%$* Account! (Tom Spring at PCWorld) Message-ID: ---------- Forwarded message ---------- To: Infowarrior List (c/o RSK) ------ Forwarded Message Just Cancel the @#%$* Account! http://www.pcworld.com/printable/article/id,128206/printable.html It's hard to find a Web service that doesn't offer a free trial. But just try canceling. We did, and the results weren't always pretty. [..] How Much Hassle? I subscribed to the services beginning last July, and I canceled--or tried to cancel--them all between August and October. Afterward, I considered several factors in assessing how hard it was to cancel each service and to receive any promised trial-period refunds. For example, I downgraded companies that failed to provide a way to unsubscribe through their Web sites. I also dinged merchants when they continued to bill me after I had canceled, and if they made me feel like a Net gumshoe searching their Web site for clues on how to unsubscribe. And I penalized sites whose customer service personnel pressured me repeatedly to continue my subscriptions or even buy other services. Finally, I took into account how long the various companies kept me on hold, and whether they continued to send me e-mail after I had canceled. Of course, hassle is to a certain extent in the eyes of the beholder. A 10-minute call with one company might be fine if the representative is polite and helpful. The same amount of time with another company might be highly annoying. Companies labeled "No Hassle" made severing ties relatively easy. For instance, some of them let me cancel by filling out an online form or sending an e-mail, and then they left me alone. Companies labeled as "Some Hassle" received unsatisfactory marks on one or more criteria. Companies that earned the "Big Hassle" rating failed on several measures; they made it so hard for me to cancel that I regretted having signed up with them in the first place. For a detailed list of the criteria I used in rating the various services, see "Thirteen Strikes"; and for more about the particulars of my experiences with each service I tried, see "Service Cancellation Woes." [..] From jericho at attrition.org Sun Jan 7 14:51:18 2007 From: jericho at attrition.org (security curmudgeon) Date: Sun, 7 Jan 2007 14:51:18 -0500 (EST) Subject: [attrition] Not your typical DoS attack Message-ID: This was too funny and creative not to share. - jericho There is now a video of the event as it happened in Second Life: http://www.youtube.com/watch?v=RedLyae4b2s -- http://www.robertlemos.com/2006/12/20/not-your-typical-dos-attack/ Not your typical DoS attack Robert Lemos December 20th, 2006 So, your companys been hit with a denial-of-service (DoS) attack involving a straight-up packet flood. Or, perhaps youve been hit by a distributed DoS launched from 10,000 bots controlled by an angry spammer. Or, if you are really (un)lucky, perhaps you got hit with a distributed reflective DoS attack and now need the services of some buzzword-compliant security vendor. But how many of you have suffered through a denial-of-service attack consisting of, ahem, flying male members? (More after the break, and you know there is no way to make up something like that.) Apparently thats what happened in the virtual CNET bureau in Second Life. During an interview with the self-proclaimed virtual-real-estate (virtual estate?) millionaire Ailin Graef, the CNET in-world headquarters came under attack by well, Ill let CNET News.coms entertainment reporter, Daniel Terdiman, say it. Unfortunately, as the interview was commencing, the event was attacked by a griefer, someone intent on disrupting the proceedings, Terdiman writes in the Q & A posted on News.com. The griefer managed to assault the CNET theater for 15 minutes withwell, theres no way to say this delicatelyanimated flying penises. After the attack subsidedabout 15 minutes laterGraef asked the proceedings to be moved to her own virtual offices, according to the CNET interview. The griefer managed to attack there as well and actually take down the Second Life server hosting that part of the worlds grid, the article claimed. Attacks on Second Life are not uncommon. And the world, which appears to also have a large population of role-playing adults dressed in sado-masochistic wear, may not even blink at the pornographic aspects of this attack. Still, its not something that you seeor would want to seeevery day. Even on the Internet. From lyger at attrition.org Thu Jan 11 21:57:50 2007 From: lyger at attrition.org (lyger) Date: Thu, 11 Jan 2007 21:57:50 -0500 (EST) Subject: [attrition] rant: MPAA: Idiots At The Helm Message-ID: http://attrition.org/security/rants/z/mpaa.html or: How the MPAA could easily increase profits and turn the tide of P2P to work in their favor Thu Jan 11 21:16:47 EDT 2006 Martums An open letter to the closed-minded Studios: I love movies. That doesn't come as a surprise to anyone who has skimmed over any of my witless, rambling reviews here. I've gone so far as to set up a used little projector, some wireless headphones, and an old, comfy chair in my living room. I wouldn't call it a real home theater, but it's a start. And I still go to theaters, as poor as the experience often is. There's just no substitute for the massive screen and the awesome power of the sound they have. I have disposable income with your (studio's) name on it, and a shelf full of DVD's I never watch to prove it. I hate waiting. That awful period between when a film is in theaters, until it's on DVD can be a drag. Ask any movie nut. And you guys (the studios) are losing heaps of money during this time. Third parties are paid to produce reports with grossly exaggerated figures claiming such rubbish, e.g. Piracy is a 100-billion-dollar-a-year industry. Bullshit. But at least you acknowledge you're losing money, even if you have no idea how much. Now, these dinosaurs aren't about to go and change their business model, or risk distancing themselves from the theater owners whom they so desperately need, at least for now. Regardless, here's one way the Studios could unfuck themselves and increase profits and simultaneously improve the consumer's experience. Because the mega cinema near me sucks ass 80% of the time. Raise minimum wage, why?! These theater zombie employees are already scraping the bottom of the gene pool barrel and are way over paid... Anyhow, here's a crazy idea of how to A) make money, B) win back (repeat) customers, and C) reduce open file sharing: [...] From lyger at attrition.org Fri Jan 26 23:05:03 2007 From: lyger at attrition.org (lyger) Date: Fri, 26 Jan 2007 23:05:03 -0500 (EST) Subject: [attrition] postal: nothing... (sad clowns) Message-ID: http://attrition.org/postal/p0013.html bowl of dicks, extra salt lernin iznt eezy they like what they see slowly shaking our heads even osvdb isn't safe need... more... coffee... a moment of zen one in every crowd a tribute to josh (#1 in a series) keep it in the family