Actually fairly important...was: Re: /COMP/especially for Art Sowers

Discussion in 'Computer Security' started by straydog, Feb 3, 2005.

  1. straydog

    straydog Guest

    I am cross-posting to a few comp newsgroups in the interest of making more
    people aware of this (see below)....


    On Thu, 3 Feb 2005 wrote:

    > Date: 3 Feb 2005 04:11:39 -0800
    > From:
    > Newsgroups: sci.research.careers
    > Subject: /COMP/especially for Art Sowers
    >
    >
    > http://www.boingboing.net/2005/01/27/jailed_for_using_a_n.html
    >
    > Thursday, January 27, 2005
    > Jailed for using a nonstandard browser
    >
    > A Londonder made a tsnuami-relief donation using lynx -- a text-based
    > browser used by the blind, Unix-users and others -- on Sun's Solaris
    > operating system. The site-operator decided that this "unusual" event
    > in the system log indicated a hack-attempt, and the police broke down
    > the donor's door and arrested him. From a mailing list:
    >
    > For donating to a Tsunami appeal using Lynx on Solaris 10. BT [British
    > Telecom] who run the donation management system misread an access log
    > and saw hmm thats a non standard browser not identifying it's type and
    > it's doing strange things. Trace that IP. Arrest that hacker.
    >
    > Armed police, a van, a police cell and national news later the police
    > have gone in SWAT styley and arrested someone having their lunch.
    >
    > Out on bail till next week and preparing to make a lot of very bad PR
    > for BT and the Police....
    >
    > So just goes to show if you use anything other than Firefox or IE and
    > you rely on someone else to interogate access logs or IDS logs you too
    > could be sitting in a paper suit in a cell :(
    >
    >


    Thanks, "goody," for bringing this to light.

    I checked this URL and its for real, and has a small update.

    I have used, and still use, both LYNX and LINKS for a number of
    web-browsing purposes (including that these browsers are safer from back
    hacking by trojanized websites, much faster than graphical browsers, and
    sometimes will actually get through [for reasons I don't know] to websites
    when a graphical browser will not get through).

    I have actually succesfully used LYNX from my Unix shell account to do
    business transactions (i.e. login, password, and other serial number
    based transfers to other pages, or accesses on the website, on the internet).

    At least LYNX has a DOS port and may be naturally more resistant to hacker
    attack (as well as a wide variety of malware on the internet) than
    anything else (but what I've read of it, it may also crash
    more often).

    The idea that your can use a rare browser for access to a website and
    sysadmins at the website can't recognize it suggests that the sysadmins
    are really incompetant (Maybe its MS Windows Server and the sysadmins
    thing there is nothing else in the world besides MS SW) and the law
    enforcement system is doing a knee-jerk instead of a well thought out
    proceedure. What I've read of catching black hackers they do quite a
    bit of research on the guy first, then sic the cops on them.

    The innocient guy would be in his rights to litigate for compensation for
    his inconvenience AND a miscarrige of justice. Other people who like to
    use LYNX and LINKS for web browsing...take heed. And, for the
    surreptitious, you can google "fake user-agent" for more information.
    straydog, Feb 3, 2005
    #1
    1. Advertising

  2. straydog

    Arthur Hagen Guest

    straydog <> wrote:
    >
    > The idea that your can use a rare browser for access to a website and
    > sysadmins at the website can't recognize it suggests that the
    > sysadmins
    > are really incompetant (Maybe its MS Windows Server and the sysadmins
    > thing there is nothing else in the world besides MS SW)


    Yep. WebSite/3.5.19 on Windows 2000.

    How about if we all telnet to port 80 on that web server (http://dec.org.uk/
    which has *nothing* to do with Digital Equipment Corporation) and do a few
    perfectly legal GET requests with appropriate headers?

    telnet dec.org.uk 80

    GET / HTTP/1.0
    Host: dec.org.uk
    User-Agent: myself (Wetware; fingers on keys v 1.0)
    Accept: text/plain,message/news

    Surely, they can't arrest us all?

    Regards,
    --
    *Art
    Arthur Hagen, Feb 3, 2005
    #2
    1. Advertising

  3. In article <ctuccl$iil$>, Arthur Hagen wrote:

    >Surely, they can't arrest us all?


    Not if they're too busy arresting the clueless admins for
    wasting police time.

    --
    Elvis Notargiacomo master AT barefaced DOT cheek
    http://www.notatla.org.uk/goen/
    Elections must be close. Simon Hughes MP (LibDem) (well, an assistant)
    has replied to my letter from 9 months ago.
    all mail refused, Feb 4, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. .
    Replies:
    0
    Views:
    726
  2. arcade
    Replies:
    0
    Views:
    425
    arcade
    Nov 30, 2006
  3. arcade
    Replies:
    1
    Views:
    628
    Paul Heslop
    Nov 30, 2006
  4. Andrew Mowat
    Replies:
    0
    Views:
    597
    Andrew Mowat
    Sep 14, 2004
  5. Giuen
    Replies:
    0
    Views:
    832
    Giuen
    Sep 12, 2008
Loading...

Share This Page