From: security curmudgeon (jericho[at]attrition.org)
To: gene black (geneblack@usa.com)
Cc: Heathens (staff[at]attrition.org)
Date: Wed, 25 Apr 2001 13:16:26 -0600 (MDT)
Subject: Re: you insist , oh!


: Namestyles has been in existance for over a year, has never had any traffic
: (hits)or attempted break-ins previously and is not in any search engines

I think you are one of two things here..

1. uninformed. you simply weren't aware of the attempts.

2. lying.

Given your past correspondance with us, it could easily be both.

: (private network, for now). I don't know how or why the hacker came to be
: aware of namestyles (internic I suppose, but that seems to be a needle in a

They weren't aware of 'namestyles' per-say. They simply scan thousands of
IP addresses at a time. This has been going on for over a year.
Statistically, the odds of you never having a breakin attempt before now
are akin to lottery odds. Thus #1 listed above.

: the world frequenting your site. This can and does cause great financial
: injury to others.Your actions cause far greater harm than the single hacker
: (very elementary).

I'm sorry, how exactly does this cause financial injury if they were
broken into before appearing on our mirror? If they are hacked again,
blaming it on us is ludicrous. They should spend more time securing their
server.

: Even though the constitution allows one to print anything, it still holds
: the author liable for their actions in print.I'll re-iterate and state to
: you that the list is causing me a problem, financially & emotionally. So as

You can get help for those emotional problems. We typically only recommend
security companies, but I'm sure one of us can recommend a good
psychiatrist.

: you remain smug and comfortable you might consider taking care of the
: 'whinners' such as I. It's only smart business and all smart business owners
: do it (refunds,discounts,settlements, etc.).

You STILL fail to grasp this SIMPLE concept that has been BEATEN into your
head. We are not a business. We are not a commercial outfit. We are not a
profit organization. We do not conduct business.

Can I make it any more clear?

: Responding to your offer to compromise, I report my problem to you in
: earnest. The entire content of our site was copied by you and reproduced

Excuse me? Are you stupid or provoking us because you like our mail?

We did not reproduce your entire site. If you actually LOOK at what we
mirrored:

http://www.attrition.org/mirror/attrition/2001/04/19/www.namestyles.com"/mirror.html

There is no mirror of your normal site. Compare that with
http://www.namestyles.com" and even a third grader could see the
difference.

Further, let me beat you over the head with a bit more since you are
clearly drawing this mail out thread for a SINGLE reason, to provoke us.

forced /home/web/mirror/attrition/2001/04/19/www.namestyles.com"# ls
total 14
drwxrwxr-x   2 munge    mirror       1024 Apr 19 22:58 ./
drwxrwxr-x  47 root     mirror       2048 Apr 20 16:25 ../
-rw-rw-r--   1 root     root          384 Apr 19 22:58 index.html
-rw-rw-r--   1 munge    private      4769 Apr 19 03:45 mirror.html
-rw-r-----   1 munge    private      2187 Apr 19 03:46 os
-rw-rw-r--   1 munge    private       520 Apr 19 03:45 wget-log.www.namestyles.com"
-rw-rw-r--   1 munge    private       512 Apr 19 03:45 www.namestyles.com"-nmap_results
forced /home/web/mirror/attrition/2001/04/19/www.namestyles.com"# 

Do you see any graphics in there? Compare the file size of 'mirror.html'
with your own 'index.html' or equiv.

--04:45:36--  http://www.namestyles.com":80/
           => `www.namestyles.com"/index.html'
Connecting to www.namestyles.com":80... connected!
HTTP request sent, awaiting response... 200 OK
Length: 4,701 [text/html]

    0K -> ....                                                   [100%]

04:45:37 (74.05 KB/s) - `www.namestyles.com"/index.html' saved [4701/4701]

Converting www.namestyles.com"/index.html... done.

FINISHED --04:45:42--
Downloaded: 4,701 bytes in 1 files
Converting www.namestyles.com"/index.html... done.

Looking at the wget-log, are you honestly telling me your entire site ..
ALL of your content is 4,701 bytes and a single file?

No. So quit fucking lying to yourself and to us.

: For your info: I never recieved the initial e-mail you referenced from
: attrition.org , nor was I ever aware of sites such as yours. I personally,

Not our fault. We contacted the following:

forced /home/web/mirror/attrition/2001/04/19/www.namestyles.com"# grep
notified os
shared.lists.defaced@cert.org notified of defacement
nipc@fbi.gov notified of defacement
@namestyles.com" notified
geneblack@usa.com notified
@namestyles.com" notified
geneblack@usa.com notified
@namestyles.com" notified
geneblack@usa.com notified
@namestyles.com" notified
geneblack@usa.com notified

You will clearly see your address there.

: tracked your site from our server 1 day following the hack. I believe my
: first e-mail to you was the same day or next day. Namestyles.com doesn't
: have an e-mail address on the site or otherwise. The sites under

Doesn't matter. We use two contact addresses at least.
postmaster@(site.com) which is RFC compliant. If you didn't get that mail,
it is your own fault for not being compliant with accepted internet
standards. Second, we mailed 'geneblack@usa.com'. If you didn't receive
that, that is once again your fault as you clearly can receive our mail.
But, since you ignore 90% of what we are telling you, I have no doubt you
ignored that mail too.

: insecure during construction. . . maybe you can set aside your policy in
: this instance on that basis and remove namesytles from your hack list
: (cancellations unfortunately are part of every business).

Oh hell no. Not after you lie and provoke us like this. In fact, I am
thining of using your domain as an example in an article or two and
discuss how you were hacked and defaced, and the subsequent e-mail. I'm
also considering putting up all of this mail on our postal section for the
world to see what kind of morons we have to deal with.

You will have to forgive my rudeness, but I'm tired of your crap. You lied
to us. You are provoking us. You show no signs of understanding the first
thing about the web or technology. I have no sympathy for you .. just your
customers.


[an error occurred while processing this directive]