********** From: Jonathan Byron <geodigestat_private> Reply-To: geodigestat_private Organization: geodigest To: Declan McCullagh <declanat_private> Subject: Re: Taliban Website Hack - A Hoax ?? Date: Fri, 14 Sep 2001 19:54:37 -0400 In-Reply-To: <5.0.2.1.0.20010914172037.00a86070at_private> As pointed out by several people, at some point in my analysis, I confused the sites at taleban.org and taleban.com. The logic in my previous letter is severely flawed, and I apologize for the oversight. I withdraw my previous conclusions, and have no reason to believe the hack was a hoax. Jonathan Byron ********** From: [name removed by request --DBM] To: Declan McCullagh <declanat_private> Subject: Re: FC: Was Taliban website "hack" a hoax? In-Reply-To: <5.0.2.1.0.20010914171935.00a9da00at_private> Hello, I don't know if it's important to know this, but through friends of mine who work for Interland (the hosting company that hosted taleban.com), they have disabled the site intentionally. Internal emails from the CEO (Joel Kocher) indicate they violated the Interland AUP. Looking at their AUP, I don't know what, in particular, they could have been doing in violation. I looked at the google.com cache and saw the evidence of the hack, so I had assumed they really disabled it to avoid embarrassment over being hacked. Too late :) It's not uncommon practice in big hosting companies and ISPs to simply disable a site that has been hacked until you can patch it or address the insecurity. Personally, I do not like the precedent of disabling a site simply because its content or its owners is somehow offensive. Interland is free to do business--or not to do business--with whomever it wants, but denying business to a group of people based on political affiliation, that kind of scares me. However, if they really only disabled the site because of a security concern, that's another story. Again, this probably isn't of much interest. However, if you do wish to quote me, could you not use my name? I used to work for HostPro before they merged with Interland. I resigned in good terms with them several months ago but I'm worried they might not like me emailing you... ********** Date: Fri, 14 Sep 2001 18:22:37 -0400 To: declanat_private From: Brian McWilliams <brian@pc-radio.com> Subject: Re: FC: Was Taliban website "hack" a hoax? In-Reply-To: <5.0.2.1.0.20010914171935.00a9da00at_private> Declan, Kudos to Jonathan for questioning whether taleban.com is registered by a Taliban, but I don't think there's any question the site was hacked repeatedly since March by someone using the handle RyDen. Mirrors of from Safemode's archive pulled from Google's cache (Safemode & Alldas are being DDoS'ed): March 24: http://www.google.com/search?q=cache:s-5qD7hQTMM:www.safemode.org/mirror/2001/03/24/www.taleban.com/++%22www.taleban.com%22+site:safemode.org&hl=en July 14: http://www.google.com/search?q=cache:cldJ9wiutlM:www.safemode.org/mirror/2001/07/14/www.taleban.com/++%22www.taleban.com%22+site:safemode.org&hl=en Note also that in his analysis he seems to have inadvertently switched between discussing taleban.ORG and talenban.com. The two appear to be registered to different people and are hosted by different ISPs. Brian ********** Date: Sat, 15 Sep 2001 08:28:25 +0200 From: Pawel Krawczyk <kravietzat_private> To: Declan McCullagh <declanat_private> Subject: Re: FC: Was Taliban website "hack" a hoax? Message-ID: <20010915082825.C345at_private> References: <5.0.2.1.0.20010914171935.00a9da00at_private> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <5.0.2.1.0.20010914171935.00a9da00at_private> On Fri, Sep 14, 2001 at 05:20:36PM -0400, Declan McCullagh wrote: > Recent claims that the official Taliban website was hacked should be met > with > suspicion. The page at www.taleban.com has changed frequently over the > past > few days, but I have cached it a few times at: <a > href="http://64.128.176.121:80/nuke/html/article.php?sid=10&mode=&order=0">The > Pacific Rim Weblog</a>. Declan, explanation for this is quite simple: $ dig a www.taleban.com www.taleban.com. 900 IN A 127.0.0.1 So everyone will see something different every time they look at the page, but it won't be any Taleban page definitely, until you are Taleban yourself... -- Paweł Krawczyk *** home: <http://ceti.pl/~kravietz/> security: <http://ipsec.pl/> *** fidonet: 2:486/23 ********** ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. Declan McCullagh's photographs are at http://www.mccullagh.org/ To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Sep 15 2001 - 00:23:28 PDT