|
Home > Archive > Anonymous Servers > February 2007 > Allow Me To Apologize
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Allow Me To Apologize
|
|
| admin@newsanon.yi.org 2007-02-15, 1:13 pm |
| I wish to apologize to anyone who has used, or thought he might
use, the web2mail/news or 'instant mail' utilities that I put up
not too long ago.
The reason I wish to apologize is that I realize that I do not
have the technical competence to secure them from hackers. If
you are going to run a web script, you need to be more proficient
than I am at keeping it from being subverted and letting a hacker
get into your system.
I had no idea of the dangers involved and, as a result, the
security of the computer has been breached several times, the
latest a short time ago, after I had added some validation and
escapes. I thought that might secure it but, seeing it breached a
few minutes later has made me realize I don't know what I'm doing
in regard to making these web scripts secure, and likely never
will. At least not well enough to keep out a knowledgeable hacker.
So I've shut the utilities down and eliminated scripting
as an option for the web server.
Sorry to have wasted your time. It was fun to work on, but
adequately securing scripts is obviously a tricky business and
one that I'm better off staying away from.
| |
| Anonyma 2007-02-15, 7:12 pm |
| In article <20070215180909.77FFk70IjHdh@anonymous.poster>
admin@newsanon.yi.org wrote:
>
> I wish to apologize to anyone who has used, or thought he might
> use, the web2mail/news or 'instant mail' utilities that I put up
> not too long ago.
>
> The reason I wish to apologize is that I realize that I do not
> have the technical competence to secure them from hackers. If
> you are going to run a web script, you need to be more proficient
> than I am at keeping it from being subverted and letting a hacker
> get into your system.
Crackers, not hackers. Hackers are not bad.
> So I've shut the utilities down and eliminated scripting
> as an option for the web server.
>
> Sorry to have wasted your time. It was fun to work on, but
> adequately securing scripts is obviously a tricky business and
> one that I'm better off staying away from.
As you haven't PGP signed this, I have absolutely no idea if this is
real or not. I'll assume it isn't...
| |
| Anonymous 2007-02-15, 7:12 pm |
| Great. Now it's back to wait-and-pray.
| |
| Anonymous Remailer (austria) 2007-02-15, 7:12 pm |
|
then you have no reason not to believe that your machine is now under the
control of the hacker, who can do with it anything that he wishes at
anytime
except if he was really clever and nefarious then you would never know he
was there
except maybe he was subtle, but another more obvious hacker/vandal also was
there, and now the real hacker is pissed that you have been alerted
On 15 Feb 2007, admin@newsanon.yi.org wrote:
>I wish to apologize to anyone who has used, or thought he might
>use, the web2mail/news or 'instant mail' utilities that I put up
>not too long ago.
>
>The reason I wish to apologize is that I realize that I do not
>have the technical competence to secure them from hackers. If
>you are going to run a web script, you need to be more proficient
>than I am at keeping it from being subverted and letting a hacker
>get into your system.
>
>I had no idea of the dangers involved and, as a result, the
>security of the computer has been breached several times, the
>latest a short time ago, after I had added some validation and
>escapes. I thought that might secure it but, seeing it breached a
>few minutes later has made me realize I don't know what I'm doing
>in regard to making these web scripts secure, and likely never
>will. At least not well enough to keep out a knowledgeable hacker.
>
>So I've shut the utilities down and eliminated scripting
>as an option for the web server.
>
>Sorry to have wasted your time. It was fun to work on, but
>adequately securing scripts is obviously a tricky business and
>one that I'm better off staying away from.
| |
| Anonymous 2007-02-15, 7:12 pm |
| That's because php is a toy language.
It was probably some child-molesting pervert who did the damage.
| |
| George Orwell 2007-02-15, 7:12 pm |
| On Thu, 15 Feb 2007, Anonymous <nobody@mixmin.net> wrote:
>That's because php is a toy language.
>
>It was probably some child-molesting pervert who did the damage.
That's mighty brave of you to step forward and take credit, pervert.
| |
| Anonyma 2007-02-15, 7:12 pm |
| On Thu, 15 Feb 2007, Anonymous <nobody@mixmin.net> wrote:
>It was probably some child-molesting pervert who did the damage.
That's quite plausible. The train of thought goes like this:
- perverts use anon email. They have no use for anon posting. They mainly
trade their sick items in email.
- they therefore don't want anything to threaten the existence of anon
email. When non-pedo people use anon posting for trolling usenet, that
creates public antipathy to remailers. The perverts don't want that, they
want to silently practice their slimy obsession without any public
attention to remailers.
- the naieve assholes who wrote mixmaster aid the perverts by setting
abnormally high ability for message size. That aids perverts who send
media, but it does not aid people who use usenet postings to express
politically dangerous speech.
- therefore, perverts will do what they can to stop anon posting for the
masses.
| |
| joe blow 2007-02-16, 7:14 am |
| On Thu, 15 Feb 2007 21:15:20 +0000, Anonymous wrote:
> Great. Now it's back to wait-and-pray.
Here's an alternative: sign up at a web2mail site like yahoo that lets you
sign up using tor and lets you send email using tor. Yahoo is the only one
I can think of, but there must be others.
When you want to send a message to a newsgroup, send an email addressed to
newsgroupname@newsanon.yi.org.
Make sure you disguise the 'from' address. There are two ways to do it:
1. Send the email to newsgroupname_@newsanon.yi.org. That gets you a
random 'from' name.
2. In the body, starting in column 1, put:
x-himmel: joe blow <joeblow@abc.invalid>
where: joe blow <joeblow@abc.invalid> is the 'from' name you want.
A list of the gateway's functions is at
http://eelbash.yi.org:8080/info/remm2n.html
| |
| Anonymous 2007-02-16, 1:12 pm |
| On Fri, 16 Feb 2007 12:25:58 +0000, joe blow wrote:
> On Thu, 15 Feb 2007 21:15:20 +0000, Anonymous wrote:
>
>
> Here's an alternative: sign up at a web2mail site like yahoo that lets you
> sign up using tor and lets you send email using tor. Yahoo is the only one
> I can think of, but there must be others.
Two things to add: you need a site that allows tor *with Java and
javascript turned off* and yahoo allows you to sign up and post that way.
If people know of other webmail sites like that it would be good to have a
list of them.
Secondly, you are sending the message directly to the m2n gateway - no
remailers involved. Once it gets there, which should be within seconds of
you sending it, the message will be posted to the newsgroup(s) within a
minute or so.
So it is pretty quick. The only problem I have using yahoo is signing in
each time and wading through all the advertising.
>
> When you want to send a message to a newsgroup, send an email addressed to
> newsgroupname@newsanon.yi.org.
>
> Make sure you disguise the 'from' address. There are two ways to do it:
>
> 1. Send the email to newsgroupname_@newsanon.yi.org. That gets you a
> random 'from' name.
>
> 2. In the body, starting in column 1, put: x-himmel: joe blow
> <joeblow@abc.invalid>
>
> where: joe blow <joeblow@abc.invalid> is the 'from' name you want.
>
> A list of the gateway's functions is at
> http://eelbash.yi.org:8080/info/remm2n.html
| |
| Nomen Nescio 2007-02-16, 1:12 pm |
| joe blow wrote:
> When you want to send a message to a newsgroup, send an email
> addressed to <FLUSH>
If you're going to spam what's left of your pathetic anon server crap
at least have the balls to do it in the open you yellow coward.
| |
| Anonymous Remailer (austria) 2007-02-16, 1:12 pm |
|
On Fri, 16 Feb 2007, George Orwell <nobody@mixmaster.it> wrote:
>On Thu, 15 Feb 2007, Anonymous <nobody@mixmin.net> wrote:
>
>That's mighty brave of you to step forward and take credit, pervert.
as evidence, we see immediately how the perverts get angry and respond.
Those child-molesting deviants don't like to be called "pervert". What they
do like is to send large, multi-part mix packets through remailers all day
long. Who the hell else gives a crap about having long latency in order to
evade TLAs.
OTOH, there is the naive myth that "dissidents" send images of "oppression"
through remailers to the outside world. What a laugh.
| |
| Pervert 2007-02-17, 1:12 am |
| Anonyma <anon-bounces@deuxpi.ca> wrote in
news:fd0ad4803c7d1b51575b162febffe128@de
uxpi.ca:
> On Thu, 15 Feb 2007, Anonymous <nobody@mixmin.net> wrote:
>
>
> That's quite plausible. The train of thought goes like this:
>
> - perverts use anon email. They have no use for anon posting. They
> mainly trade their sick items in email.
>
> - they therefore don't want anything to threaten the existence of anon
> email. When non-pedo people use anon posting for trolling usenet, that
> creates public antipathy to remailers. The perverts don't want that,
> they want to silently practice their slimy obsession without any
> public attention to remailers.
>
> - the naieve assholes who wrote mixmaster aid the perverts by setting
> abnormally high ability for message size. That aids perverts who send
> media, but it does not aid people who use usenet postings to express
> politically dangerous speech.
>
> - therefore, perverts will do what they can to stop anon posting for
> the masses.
>
Nope, you've got it all wrong.
We want to blend in with the masses of anonymous folk. The more people
using anonymous email and/or posting, the less likely we are to stick
out. I mean, the less likely we are to be conspicuous.
Remailers suck for binaries, and so does TOR. But they are nice
for keeping it touch.
Pervert
| |
| Pervert 2007-02-17, 1:12 am |
| "Anonymous Remailer (austria)" <mixmaster@remailer.privacy.at> wrote in
news:6b0cffe91e325db1bdaf78b4a05a43de@re
mailer.privacy.at:
>
> On Fri, 16 Feb 2007, George Orwell <nobody@mixmaster.it> wrote:
>
> as evidence, we see immediately how the perverts get angry and
> respond. Those child-molesting deviants don't like to be called
> "pervert". What they do like is to send large, multi-part mix packets
> through remailers all day long. Who the hell else gives a crap about
> having long latency in order to evade TLAs.
>
> OTOH, there is the naive myth that "dissidents" send images of
> "oppression" through remailers to the outside world. What a laugh.
>
>
I think I speak for all perverts.
Why would us perverts shoot the goose that laid the golden egg?
Perverts are desperate for ways to send email and post anonymously,
so it was just some silly teenager with nothing better to do
that screwed with his web site.
Hackers/crackers motto: Because we can!
Pervert
| |
| joe blow 2007-02-18, 1:12 pm |
| On Thu, 15 Feb 2007 21:15:20 +0000, Anonymous wrote:
> Great. Now it's back to wait-and-pray.
Would this work? Use QS to send a message via TOR to one of the remailers
that allows for it. I think banana and panta both do. So you would end up
sending through TOR and then to the one remailer. It's not immediate, but
not bad, and with one remailer, reliability should be high.
Maybe somebody could give us an example of a QS template for sending this
way.
| |
| Anonyma 2007-02-18, 1:12 pm |
| joe blow wrote:
> On Thu, 15 Feb 2007 21:15:20 +0000, Anonymous wrote:
>
>
> Would this work? Use QS to send a message via TOR to one of the
> remailers that allows for it. I think banana and panta both do. So
> you would end up sending through TOR and then to the one remailer.
> It's not immediate, but not bad, and with one remailer, reliability
> should be high.
WTF is the point. The only difference between that and just using tor
is you give a single remailer operator free and clear access to every
message you send.
Which probably makes tiny little Chinese penises jump to attention
almost as quick as if you used their remailer web interface completely
naked.
>
> Maybe somebody could give us an example of a QS template for sending
> this way.
Maybe you should just give it up already. Find something else to do
with your time that's a little more rewarding. Like trepanation.
| |
| George Orwell 2007-02-18, 7:12 pm |
| On Sun, 18 Feb 2007 18:06:00 +0000, Practical-Anon wrote:
>
> Well, I'll post the unfinished code anyways,
Thanks.
>
> It can be changed to use Zax's web form, if anybody wishes. Elsewise,
> anybody can inspect the parsing function, etc by running locally, without
> ever doing actual posting.
>
> I doubt, though, that I will do any further coding of anon software.
That's too bad. I hope you will reconsider. Javascript seems like a useful
way to create a gui front end.
| |
| Anonyma 2007-02-19, 1:12 am |
| Anonymous wrote:
> The scheme was to run in a javascript-enabled browser that is used
> ONLY for the purpose of posting to Eelbash's one php page. My HTML
> page would be stored locally, and was fully user-customizable (being
> all HTML and javascript) for different identities, etc. Each identity
> would be stored locally in a separate page. It also gives a user the
> chance to experiment around with javascript programming in a real
> world application, if they haven't tried it before.
Why are you messing around with local web page interfaces to remailer
gateways let alone Javascript? You can do the same thing with plain old
forms and HTML, and not have to worry about some active content problem
making an end run around the Tor and Privoxy setup you _should_ be
using. There's no need what so ever for any client side message
manipulation because the CGI itself does it. As a matter of fact you
can capture Zax's CGI generated html page, save it locally, modify the
form's ACTION directive to add the path to the CGI, and run that off
your own system rather than off Zax's server if you really think a
local HTML interface to a remote CGI scrip gains you anything at all but
another opportunity for something to break or go horribly wrong.
There's really much point to doing anything like this. You accomplish
nothing but saving another bit of evidence that you're using a web
based remailer interface to your hard drive in the form of a file
that's likely going to have some sort of access time attached to it
which tells anyone who happens on it exactly when and where you're
going while "anonymous", and when.
Best to leave well enough alone and just let Tor do its job in my
opinion. You have to make that connection to use the service anyway so
what's the benefit that outweighs the added risks???
| |
| Anonyma 2007-02-19, 1:12 am |
| On Sun, 18 Feb 2007, Anonyma <anon-bounces@deuxpi.ca> wrote:
>Anonymous wrote:
>
>
>Why are you messing around with local web page interfaces to remailer
>gateways let alone Javascript? You can do the same thing with plain old
>forms and HTML,
you can't parse the reply with HTML forms alone, you XXXXXXX Boschloo
He said from the begnning that the javascript was for convenience, to
relieve the poster from manually filling out Subject:, References: etc
Is it that you can't read, or that you're an XXXXXXX of a moron? We all
know the answer to that question
>and not have to worry about some active content problem
Eel's posting page was available for anyone to see, to confirm that there
was nothing nefarious on it. Boschloo, you are such an XXXXXXX once again.
>making an end run around the Tor and Privoxy setup you _should_ be
>using. There's no need what so ever for any client side message
>manipulation because the CGI itself does it.
no, it doesn't, you pathetic piece of talking shit
>As a matter of fact you
>can capture Zax's CGI generated html page, save it locally, modify the
>form's ACTION directive to add the path to the CGI, and run that off
>your own system rather than off Zax's server if you really think a
>local HTML interface to a remote CGI scrip gains you anything at all but
>another opportunity for something to break or go horribly wrong.
it relieves the poster from manully filling in fields, you stupid piece of
idiotic moron
doing what you say provides no additional functionality, you stupid piece
of talking shit
>
>There's really much point to doing anything like this. You accomplish
>nothing but saving another bit of evidence that you're using a web
>based remailer interface to your hard drive in the form of a file
most of us who post to usenet aren't afraid of what the police can find on
our hard drives, you disgusting pervert.
>that's likely going to have some sort of access time attached to it
just as with JBN or Quicksilver, you stupid piece of shit
>which tells anyone who happens on it exactly when and where you're
>going while "anonymous", and when.
I hope the police do catch up with you soon, you filthy pervert
>
>Best to leave well enough alone and just let Tor do its job in my
>opinion. You have to make that connection to use the service anyway so
>what's the benefit that outweighs the added risks???
convenience, you stupid piece of ugly shit. We're not worried about the
police, we're worried about free speech and how it is squelched.
I really do hope the police catch up with you soon, you filthy pervert
| |
| Anonymous Remailer (austria) 2007-02-19, 1:12 am |
|
On Sun, 18 Feb 2007, Anonyma <anon-bounces@deuxpi.ca> wrote:
>joe blow wrote:
>
>
>WTF is the point. The only difference between that and just using tor
>is you give a single remailer operator free and clear access to every
>message you send.
What the hell do I care if a remop reads a PUBLIC POST!!!!!!!!!!!!!!!!! I
make a post to usenet precisely so that people will read it!!!!!!!! If it
is made through TOR, then the sender is unknown.
Boschloo, you are the dumbest piece of shit that ever posted on this group.
I don't know why I bother responding to your stupid-assed tramblings,
except to inform newbies that you are an idiotic moron.
| |
| Fritz Wuehler 2007-02-20, 7:13 am |
| On Sun, 18 Feb 2007 21:31:55 +0000, Anonymous wrote:
The form looks great. Could you add validity checks to the fields? It
seems the javascript could be used in place of the original web page if
somebody wanted to include it as part of their web server pages.
I mean everything except the parsing of the reply fields.
The current version, that includes the parsing of the reply fields, could
still be run locally, for the convenience of replying, as well as for
validating the entered fields.
Aside from connecting to a website's php or javascript form, this
javascript would make a good front-end to mixmaster. The parsing of the
reply fields makes it a winner for that purporse.
Have you considered writing the validated fields to a temp file and then
calling mixmaster to post the messages? Have fields for choosing the
number of remailers, etc.
| |
| Non scrivetemi 2007-02-20, 7:13 pm |
| Fritz Wuehler wrote:
> On Sun, 18 Feb 2007 21:31:55 +0000, Anonymous wrote:
>
> The form looks great. Could you add validity checks to the fields? It
> seems the javascript could be used in place of the original web page
> if somebody wanted to include it as part of their web server pages.
>
> I mean everything except the parsing of the reply fields.
>
> The current version, that includes the parsing of the reply fields,
> could still be run locally, for the convenience of replying, as well
> as for validating the entered fields.
>
> Aside from connecting to a website's php or javascript form, this
> javascript would make a good front-end to mixmaster. The parsing of
> the reply fields makes it a winner for that purporse.
>
> Have you considered writing the validated fields to a temp file and
> then calling mixmaster to post the messages? Have fields for choosing
> the number of remailers, etc.
>
Write them to a file with what? You want javascript to create files
locally and then call some random executable? That would make you a
moron.
This whole thing is such a clusterXXXX of an idea that can't work the
way people think it can, but could break so many different ways, that
I'm surprised anyone would even come up with it let alone support it.
But then this group was never really known for a readership with a high
IQ so I suppose it's not that surprising at all. 
| |
| Nomen Nescio 2007-02-20, 7:13 pm |
| On Tue, 20 Feb 2007, "Non scrivetemi"
<nonscrivetemi@pboxmix.winstonsmith.info> wrote:
>Fritz Wuehler wrote:
>
>
>Write them to a file with what? You want javascript to create files
>locally and then call some random executable? That would make you a
>moron.
>
>This whole thing is such a clusterXXXX of an idea that can't work the
>way people think it can, but could break so many different ways, that
>I'm surprised anyone would even come up with it let alone support it.
>
>But then this group was never really known for a readership with a high
>IQ so I suppose it's not that surprising at all.
Don't judge all of us by eelbash and-or Boschloo. Some of us even have
advanced degrees and thoroughly understand how things work.
| |
| George Orwell 2007-02-21, 1:12 am |
| Nomen Nescio wrote:
> On Tue, 20 Feb 2007, "Non scrivetemi"
> <nonscrivetemi@pboxmix.winstonsmith.info> wrote:
>
> Don't judge all of us by eelbash and-or Boschloo. Some of us even have
> advanced degrees and thoroughly understand how things work.
Then why can't you manage to keep from adding markers to your posts?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
| |
| Thomas J. Boschloo 2007-02-21, 7:13 am |
| -----BEGIN PGP SIGNED MESSAGE-----
Pervert wrote:
[snip]
> Hackers/crackers motto: Because we can!
You can call yourself a hacker Eelbash Admin. But you will never be one.
http://www.catb.org/~esr/faqs/hacker-howto.html#what_is
"The basic difference is this: hackers build things, crackers break them"
Thomas
- --
"Bury your friends deep"
"Bury your enemies even deeper!"
- - Boschloogica 1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQB5AwUBRdwo8wEP2l8iXKAJAQF1OgMePDvWAfm1
37jsqG4yOtDGlcQiZ2nVjbZp
BswEkLkBEnGMbJ7eShtUspsTrhFFHIZ1YltMB1uf
RGo/FjWN8z54k01ULJaboVOc
P388+nXkIMVGsQ3hufzPFb6SG53R475q6nYPcw==
=rkEI
-----END PGP SIGNATURE-----
| |
| Thomas J. Boschloo 2007-02-21, 7:13 am |
| -----BEGIN PGP SIGNED MESSAGE-----
Anonymous Remailer (austria) wrote:
> On Sun, 18 Feb 2007, Anonyma <anon-bounces@deuxpi.ca> wrote:
>
> What the hell do I care if a remop reads a PUBLIC POST!!!!!!!!!!!!!!!!! I
> make a post to usenet precisely so that people will read it!!!!!!!! If it
> is made through TOR, then the sender is unknown.
You use the term 'public post' and 'public post posted through anonymity
service' intermingled. Just the fact that the post was posted through an
anonymity service can tell an attacker things. YOU are that attacker
Eelbash Admin. And newbies need to be warned about your not so secret
agenda to unmask critics of the church of scientology.
When you use Chaum Mix chains you assume one of the nodes you use is
trustworthy. If you use Eelbash in any way you can be damned sure that
one of your nodes is not just that.
Go do the math.
> Boschloo, you are the dumbest piece of shit that ever posted on this group.
> I don't know why I bother responding to your stupid-assed tramblings,
> except to inform newbies that you are an idiotic moron.
That is not the only thing you don't know.
You think you fool us with your clever deceptions. While you have CoS
stink all over you. Just like Frog-Admin with his stinky Frog-Breath.
I saw a docu about Landmark they other day. I learned a day later that
was a CoS front. It smells the same as you do.
http://blogger.xs4all.nl/kspaink/ar...4.aspx#FeedBack
(dutch)
Buy some mouth spray before you post again,
Thomas
- --
"Bury your friends deep"
"Bury your enemies even deeper!"
- - Boschloogica 1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQB5AwUBRdwrywEP2l8iXKAJAQEXDwMeKOJNo2SM
btNCAeBcUnmGD9oFxUjn8aUy
ZzBhuuKfDlaDBzYY5QR3TgsBjR129B+LZ6qhh28t
7meI5r0U/LT2WWR/FMiQRT/W
6TkxzyBYwMFzA+Ufmlv8LEj75bo5j6TzI87EXQ==
=oW1P
-----END PGP SIGNATURE-----
|
|
|
|
|