I really don't want to sound whiny, but: Can we PLEASE stop the constant cross-posting to the various secfocus lists? If you're interested in more than one list, subscribe to them individually. I'm sure though that some passing interest is no excuse to effectively spam the mailboxes of anyone who is subscribed to multiple lists. It only takes a couple of these cross-posted threads at the same time to turn into tons of redundant e-mail. Thanks Michael Graham CCSA CCSE Line Haul Systems Integration FedEx Services -----Original Message----- From: Ken Pfeil [mailto:Kenat_private] Sent: Friday, January 04, 2002 2:50 PM To: van Wyk, Ken; incidentsat_private Cc: focus-virusat_private Subject: RE: Monkeybrains.net and badtrans compromise information Here's a little snippet from the site. Any legal experts in the crowd? "Individuals MonkeyBrains is doing these requests for information for free for individual users. The software, time, energy, and the whole site is run by one person: me! So, if you utilize this service, then feel free to donate $10 (or more, or less) to my ISP, monkeybrains.net. Or, if you need some consulting, buy me a plane ticket, give me some $$$ and I'd love to work for you for a couple of days or weeks. Traveling is fun! Corporations If you are on the security team for an isp or corporation, and wish to have a list of all the compromised accounts and email addresses, you must contribute at least $10 for me to email you domain wide results. I was doing this for free, but after about 100 requests, I noted: "Fark, this is taking up a lot of my time. These corporatations have the money and will not mind parting with a little, so I am going to charge them for my time." Also, while this service was free, I received ZERO donations, so now, this free service is a pay-for service. Now, you may wonder, who the heck would use this service from some random guy; well, these domains have used this service: .nasdaq-online.com .prudential.com .motorola.com .etrade.com .saic.com .mmm.com .bp.com .mil (organized by number of charaters) Also, I am forcing good policy on corporations: abuseat_private must be a valid email address at your domain. Results are only sent to that address for requesting domains. This ensures that sensitive information is not sent to joe_schmooat_private Furthermore, as an ISP operator, I get highly annoyed when domains do not have abuse accounts set up. Microtransactions between large companies and users of the Internet are encouraged by making PayPal the payment method for this service. $1 - Thanks! $5 - This site is great $10 - Send me the info! $20 - Take a coffee break and walk the dog! $50 - Fancy dinner with girlfriend $100 - This site helped me patch up a bunch of compromised accounts! In closing, I don't want to sound like a money grubber, but I am self employed and received $0 to make this website. Help out if you like, and if you don't want to, that is fine too. - Rudy (badtransat_private)" > -----Original Message----- > From: van Wyk, Ken [mailto:Ken@para-protect.com] > Sent: Friday, January 04, 2002 2:38 PM > To: incidentsat_private > Cc: focus-virusat_private > Subject: RE: Monkeybrains.net and badtrans compromise information > > > Jon Williams writes: > > I've got to admit, I was suspicious when I got the same > message, but when > I > > tried getting the information and was told essentially "You've got > > compromised passwords, but you have to pay us to find out which," it > sounds > > more like extortion than good cyber citizenship. > > I'd just like to point out a couple things briefly: > 1) We have no affiliation whatsoever with monkeybrains.net; > 2) We were unaware of their intent to charge for this information; > 3) After scanning for ":443" in their database/web site and seeing > 2000 > compromised SSL-encrypted sessions, we started alerting our customers; > 4) We alerted a number of companies whose employees, customers, etc., were > in that database, however there was no obligation or fee to any of those > companies for our alerts; > 5) Had we known of monkeybrains.net's intention to charge for > releasing the > information, we would have noted so in the alerts that we sent to > companies > that we found in their database. > > Cheers, > > Ken > > Kenneth R. van Wyk > CTO & Corporate Vice President > Para-Protect, Inc. > www.para-protect.com > > ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jan 04 2002 - 13:15:32 PST