Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Respond To Review Four

Reply
Thread Tools

Respond To Review Four

 
 
Tracker
Guest
Posts: n/a
 
      10-15-2003
Remember, weíre talking about Windows 95,98 and ME Platforms and my book
was written for basic home computer users only. Itís has since grown
into a book which will help three levels of computer Windows users.

The following is from a reviewer with the nick name of "Jack"

Part 1: Throughout the document, there area number of sentences that
make absolutely no sense whatsoever.
An few examples: "The time seemed like forever, with no end;
On the technical side, there is no mention of the time between the
request to close the account(s) and the time it was discovered that the
logins had not been disabled. This may indeed display poor housekeeping
on the part of the ISP but does not provide evidence that this method is
being used by "hackers" to access others systems.

ME: Iím not going to be honest about how long the ISP dial-up access was
truly used, but a guideline could be two months. Read Review 3 for the
response provided. The three separate ISP e-mail accounts were closed
months prior, but I was still able to access them through dial-up. Even
if it was poor housekeeping on an ISPís part, the point is, hackers are
using your canceled account Cable/DSL dial-up access and this should
tell the world how hackers are accessing the Internet for free. AT&T
and Qwest provided 20 free hours of dial-up at the time of writing my
book, but we used the same 20 hours, plus, each month. Hackers can then
set-up a Dial-up Server on a victims computer and use pre-paid phone
time. Or the hacker can set-up an ISPs Primary and Secondary DNS IP
addresses and just connect using their own modem and your canceled
Cable/DSL dial-up accounts.

The method used to calculate the potential loss to the ISP(s) was "
Estimated the above by the amount of attacks our compromised computers
were receiving on a daily, weekly and monthly basis." According to the
text, these attacks numbered 50,000 in a month. This equates out to
roughly one "attack" per minute just on the compromised machines. There
is no mention of what constituted an attack nor how it was determined
that all of these attacks came from closed or hacked accounts.

ME: There were two different computers online at any given time. Zone
Alarm and Blackice Defender logs listed a number of attacks and we also
calculated the Blackice firewall logs which was owned by the hackers,
hidden in a Folder. You have to remember, "The Trackers" were a six
member crew and we had at least one computer up almost 24/7. We never
could understand how the ferret owners never figured out how one person,
"ME", could be online 24/7 and not notice this. They would go to bed
and the computer would be online, they would wake up and the computer
was still online and someone was actively using the Internet. DAMN!
"Malicious hackers arenít going to use their own computers to scan any
system, network or server for open ports". I know some secrets around
this, but they wonít ever be shared with any one. About 90% or so of
firewall log evidence will come from innocent victims computers and some
of these computers are only misconfigured. How does this babe know
this, itís because Iíve contacted nearly a thousand of the owners of
these IP addresses listed in my firewall logs and either they had no
idea what the **** I was talking about, they didnít know their computer
had open ports or they didnít even know what an open port was. Their IP
address was port scanned and it revealed to me their computers with
either open ports, Trojan Horses or Backdoors.

The discussion in the paragraph revolves around potential lost revenue
and does not address the methods used to gain the access to the accounts
nor does it indicate methods to minimize the risk (i.e.strong
passwords).

ME: Will assume your talking about the two million dollar articles.
Iím not totally sure how to address this, but will try. Most
individuals on a Windows Platform donít know they need to disable any
services, especially file and print sharing. If a Windows Platform
owner doesnít disable these services then any one in the world can view
what is on their hard drive, install a Backdoor, Trojan Horse or Virtual
Private Network. (an elite hackers secret) Passwords donít mean ****
because many applications expose clear text passwords directly on your
hard drive. I have a listing of the applications which expose clear
text passwords, but if you want to know, purchase my e-book. This topic
could go on and on forever and itís not worth my time to address this
issue. Purchase my book and the rest of your question shall be
answered.

Moving on to paragraph B, the paragraph mentions that the "hackers" are
"Previous owners are unaware that the general public, or malicious
hackers, are using their old account information, and all vital
information that only the customer should know and have." The discussion
now moves from free access to an account to access to the ISP's database
of customer information. This would involve compromising more than just
a logon into a dial-up account.

ME: Iím not totally understanding your remarks here. See above
remarks.

We move on the the statement that previous customer would be liable for
any wrongdoing on a closed account. A previous customer would have no
liability whatsoever for what happens with a closed account. When an
account is closed, the ISP would become the responsible party.

ME: Many ISPís donít give you a confirmation number when they close
your accounts besides AOL that I know of. My point is, the malicious
hackers, some working for the 1%er Clubbers continue to use these
canceled dial-up accounts and itís not limited to the time limit an ISP
provides. Some ISPís donít close the dial-up access and these accounts
are being abused, revenue given away for free. Just as I did when
testing "my" Cable/DSL dial-up accounts which were still accessible to
me for as long as my heart desired.
But when the law checks the source of an ISPs communications IP and it
links to a specific computer, yours, sorry youíre misinformed. The law
will knock on the source not the ISP. Since the hacker is using your
computer for abusive purposes, the owner of the computer is responsible.

Paragraph C indicates that everyone is vulnerable to the dial-up access
since the "hackers" already have the email ID and password. Finally a
true statement, If your account has been compromised then you are indeed
vulnerable to someone using your account without permission. Hence the
need to utilize strong passwords and to change them often.

ME: Read earlier remarks and Iím only concerned with canceled Cable/DSL
dial-up access which is accessible after a person cancels their account.

Paragraph D shows a complete misunderstanding of what a MITM attack is
and how it operates. In the scenario shown, the MITM attack would have
had to compromise the ISP's server and not the computer of the user to
block information from the user to the ISP relating to their network. A
MITM attack forces a redirect the connection from one computer to the
next by re-routing information to the MITM system. MITM attacks, while
possible are also very fragile and typically would not be used in an
attempt to block email from a user to an ISP.

ME: Read in a few hacker books about a MITM and Loky Servers and how
they work. God gave me a gift and when I realized my abuse complaints
were coming back "mainly" from many "Loky Servers", this expressed that
a MITM was involved. Another sign was not receiving responses from
Internet Service Providers with a ticket number. This "told me" the
hackers had installed a MITM Server and only the hackers were receiving
our mail. DUH! Even e-mails to my friends went unnoticed until I
called them on the phone and asked them why they didnít respond to me
and their response was, I never received any mail from you. Many ISPís
I contacted didnít even realize that when you send in an abuse complaint
with a MITM that the complaint would go to the hacker first. They
advised us to e-mail them any complaint and we advised them of their
ignorance. I decided to give up on either Earthlink or Qwest Security
Personal and what a shame. Being a basic computer user, they should
know a hell of a lot more about MITM then me. The hacker directs my
mail to their server, they read what they want and then forward only
what they want to.

In the paragraph following D (E??), There is a direct contradiction of
the statement in paragraph A that number of ISP's were contacted and all
held the same policy of allowing unlimited access to closed accounts via
dial-up. The un-lettered paragraph states that only AT&T was contacted
but all of the other companies provide dial-up access.

ME: At the time only AT&T, Earthlink and Qwest were contacted.
Earthlink and Qwest were separate companies, then they merged. At some
point during the writing of my book, AT&T discontinued their free
dial-up access. The remaining ISPs listed were contacted on the phone
pertaining to their dial-up access. Three TOP well known ISPs couldnít
or wouldnít cancel their dial-up access, so how could you expect small
ISPs to do the same.

"THE SECOND MILLION DOLLAR EXPOSURE"

Once again we find nonsensical sentences like: "On unlimited occasions
then you could count, while the system was online, it would freeze or
lock-up."
A system freezing or locking up can be caused by a number of factors
including but not limited to OS issues, software or hardware conflicts,
hardware problems etc. Making a correlation between a computer locking
up and that same computer being compromised is ludicrous to say the
least. Other than being an annoyance, locking up a compromised computer
does very little for the "hacker" since a locked up computer is useless
while it is in that state.

ME: I believe the computer freezing up had to do with us changing
between DCHP, PPP and dial-up connections and the settings between the
different Internet Service Providers. Most basic computer users wouldnít
be changing their set-ups as often as we did. The Second Million Dollar
Exposure wasnít exposed to me until about a year after I discovered my
systems were compromised.

The test mentioned here merely shows what MS already told her, that is
no charge for connections to multiple email addresses. Interestingly,
the "test" mentions access to email accounts only. There is no mention
if the "other Tracker" was using their ISP to attach to the MS mail
server or if they were connecting via a login. Also, I noticed that
there were not simultaneous connections to the SAME email account.
Either way, if this is how MS wants to bill their customers, it is not
evidence of a "hacker" doing anything to the account. It is merely a
benefit of an MSN account and nothing more. Currently Compuserve, AOL
and a number of other ISP's allow concurrent acess to member accounts in
the same household. This is an indicator that more households have
multiple computers that need to be online simultaneously and nothing
else.

ME: The other Tracker had their own MSN account. An ISP account can
only track e-mail addresses, the phone number which the account is
accessed from. A Tracker was connecting through their own MSN set-up
using my main e-mail account e-mail address. Concurrent doesnít mean
the same as simultaneously at the same time. We both used my main email
address and one other e-mail address of the nine addresses MSN
provides. We connected at the same time one after the other using both
my main e-mail address and one of the other eight e-mail addresses MSN
provided. We both live in different states and we still were able to
use the same e-mail addresses, simultaneously. No extra bill was sent
my way, of which I would have paid. Just because "The Trackers" are
friends doesnít mean any one that is given any of my nine e-mail
addresses should be able to connect at the same time. This is allowing
hackers and 1%er Clubbers to also use these addresses to log onto
Microsoft Networks or Servers which is providing free access to eight
other people whom I may or may not know. And donít forget them Dial-up
Servers and pre-paid phone cards the criminals are using. DAMN!

The Best Kept Secrets of Backdoors, Cracking, Firewalls, Hacking,
Proxies, The Internet, Trojan Horses, Virtual Private Networks, Virus,
Windows and different types of Servers can be found at:
http://geocities.com/secure2003flop

Tracker



 
Reply With Quote
 
 
 
 
What In Tarnation's a ...
Guest
Posts: n/a
 
      10-16-2003
On Wed, 15 Oct 2003 13:18:42 +0400, Tracker <snailmail(removevalid)(E-Mail Removed)> wrote:
> Remember,


<snip>

> Tracker



You're a spammer and a ****wit. Even troll-wise you suck.

Nobody can learn anything from you, and you *won't* learn anything from anyone
else.

Once again, **** off.


 
Reply With Quote
 
 
 
 
RCH
Guest
Posts: n/a
 
      10-16-2003
GENERAL COMPUTER HEALTH WARNING
------------------------------------------------------------------

Any advice from a poster using the identity 'tracker' may contain
dangerous nonsense, and should be immediately deleted from your
computer.

Do NOT contact this person by email!

Do NOT feed the Trolls, one warning is enough, further messages
only reinforce the desire for attention that provides motivation.

For more information:
http://www.sand-n-sea.us/debbiesdrival.htm

Send UBE complaints to: http://www.velocityreviews.com/forums/(E-Mail Removed), (E-Mail Removed),
(E-Mail Removed) (UBE traffic), (E-Mail Removed),
(E-Mail Removed) (hosted website). Include all headers, and be
objective.
Rob
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
New Canon EIS mirrorless system - Four Thirds, but not Four Thirds! Bruce Digital Photography 31 09-25-2010 05:38 AM
Pre-Release Review: Four Brothers (2005) searchsubmit@mail.com DVD Video 2 08-15-2005 11:51 PM
Firefox won't respond duane Chism Firefox 4 02-25-2005 04:12 AM
Review Four Hank Computer Security 14 10-06-2003 01:18 AM
Re: Review Four Anonymous via the Cypherpunks Tonga Remailer Computer Security 0 10-03-2003 05:56 AM



Advertisments