Topic: Portrait of Kevin Day, Security IT Specialist and Hacker (Read 7110 times)
This thread has no redeeming value. Locked.
if somebody wants to know where our good friend kevin is right now:
have a look at the livechat:
onlyonetv.com
have a look at the livechat:
onlyonetv.com
uh oh!!!
Dropping the ball on Kevin, BIG TIME!!!
Looks like our friend knows a thing or two about Brute Force Attacks
Dropping the ball on Kevin, BIG TIME!!!
Looks like our friend knows a thing or two about Brute Force Attacks
So do I. What are you accusing me of!?
Topic: Portrait of Kevin Day, Security IT Specialist and Hacker
Jesus, do you ever give it up? So far you've blamed two different people, the CIA and "the bankers" for causing all this mayhem, and strongly implied that you think Mt. Gox doesn't have the funds to cover their deposits and will never reopen trading.
Any one of those and maybe you'd just be a little excitable and prone to accuse people too early. But now we're on theory #4 or #5 and you're just an asshole.
oh crap i love the internet.
what did we used to do?
what did we used to do?
Go outside, get sun, make friends. All that overrated stuff.
The power elite do everything in your face, and then deny they did anything at all.
Clearly what you're proposing is possible, but there is no smoking gun yet. He certainly fits the profile and his behavior in giving ID could be to establish some plausible deniability (in his almost pre-prepared press-release, he made sure to mention it).I'd say it warrants further investigation.
oh crap i love the internet.
what did we used to do?
what did we used to do?
The power elite do everything in your face, and then deny they did anything at all.
Man, your background as researched really made you learn a lot. Im feeling on a cyberpunk movie.
Can someone explain to me why someone involved in the hack would out himself on a well read forum using his own first name and a nick that can easily connect him to a real identity? All this after sending photo ID a few days earlier to the target of the hack?
Perhaps thought he was smarter than everyone?
The power elite do everything in your face, and then deny they did anything at all.
It's getting toasty in here. Get it, toasty?
Can someone explain to me why someone involved in the hack would out himself on a well read forum using his own first name and a nick that can easily connect him to a real identity? All this after sending photo ID a few days earlier to the target of the hack?
Perhaps thought he was smarter than everyone?
Can someone explain to me why someone involved in the hack would out himself on a well read forum using his own first name and a nick that can easily connect him to a real identity? All this after sending photo ID a few days earlier to the target of the hack?
Will the real Kevin shady please stand up?
"KEVIN CAN YOU PLEASE COME TO THIS FUCKING THREAD!"
echo
echo
echo
echo
echo
echo
Well this should be interesting
Can someone explain to me why someone involved in the hack would out himself on a well read forum using his own first name and a nick that can easily connect him to a real identity? All this after sending photo ID a few days earlier to the target of the hack?
I am not the author of that book.
But this IS YOU, correct?
http://www.freshports.org/mail/elm/
elm 2.5.8_2 mail on this many watch lists=8 search for ports that depend on this port An older version of this port was marked as vulnerable.
Is Interactive IS INTERACTIVE: yes
A once-popular mail user agent, version 2.5.x
Maintained by: [email protected] search for ports maintained by this maintainer
Port Added: unknown
License: not specified in port
I'm looking for a bit of assistance from a undernet IRC node operator please. I would like a cloaked hostname. Seems I'm attracting a bit of attention.
Elm is an interactive screen-oriented mailer program that
supersedes mail and mailx. This is the 2.5.x distribution.
---
http://www.securityfocus.com/archive/75
Re: Unusual entry in Apache logs 2008-05-30
Kevin Day (toasty dragondata com)
Yes, I am the maintainer of an obsolete email program on the FreeBSD operating system. I did not write that part about the "cloaked hostname", that is on pretty much every freshports page. http://www.freshports.org/
Anything you see written by [email protected] is probably me.
Busted! 
uh oh!!!
Dropping the ball on Kevin, BIG TIME!!!
Looks like our friend knows a thing or two about Brute Force Attacks
http://pdos.csail.mit.edu/pipermail/asrg/2003-July/000340.html
[ASRG] [[email protected]: Re: Remembering history passwords may be bad, but they are getting worse]
Simson L. Garfinkel slg at ex.com
Tue Jul 29 22:05:29 EDT 2003
Previous message: [ASRG] [[email protected]: Re: Remembering history passwords may be bad, but they are getting worse]
Next message: [ASRG] [[email protected]: Re: Remembering history passwords may be bad, but they are getting worse]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
What would be interesting to me would be to know who the attackers are.
I mean, are they other pornographers, users who want to get free stuff,
or are they anti-pornographer crusaders?
On Monday, July 28, 2003, at 12:33 PM, David G. Andersen wrote:
> Once again, the porn industry is at the forefront of Internet
> research. ;-) (Kind of a cool read)
>
> ----- Forwarded message from Kevin Day -----
>
> Date: Mon, 28 Jul 2003 00:39:35 -0500
> From: Kevin Day
> Subject: Re: Remembering history passwords may be bad, but they are
> getting worse
> To: Sean Donelan
> Cc: nanog at merit.edu
> X-Sender: toasty at mail.dragondata.com
> X-Virus-Scanned: by amavisd-new
>
>
>
>> The problem is fewer and fewer modern systems implement the other
>> recommendations. So password lifetime has become the primary
>> protection
>> factor.
>>
>> How many systems notify the user
>> - the date and time of user's last login
>> - the location of the user at the last login
>> - unsuccessfull login attempts since last successful login
>> How many web systems control the rate of login attempts
>> - by source
>> - by userid
>> How many web systems notify anyone or block the account after N
>> unsuccessful login attempts either temporarily or permanently
>
> Sean:
>
> I run one of the larger adult websites, that has a reputation for being
> very difficult to acquire passwords for.
>
> The kind of attacks we see now aren't solved by any of the above. We
> throttled the number of login attempts per IP, then the attackers
> switched
> to using proxy servers. Tens of thousands of them at once. Our
> database of
> IP addresses that have had more than 100 bad login attempts is now
> around
> 100,000. (Most of which are all now banned completely).
>
> We also tried put rate limiting on login attemps by username. This
> allowed
> any idiot to lock any of our legit customers out of the system whenever
> they want, providing an easy denial of service, so this was scrapped
> pretty
> quickly.
>
> The attacks we see now are... well orchestrated. 10-50,000 proxy
> servers
> all making login attempts at once, rather slowly. 10-50 login attempts
> per
> second, each from a different proxy. Still slow enough per IP that it
> doesn't hit our threshold for how many bad logins per IP per hour we
> allow,
> but enough attempts that just by trying seemingly random
> username/password
> combinations they get a couple of successes a day. We've also seen
> people
> trying what appear to be known good username/password combos that were
> presumably acquired from other sites that were compromised in some way.
>
> We keep detailed histories of all the login attempts per IP, and can
> eventually weed out the exploited proxies from actual users, but this
> takes
> an incredible amount of our time, CPU time and database storage just to
> manage. A few weeks ago, after we tightened our login attempt limits,
> whoever is doing this decided to point all the proxies to a public URL
> that
> was very database intensive, and requested it over and over
> again(apparently to get revenge/in frustration), killing our database
> server for several hours until I figured out what was going on.
>
> We tried putting up something that was displayed to users showing their
> last login time and IP, in hopes that some would notice their account
> being
> used by others. Many ISP's force users to go through a proxy server,
> usually without their knowledge. We'd report the IP address that we saw
> (the proxy server) which would freak out many users because it didn't
> match
> their system's IP. The login time is apparently meaningless to most
> users,
> who didn't seem to keep track of when their last login in.
>
> We do have our tricks to detect when an account has been compromised,
> but
> they're not 100% accurate, so it usually comes down to having to wait
> until
> our friendly hacker and his 500 closest buddies are all sharing the
> account.
>
> We're taking steps to make brute force attacks like that impossible
> (forced
> random passwords, etc) but we've found that many users won't tolerate
> not
> being able to choose their own password. If forced into it, they forget
> their passwords very easily and the support costs from dealing with
> password recovery are generally higher than passwords leaking out.
>
> While the recommendations you listed are probably worthwhile to stop
> some
> attacks, they're not going to stop people determined enough to get into
> SOME account if they're not picky on which one.
>
> -- Kevin
>
>
>
>
> ----- End forwarded message -----
>
> --
> work: dga at lcs.mit.edu me: dga at pobox.com
> MIT Laboratory for Computer Science
> http://www.angio.net/
> I do not accept unsolicited commercial email. Do not spam me.
> _______________________________________________
> ASRG mailing list
> ASRG at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/asrg
Dropping the ball on Kevin, BIG TIME!!!
Looks like our friend knows a thing or two about Brute Force Attacks
http://pdos.csail.mit.edu/pipermail/asrg/2003-July/000340.html
[ASRG] [[email protected]: Re: Remembering history passwords may be bad, but they are getting worse]
Simson L. Garfinkel slg at ex.com
Tue Jul 29 22:05:29 EDT 2003
Previous message: [ASRG] [[email protected]: Re: Remembering history passwords may be bad, but they are getting worse]
Next message: [ASRG] [[email protected]: Re: Remembering history passwords may be bad, but they are getting worse]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
What would be interesting to me would be to know who the attackers are.
I mean, are they other pornographers, users who want to get free stuff,
or are they anti-pornographer crusaders?
On Monday, July 28, 2003, at 12:33 PM, David G. Andersen wrote:
> Once again, the porn industry is at the forefront of Internet
> research. ;-) (Kind of a cool read)
>
> ----- Forwarded message from Kevin Day
>
> Date: Mon, 28 Jul 2003 00:39:35 -0500
> From: Kevin Day
> Subject: Re: Remembering history passwords may be bad, but they are
> getting worse
> To: Sean Donelan
> Cc: nanog at merit.edu
> X-Sender: toasty at mail.dragondata.com
> X-Virus-Scanned: by amavisd-new
>
>
>
>> The problem is fewer and fewer modern systems implement the other
>> recommendations. So password lifetime has become the primary
>> protection
>> factor.
>>
>> How many systems notify the user
>> - the date and time of user's last login
>> - the location of the user at the last login
>> - unsuccessfull login attempts since last successful login
>> How many web systems control the rate of login attempts
>> - by source
>> - by userid
>> How many web systems notify anyone or block the account after N
>> unsuccessful login attempts either temporarily or permanently
>
> Sean:
>
> I run one of the larger adult websites, that has a reputation for being
> very difficult to acquire passwords for.
>
> The kind of attacks we see now aren't solved by any of the above. We
> throttled the number of login attempts per IP, then the attackers
> switched
> to using proxy servers. Tens of thousands of them at once. Our
> database of
> IP addresses that have had more than 100 bad login attempts is now
> around
> 100,000. (Most of which are all now banned completely).
>
> We also tried put rate limiting on login attemps by username. This
> allowed
> any idiot to lock any of our legit customers out of the system whenever
> they want, providing an easy denial of service, so this was scrapped
> pretty
> quickly.
>
> The attacks we see now are... well orchestrated. 10-50,000 proxy
> servers
> all making login attempts at once, rather slowly. 10-50 login attempts
> per
> second, each from a different proxy. Still slow enough per IP that it
> doesn't hit our threshold for how many bad logins per IP per hour we
> allow,
> but enough attempts that just by trying seemingly random
> username/password
> combinations they get a couple of successes a day. We've also seen
> people
> trying what appear to be known good username/password combos that were
> presumably acquired from other sites that were compromised in some way.
>
> We keep detailed histories of all the login attempts per IP, and can
> eventually weed out the exploited proxies from actual users, but this
> takes
> an incredible amount of our time, CPU time and database storage just to
> manage. A few weeks ago, after we tightened our login attempt limits,
> whoever is doing this decided to point all the proxies to a public URL
> that
> was very database intensive, and requested it over and over
> again(apparently to get revenge/in frustration), killing our database
> server for several hours until I figured out what was going on.
>
> We tried putting up something that was displayed to users showing their
> last login time and IP, in hopes that some would notice their account
> being
> used by others. Many ISP's force users to go through a proxy server,
> usually without their knowledge. We'd report the IP address that we saw
> (the proxy server) which would freak out many users because it didn't
> match
> their system's IP. The login time is apparently meaningless to most
> users,
> who didn't seem to keep track of when their last login in.
>
> We do have our tricks to detect when an account has been compromised,
> but
> they're not 100% accurate, so it usually comes down to having to wait
> until
> our friendly hacker and his 500 closest buddies are all sharing the
> account.
>
> We're taking steps to make brute force attacks like that impossible
> (forced
> random passwords, etc) but we've found that many users won't tolerate
> not
> being able to choose their own password. If forced into it, they forget
> their passwords very easily and the support costs from dealing with
> password recovery are generally higher than passwords leaking out.
>
> While the recommendations you listed are probably worthwhile to stop
> some
> attacks, they're not going to stop people determined enough to get into
> SOME account if they're not picky on which one.
>
> -- Kevin
>
>
>
>
> ----- End forwarded message -----
>
> --
> work: dga at lcs.mit.edu me: dga at pobox.com
> MIT Laboratory for Computer Science
> http://www.angio.net/
> I do not accept unsolicited commercial email. Do not spam me.
> _______________________________________________
> ASRG mailing list
> ASRG at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/asrg
Well, I was able to access DragonData website at http://www.dragondata.com a few minutes ago, but no more.....
ruh roh...
tl;dr
Jump to: