Re: new topic-professional hacking tecniques

["Steven Osman" <sosman () terratron com>]

IMHO, Reid's idea is terrible!  (no offense).

Adding a whois query to people's IP address demolishes privacy.  How would
you like ot AUTOMATICALLY be placed on every web site's mass mailing list
just by visiting their site?  In fact, you could be going through the
394,423,548 matches on altavista about what you were looking for, knowing
full well that 394,423,543 of them are irrelevant (but you need to find
those 5 good ones...).  Just think how many spam sources you could get from
just one day of research/surfing/whatever.

Hit a XXX site...  forget about it!  Now they "know" or at least "believe"
you'd visit their site, they'll NEVER leave you alone.  (I've often searched
for stuff and somehow ended up in XXX sites...  for one thing, do a search
on any actor/actress).

IRC now becomes no longer anonymous, in fact, nothing else does.

Steven Osman
Terratron Technologies Inc.

----- Original Message -----
From: Matt Doughty <doughtym () bsjkk co jp>
To: REID FOX <reidfox () direct ca>
Cc: <firewall-wizards () nfr net>
Sent: Friday, November 05, 1999 1:33 AM
Subject: Re: new topic-professional hacking tecniques


> On Wed, Nov 03, 1999 at 10:29:26AM -0800, REID FOX wrote:
> > >
> > However if say ISP's start to use static IP addresses for their client's
> > then perhaps the ISP's could post a directory (a whois)  not with any
> > sensitive personal info but maybe just an e-mail and a name. That would
make
> > users more accountable just as Domains are accountable (or known) on the
> > net. I cant see any honest client having a big problem with that. Like I
> > said before this is no security cure but it is however a step in the
right
> > direction.
> > eg. Your getting some degree of attack from a certain IP regularly.
> > You trace it back to an ISP look it up in the ISP's whois list
> > e-mail the person "are you aware of ......? If this continues your ISP
will
> > be notified ...."
> > the next day you get a reply from a parent of some script kid  "I use
this
> > PC for business ..... dont know whats happening"
> > send reply "If you have portscan , crackers. BO Netbus etc on your
system
> > then someone is using your PC unethically, you should uninstall these
> > applications otherwise your system has been compromised etc etc.."
> > I am sure that an honest person wether they know computers or not would
> > promptly deal with it  and if your lucky and the person does know a
little
> > bit about these things then now the seasoned hacker is unaware that his
mask
> > is off.
> > The advantage of this is
> > 1: If it's a teen then the parents are informed without getting into
trouble
> > with their ISP  (ISP dont need to be involved)
> > 2: Also the parents do not allow this to continue because they now know
what
> > certain apps are.  (cracker BO Netbus etc) where before they had no idea
> > what their kids were capable of doing with these strange programs.
> > 3: The new ISP when the parents get sucked into thinking that they were
> > wrongfully cut off, does not have to deal with it.
> > 4: One more future hacker on the road to ethics.
> > Now the question is who has to deal with this growing problem?
> > The ISP's or the Parents?
> You assume a relatively high level of knowledge of the parents....
> I mean your basically asking to hold someones hand through a search
> of their system for these programs. Kids tend to know a lot more
> about the computers then the parents.
> besides if you started contacting the people directly then crackers
> are just going to start filtering the mail first so their parents
> never get the message.
>
> file://Matt