Tracker Book Material - Online

Discussion in 'Computer Security' started by Leythos, Sep 11, 2003.

  1. Leythos

    Leythos Guest

    Ok, everyone, I found enough time to do what I said I would do - now
    we're waiting on the Tracker to catch up with me.

    I have been emailed the first of 5 snippets that Tracker feels would be
    a good example of her work. I have only formatted it so that it would
    fit nicely on the frame - I did NOT change any content in any way.

    I would ask a couple things - read the HOUSE RULES. Don't flame me, this
    may be our "last, best hope for man kind" (as was taken from B5).

    When you reply to me, put the word TRACKER in the subject line so I can
    automate the email filtering. The account is a throw-away email account,
    so bombing it won't impact me.

    Please only send me CONSTRUCTIVE / TECHNICAL responses - we're security
    people, not lamers. If you send me anything that is abusive I will
    delete and mark your address for auto-delete, and I will NOT forward it
    to Tracker.

    If the Tracker(s) don't get me the rest of the info before the weekend
    is done I will remove the site.

    I will post responses to Trackers info in the email - I won't post all
    of them, but ones that I think best address the issues with it. If the
    site does well, we can then point people to it for corrections.

    You can find the site at -

    The site is CPU and Bandwidth throttled so as not to impact the rest of
    the server. The entire set of pages are simple text, so it should load
    rather well. I limited it to 128kbps upstream.

    Mark - A security minded person.
    Leythos, Sep 11, 2003
    1. Advertisements

  2. Leythos

    Jim Watt Guest

    and returns HTTP 403.6 - Forbidden

    Oh my forbidden knowledge.
    Jim Watt, Sep 12, 2003
    1. Advertisements

  3. Leythos

    Leythos Guest

    I can't imagine why - I tested it through 4 other external connections.
    I will remove the IP restrictions in the firewall - I block most non-US

    Leythos, Sep 12, 2003
  4. Leythos

    Leythos Guest


    I had blocked about 50 subnets due to firewall detection of scans and
    spammers - I opened it for this site.

    Leythos, Sep 12, 2003
  5. Leythos

    Leythos Guest

    Feedback Update - we've had 4 people provide feedback already. All was
    constructive and nothing in the way of flames.

    I will try and get some of this posted under a new link called - CH1
    Responses. this weekend.

    Leythos, Sep 12, 2003
  6. Leythos

    Frode Guest

    Hash: SHA1

    For anybody somewhat curious but too lazy to check the site. She's sent 4
    "chapters" (a few lines of text each), and it's the exact same junk
    (literally, looks like copy'n'paste) she's been posting here repeatedly for
    ages now. My personal favorite is still how your computer's clock will tell
    you if you've been compromised.

    - --

    Version: PGP 8.0.2

    -----END PGP SIGNATURE-----
    Frode, Sep 12, 2003
  7. Leythos

    donut Guest

    *sigh* Dick, Jane & Sally was more interesting.

    So far, all I see is paranoia over misunderstandings of the policies of
    certain ISPs, and the most basic info about hidden folders.

    Yes, she is correct that a malicious hacker (thanks for using that term,
    Debbie, as we all know that most hackers are not malicious) could install a
    Trojan Horse on your computer and control it, even disabling your firewall.
    This is basic first grade security stuff.

    What she does not explain (so far) is how the Trojan Horse can get there in
    the first place if:

    1. Your firewall is properly configured.

    2. You are sensible about opening emails with attachments, and downloading
    ..exe files.

    3. You have software installed that will detect changes in your OS and file

    4. You have disabled ActiveX and Install On Demand in IE (assuming you use
    that browser at all.)

    5. You use good AV, spyware and Trojan detection software.

    6. You have an ounce of brains and security knowledge.

    So far, I haven't seen anything WRONG in what's been posted. The whole
    thing about the ISPs and extra email addresses was confusing. For someone
    in another state to log into her email, of course she gave them the
    password. They couldn't have logged in otherwise. If they have the
    password, then of course they are free to do whatever they want with the

    Too much ado about very little, so far. ;)
    donut, Sep 12, 2003
  8. Leythos

    Solbu Guest

    Hash: SHA1

    Why? *just beeing qurious*

    - --
    Solbu -
    Remove 'ugyldig' for email
    PGP key ID: 0xFA687324
    Version: GnuPG v1.2.1 (GNU/Linux)

    -----END PGP SIGNATURE-----
    Solbu, Sep 12, 2003
  9. Leythos Spilled my beer when they jumped on the table and proclaimed
    Like I said in e-mail, Mark, thanks for doing this. Maybe we all
    can put this mess to bed once and for all soon...

    Thund3rstruck, Sep 12, 2003
  10. Leythos

    Ned Guest

    Same here, why?
    Ned, Sep 12, 2003
  11. Leythos

    Peter Jones Guest

    I particularly like *this*:

    Exactly *why* would a hacker disable your DST? (And does that mean that,
    since we do not *have* DST here in Queensland, that we are a more attractive
    target for hackers? One less step for them to perform once they've taken
    control of our machines...)

    Overall, I get the impression of it being more paranoid ramblings than
    anything else, with generous helpings of FUD and little or no technical (or
    otherwise useful) information.


    Peter Jones, Sep 12, 2003
  12. Leythos

    Leythos Guest

    My servers are part of my development business - like some companies
    doing remote development, I have servers in the USA for in-country
    remote development teams. The servers run about 50 sites that provide QA
    and Development staging areas for products. None of these sites are the
    customers production sites, they are to provide the developers and
    customers team with access to what we are building.

    In monitoring my firewall logs, I see that most of the scanning of my
    network addresses comes from foreign countries - since all my
    clients/developers are US based, I block as many foreign subnets as
    possible. While blocking does not prevent anything itself, if they are
    blocked that's one more layer where they can't start trying anything.

    In my experience, blocking Asia, Middle Eastern and Eastern countries
    has done no harm to my network, but it has cut down on the log files and
    even spam email.
    Leythos, Sep 12, 2003
  13. Leythos

    Leythos Guest

    While I agree with you - it's the same short material we've seen before,
    I have asked Tracker(s) to send more material so that we can either
    validate them or show them where they are misguided. Here is a copy of
    the email I sent requesting more copy and an explanation of why:


    Yes, I know it's your book. The intent of offering you this opportunity
    was for you to put your best examples of your knowledge on the site so
    that the lead technical people in the security groups could provide
    truly constructive feedback, so that you might be able to correct some
    things, and so that if you could see true constructive feedback in a
    positive light that you might change your path.

    The information you've sent is full of the same stuff I've seen you post
    many times before and I hate to say this (don't be offended) it's very
    poorly written. The entire 4 sections you've sent should be under one
    chapter on the website, there is only enough content in those 4 sections
    for one chapters worth, not 4 chapters worth of content.

    If I can take the time to do this for you, and if you are going to take
    me up on the offer, I would hope that you would at least provide your
    best examples of what you want the security specialists to see.
    Remember, many of the people that are in those groups get paid/make a
    living off knowing security and many (like me) have more than 15 years
    experience. Most of us started off reading the Usenet posts and now we
    are giving back to Usenet to help others. Helping you with this
    understanding, like I am now, is the most extreme I've gone too
    (website, multiple emails, etc) for anyone.

    You should really understand, to be taken seriously in a security group
    (or any group), you are going to have to show a lot of technical
    knowledge in the subject matter. I would suggest that you send a lot
    more information for me to post.

    This should be your shining moment - the people in the security groups
    are going to judge your merit based on your work (that I'm taking the
    time to post on a website for free), not any personal prejudice that
    they have built up over the last couple years. I've seen to it that only
    constructive feedback will be given, I will filter any abusive comments,
    and I will start sending you the comments this weekend. This is your 15
    minutes of fame - use it well or you will never live this one down. I've
    given you the keys to being authenticated in the security groups, it's
    up to you to use them.

    Leythos, Sep 12, 2003
  14. Leythos

    MyndPhlyp Guest

    Perhaps hackers ... er, malicious hackers ... took over Queensland long ago
    which is why you do not observe daylight savings time. (Sneaky little
    MyndPhlyp, Sep 12, 2003
  15. Leythos

    CyberDroog Guest

    I agree. That seems to be a glaring omission. "They install a Trojan
    Horse which disabled your anti-virus and firewall protection".

    How??? Debbies solution to this, as posted here many times is... to
    install anti-virus and firewall programs, and disable some Windows

    Those Windows services, according to Debbie, make the anti-virus and
    firewall programs useless. That is flat out false. You can have every
    service Windows offers active. All the popular firewall programs, by
    default, prevent *any* connection to the net.

    That means you have to configure the firewall to allow access. Now that
    does involve some security mindedness and a bit of knowledge. But that is
    something about which Debbie, as far as I have seen, has never uttered a
    single word.

    I took a look at the site. It goes without saying that chapter 1 and
    chapter 2 are essentially talking about the same thing. Why two
    "chapters"? Note that the term chapter must be taken loosely. Each
    consists of only a few paragraphs.

    Chapter 3, outlining the curious, and apparently magical, way in which
    malicious hackers install trojans and replace your firewall and anti-virus
    software, also contains the following odd statement.

    "If you want to learn more about computer security, if you’re a beginner,
    one avenue is to read-up on configuring your mail and browsing
    applications. Google and Yahoo also have Newsgroups and message boards
    pertaining to the aforementioned. If utilizing a Windows platform, do some
    reading on configuring your Windows Internet Options both Internet and
    Local Settings. Also, spend time learning what applications in Windows are
    running and on what port they run on. "

    ??? I thought the book was supposed to *be* the security training... It
    would seem rather disheartening to buy a book about computer security and
    right off the bat being given the advice "Read some books on computer

    I hope Debbie doesn't move on to writing software. I can see her releasing
    a powerful new combination anti-virus/firewall "program" that consists of a
    single text file that says: Step 1: Get yourself Visual Basic and write an
    anti-virus/firewall program.

    Chapter 4 contains Debbie's usual list of strange and altogether
    unexplained beliefs about how to know when your system is hacked.

    A. Hackers disable your Daylight Savings Time.

    How? Why? Why would the malicious hacker leave an obvious clue on your
    system for absolutely no benefit?

    B. The clock on the desktop can be one hour ahead or one hour behind, on

    Well wouldn't that be the expected result of your Daylight Savings Time
    setting being changed? I think she is padding her list.

    C. Your Network Places Icon on the desktop disappears.

    How? Why? These malicious hackers, according to Debbie, have the ability
    to install Trojan Horses on your system, replace your anti-virus and
    firewall programs, etc, etc. And again they leave such an obvious clue
    when doing so is of absolutely no benefit to them.

    D. If using a Windows platform: when you start your computer, your original
    screen will pop up, but since the hackers need to boot into their Networks,
    or Server(s), the system will quickly re-boot and the original screen will
    appear twice. But your system may re-boot twice instead of once when
    loading Windows OEM versions.

    Another fully unexplored statement. Why exactly would this happen? What's
    this extra network? Precisely what registry settings or config files cause
    the system to run this extra network? It has to run *somehow*, yet no
    details are offered.

    Etc, etc. Debbie presents a long list of commonly known Windows bugs or
    symptoms of common problems and suggests that malicious hackers are behind
    it all. No details, no proof.

    And apparently no proof *reading* either. The writing is so bad that it
    gives the impression of having been translated from Russian to English by a
    Japanese person, who knew neither Russian nor English, with the assistance
    of a Chinese friend who did know both Russian and English but only spoke
    broken Japanese.

    But hey, that *does* give Debbie a readily identifiable style...

    Our subconscious minds have no sense of humor, play no jokes and cannot tell the
    difference between reality and an imagined thought or image. What we continually
    think about eventually will manifest in our lives.

    - Madwed, Sidney
    CyberDroog, Sep 12, 2003
  16. Leythos

    Jim Higgins Guest


    You are either validating a nutcase or feeding a troll. Please
    Jim Higgins, Sep 12, 2003
  17. LOL! I don't wish to wade into this TRACKER/debbie controversy, but
    couldn't stop laughing here...

    R Green
    Tech Support
    R Green -, Sep 12, 2003
  18. Leythos

    Leythos Guest

    Jim, there are many ways to "work" with people and to educate them. As
    many of us have seen, what has been tried before is NOT working. I hope
    to be able to show her what is valid and what is not valid and hope that
    we can get on with the group - surely a weeks time will not impact us
    any more than the constant flames that appear ever time Tracker posts

    It can't hurt and it may help.
    Leythos, Sep 13, 2003
  19. Leythos Spilled my beer when they jumped on the table and proclaimed
    in <>:

    I started blocking China Telecom, and my scan logs went down by this is completely understandable...

    Thund3rstruck, Sep 13, 2003
  20. Leythos

    Jim Watt Guest

    True, but Europe is another thing

    I was blocking email from Japan, but someone there wanted to
    buy something and had to resort to the fax,
    Jim Watt, Sep 13, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.