A popularização dos meios de comunicação e sua massificação na Internet é muito interessante e, ao mesmo tempo, pessoas que não tinham o hábito de escrever hoje tem blogs, participam de comunidades virtuais, fóruns, tem um perfil no Orkut ou no MySpace e a gente vê o quanto as pessoas andam escrevendo mal.

Não sei se pela maior exposição ou se a população está realmente estudando e lendo menos, o que se percebe é que a língua portuguesa está sob artilharia pesada.

O pior mesmo é quando encontramos sites profissionais, muitas vezes bastante atraentes, e encontramos aquela palavra escrita incorretamente. Continua-se a ler o texto pra ver se não foi apenas um erro de digitação e - pimba! Lá está outra ocorrência da mesma palavra.

Ninguém é obrigado a ser perfeito, todos erramos, mas o duro é errar de propósito, ser um ignorante achando que não tem problema. O maior tesouro de uma nação é seu idioma, precisamos proteger o nosso.

Percebo muito nos fóruns de discussão que os melhores escritores também são aqueles que mais ajudam na comunidade e quando são desenvolvedores também costumam ser os melhores. Essa explicação é simples: quem escreve melhor, lê bastante. Quem lê bastante, aprende mais.

Portanto, se você quer ser um hacker de verdade, leia. Leia muito. Aprenda o tempo todo. Leia mais um pouco. Desenvolva a linguagem escrita também. Não adianta ser um excelente programador, administrador de sistemas, nem mesmo técnico e não saber escrever com um mínimo de qualidade. Lembre-se sempre que quando algo é escrito a outra ponta, o seu leitor, terá que entender o seu recado.

Anyway, we talked over the thing, and many other things besides; what should happen if secret police become members? wouldn't it be easier to do an open-source clone of a BMC helpdesk ticketing app? (why? why? I thought my brain would concrete) how would you sterilise an airport fingerprint reader in less than 10 seconds? So I promised to revise the proposals, and well, here they are.

Or would be, but nobody likes a 2,000 word blog post. So instead it's here on Google Documents, which probably means something badological. Read. Mark. Learn. Inwardly digest. Comment. Here at first, but if you want to take part just tell me and I'll give you write privileges. If anyone cares very much I'll get it set up on Sourceforge and set about preparing a list of functions and tables. I still think Django is the way to go, in which case the mapping of the org model into Python classes into db tables should be as straightforward as these things ever are.

The hobbyist

That's the person who's just interested in learning programming as a form of entertainment and to take a challenge every now and then. So, instead of collecting stamps, he learns programming. He probably won't want to get down to the complex stuff, but he might end up liking it and wanting to do it for a living.

Is this you? I suggest you learn Python, which is easy to learn but also powerful.
You should probably read this book. You can find a .pdf version here.

The engineer

That's the person who wants to learn programming as a discipline, and to get more out of his computer, or perhaps because he likes a challenge (but not the hobbyist's kind). He's more likely to end up wanting to do it for a living, or to make use of the skills he starts to acquire in his current job.

Is this you? I suggest you either learn Python (see above) as an introduction to programming, and perhaps learn C. The latter might be a bit difficult in the beginning, but the effort will be worth it (you will not only be able to program in C -- You will have some base knowledge and skills which will let you learn C++ or more advanced object-oriented programming languages more easily).

The computer scientist

Right, we're starting to deal with the serious folks. That's the folk who wants to learn programming to earn a living, and perhaps we should make a difference between an "engineer" in my categorizing system, and a "software engineer", which is what this type of person will eventually become. He does want a challenge, but probably only to improve his skills and add new shiny things to his CV.

Is this you? I suggest you learn C. It will most likely be a prerequisite for you to work as an actual software engineer. Otherwise, it lets you learn C++, Java, or whatever you're into more easily. Focus on object-oriented programming languages, as that's the trend nowadays.

The hacker

Now, this is the type I wanted to talk about. That's the person who loveschallenges, loves programming, and loves to experiment with both old and new stuff. He'll most likely want to do it for a living, but he's likely to experience some trouble working for someone else doing things that he doesn't like, unless he's got enough free time to do what he likes at home (or in his server-cave). While you may think of programming as either something very complex or as a serious discipline, the hacker (if you're thinking of movie types who break into computer systems, you're thinking of a cracker, not a hacker) will think of it as a playful and pleasurable form of entertainment. It will probably even become his lifestyle.

Is this you? Hell, forget about Python unless you don't know anything about programming yet! Learn C for lower-level tasks and embedded systems, and... Lisp! You can choose between Scheme (the tiny basis for Lisp, with which you can experiment but not really write any serious applications) and Common Lisp (a complex and complete dialect of Lisp, probably uglier than Scheme but excellent for any purpose).

See? It's not that hard to decide which language to learn first.

Le immagini documentano i vari post fatti dagli autori dell'attacco:

Qui hanno fatto un'accunt pubblico, distribuendo username (neim :) ) e password ( uord :) ), dando di conseguenza ai visitatori, la facolta di scrivere dei post che riposto qui.

I videogiochi fanno male:

Il demonio:

Peccatori:

Porca Madonna (è cosi il titolo, non ci posso far niente...):

La bugia più grande della storia:

Un pò di saggezza cristiana:

Continuate cosi... (l'ultimo post)

Ovviamente dopo cinque ore di blog manomesso, i gestori si sono svegliati ed hanno messo la seguente schermata, ancora presente mentre sto scrivendo questo post:

Se i gestori del sito, fosserò stati più curanti del lato sicurezza, questo non sarebbe successo!
Questo blog ha "documentato" il centenuto della manomissione, per chi si è perso l'evento.

Comunque ci tengo a precisare che non ho postato nulla li, anche perchè non condivido l'azione fatta contro il moige.

Wiki des Berliner CCC zum Thema Wahlcomputer

Nun haben auch die USA ihr Wahlcomputerproblem. Wie die aktuelle Computerzeitung in ihrer Printausgabe berichtet, hat der Einsatz von Geräten der Firma Diebold, Hersteller von Kiosk-Systemen, in mindestens 34 Staaten bei Vorwahlen zu Problemen geführt. Teilweise wurden Stimmen nicht oder falsch erfasst. Oder es kam zu Stabilitätsproblemen. So soll z.B. die installierte Antivirus-Software zu Störungen geführt haben. Oder das Hochladen von Speicherkarten führte zu Pufferüberläufen.

So kam ein Team der Princeton University, das im Auftrag des kalifornischen Inneministeriums den Quellcode des E-Voting-System von Diebold - bestehend aus einem Touchscreen-System, einem optischen Scanner und dem Wahlmanagementsystem – untersuchte, zu einem deutlichem Ergebnis: Demnach bräuchte ein versierter Einzeltäter nur kurzzeitig den Zugang zu einem einzigen Wahlcomputer, um darauf einen Virus zu installieren, der sich auf dem Weg über das Wahlmanagementsystem auf alle daran angeschlossenen Stimmerfassungsgeräte eines Wahlkreises ausbreiten könnte.

Aber auch in Wahlsystemen von Hart Intercivic und Sequoia fanden unversitäre Hackerteams bereits im vergangnen Jahr zahlreiche Schwachstellen. Fast könnte man meinen Wahlcomputer wären „Bananenware“, die zum Ausreifen beim Kunden bestimmt ist. Und deren erste Arbeitsergebnisse allenfalls Heizwert haben.

Bis zur US-Präsidentenwahl im November hofft man die Geräte doch noch hinzubekommen. Allerdings laufen zwischen Diebold und dem US-Bundesstaat Ohio bereits juristische Auseinandersetzungen hinsichtlich der offenbar fehlerhaft ausgelieferten Geräte.

Heise.de: US-Wahlcomputer können keine vertrauenswürdigen Wahlen garantieren

The hacker did not feel that that was enough - they retitled the site so that users browsing our church would see an expletive, rather than helpful or encouraging content. Ah, well. I suppose I will have to pay closer attention to security updates and the like - be a little more proactive.

Wobei ich nicht glaube, dass es hier darum geht, Spambots auszusperren, sondern eher um "uneingeweihte" Normalos nicht rein zu lassen.

Danke an ScienceBlogs

Kata salah satu yang katanya pakar bidang gitu-gituan, para anu dan si anu dalam harian ibu kutit akan melakukan serangan terhadap sistem Depkominfo, tapi siapa sih sebenarnya .... itu???? makanan apa sih itu...???????????

Seperti yang sudah diketahui secara umum, penilaian seorang HEKER (BUKAN HACKER LOH… (^_^)b) apa tidaknya seseorang di dunia ini adalah pengakuan dari masyarakat, minimal orang atau sebuah komunitasnya. Bukan dari pengakuannya sendiri. Ya, memang begitu seharusnya, tetapi waspadalah jika di Indonesia. Pengakuan dari orang atau komunitas SANGAT TIDAK BISA SAMA SEKALI dijadikan acuan untuk menentukan Heker tidaknya seseorang! Mengapa dikatakan demikian? Yah, saya bukannya mengecilkan arti orang-orang yang sudah dapat pengakuan dari lingkungan disekitarnya, mohon jangan tersinggung, tetapi, di Indon, seseorang yang dianggap lebih menguasai ketimbang orang di sekitarnya dianggap HEKER! Contoh, seseorang yang lebih cepat mengetik menggunakan MSWORD di sebuah Rental akan dianggap HEKER oleh komunitas pengetikan di tempat itu. Begitupula dengan seseorang yang lebih jago menggunakan Winamp, mengetahui shortcut tersembunyi dari winamp, akan menjadi HEKER! Wuah! Tidak heran, sangat BANYAK SEKALI HEKER di Indonesia! Banyak yang tidak tahu, heker itu kerjaannya cuman di satu bidang, yaitu bidang keamanan doang, tetapi, di Indon, seorang heker itu dianggap sangat pakar segalanya, mulai dari bisa ngedit gambar pake potosop, bisa bikin email, bakin komputer sendiri, sampe-sampe bisa pasang prosesor pentium 3 di mobo AMD, bisa bikin efek video, bisa segala-galanya, padahal tidak! Banyak wizard dan elite yang saya kenal, bahkan situs dan programnya memiliki GUI yang sangat biasaaa sekali, benar-benar penampilan yang sangat biasa! Tapi tentu saja keamanannya sangat tinggi pada umumnya. Bahkan, seorang kenalan saya yang juga sama-sama anggota CDC dengan nick TR1V!4 (tenang bo, die bule, kaga ngerti paan nyang kite omongin…) tidak mengerti sama sekali apa beda DDR dan SDR, yah tapi urusan ngeliat string, beliau jagonya! heheheheheee… Di indon, biasalaaah, semuanya dipukul rata! Hal ini juga memunculkan anggapan, bahwa seorang Heker itu otomatis lebih tinggi ilmunya ketimbang seorang grafik designer, web designer, tukang reparasi, dll, padahal BUKANKAH ITU PEKERJAAN YANG BERBEDA??? Dalam kasus ini, dipukul ratalah bahwa seorang Tukang sate lebih enak masakannya ketimbang Tukang Mie Ayam, padahal dua-duanya memiliki pekerjaan yang berbeda walaupun sama-sama tukang! Padahal, strata heker ndiri itu banyak lo… cari sendiri, males ane ngejelasin… hahahahaa! Tapi, utamanya, seputih-putihnya heker indonesia, belum ada yang berani untuk putih total, sehingga jadi guru. Tetap saja ada keinginan untuk… yaaa.. taulaaah… dan biasanya dilakuin seh… Satu hal yang jadi pikiran akhir-akhir ini, betulkah bahwa benar-benar ada seorang WHITE HAT di dunia ini? Masalahnya, umumnya, untuk mendapatkan predikat heker (bukan di indon) seseorang biasanya akan banyk membobol situs, dan yang paling sering, mendeface situs itu sendiri agar dapat pengakuan dan masuk ke sebuah komunitas untuk memperoleh lebih banyak ilmu hingga stratanya naik. Bukankah itu tergolon BLACK HAT, dimana hal tersebut merugikan orang lain? Mengapa saya berani berkata demikian? yah, walaupun dia berhasil masuk dan tidak mengadakan penghapusan file, tapi dengan adanya deface atau minimal pemberitahuan secara luas dan terang2an, si OWNER akan kehilangan kepercayaan publik, dan jelas itu merugikannya. SANGAT JARANG saya temukan seseorang yang hanya mengemail si pemilik dengan ebrkata bahwa “Hei, teman, keamanan situsmu itu BEGINI, BEGINI, BEGINI,…dst” Akhir-akhir ini. Sekarang, yang ada, hanyalah kepentingan untuk nyari popularitas semata. Yang paling parah, untuk mendapatkan pengakuan, sering digunakan cara-cara yang juga parah (ATAU SOSIAL ENGINERING YANG KEREN???). misalnya, seseorang yang pengen jadi heker, akan bergabung dengan sebuah milis heker dengan tiga username yang berbeda2. Anggaplah A, B, dan C, dimana A digunakan sebagai Nickname utamnya, B sebagai pemancing, dan C sebagai korban. Timbullah sandiwara yang lucu. Dengan menggunakan user B, dia akan menulis kepada milis sebuah tantangan, SIAPA YANG BISA BAJAK MAIL SAYA KALO KALIAN HEKER? Kemudian dengan user C, dia akan berkata, WAH, MILIS PAYAH NIH, GITU AJA GA BISA. nah, nanti, dia akan menggunakan User A untuk menghancurkan C dengan pertama-tama memberitahukan bahwa dia akan menghack user C yang mengejek milis, kemudian menggunakan user C untuk mengirim EMAIL : “HI, saya A dan SAYA MENGGUNAKAN account C sekarang tahu rasa kau C” dan setelah itu, si B akan menyanjung2 si A. Lucu bukan? Wahahahahahaha! Tiga2nya usernya dia juga…! Wahahahaha!!!! Cara lain, adalah dengan membajak forum. Tarohlah ada sebuah forum yang cukup terkenal, maka dia akan mendaftar sebagai member BUKAN DENGAN USERNAME yang sering dia gunakan. dan akan sangat aktif sehingga diangkat menjadi moderator, bahkan Super Moderator. Nah, biasanya, di sebuah forum, ada sebuah tempat tersembunyi untuk staff berbincang bincang. Dia tinggal mengkopi semua isinya (karena dia sekarang staff tentu) dan dengan menggunakan username yang sering dia gunakan (username “HACKER”nya) dia akan mempublish isi thread tersembunyi itu ke forum tersebut. Biasanya ditambah-tambahi dengan kata2 :”ADMINISTRATOR, SITUS ANDA MEMILIKI KEAMANAN YANG SANGAT RENDAH. LIHAT, SAYA BISA MASUK KE THREAD TERSEMBUNYI ANDA. INI BUKTINYA!” dan dengan gaya bahasa yang sopan, banyak yang akan berpikir… “WAH.. orang ini sudah tinggi ilmunya!” HAHAHAHAHAHA!!! BASI TAUK!!!!! Satu lagi cara, adalah dengan masuk ke milist para newbie dengan mengatakan bahwa : “HEY, ada BUG BARU DI MSN! JIKA INGIN MENDAPATKAN USERNAME DAN PASSWORD SESEORANG, CUKUP BIKIN FORM usr : target email usrmd : email kita pwdmd : password kita (bahasa yang kayak program pokoknya…) dengan subjek finding boot, dan dikirm ke admin_mail_robots@msn.com, maka kita bisa dapat password dan username target!Ini biasanya digunakan oleh para pengurus MSN, tapi yah, sekarang bocor ke tangan kita! Hahahahha!” Kemudian, banyak yang mencoba dan akhirnya dia bisa mendapatkan email dan password si korban yang coba-coba, kemudian show off, dan dianggap lebih tinggi dari newbie yang lain! Loh..? Kok bisa Claw? Mudah saja. Email yang admin_mail_robots@msn.com itu emailnya dia… hahahaha! Bisa juga, supaya kelihatan asli, pake gaya yang aneh2 supaya kesannya automated recovery. Contoh : adminm41l_msn@msn.com dll. Lagian, secara logika, untuk apa para pengurus MSN sibuk nyari password ma username orang kalo bisa masuk langsung database?? HAHAHAHAA!!! selain itu, umumnya, Begitu bangganya “HEKER INDONESIA” ini jika berhasil menembus situs yang LUBANG KEAMANANNYA SUDAH DIPOSTING DI SITUS ATAUPUN LEWAT IRC kemudian koar-koar di forum atau channel yang banyakan orang biasa. Dia akan dianggap SANG GOD HEKER disana… Oke. balik mengenai apa yang mengganggu pikiran saya akhir-akhir ini, adalah jika seorang WHITE HAT menulis mengenai Hacking dan dibaca oleh orang lain dan kemudian menggunakannya untuk hal buruk walaupun si penulis telah mencantumkan “PENULIS TIDAK BERTANGGUNG JAWAB TERHADAP HAL BURUK YANG TERJADI AKIBAT TULISAN INI”, tetap saja dia bertanggung jawab. mengapa demikian? sudah tau internet masih nulis, itu sama saja dengan Polisi yang NAROH SEKARUNG PISTOL DI DI TEMPAT UMUM shingga bisa saja ada orang yang make buat nembak. Lalu bagaimana? Haruskah berhenti menulis? Itu hal yang tidak mungkin karena bagi ILMU itu hukumnya WAJIB! INI yang membuat saya masih bingung sampe karang. hahahahahaha! Oh ya, satu hal lagi. Okelah, jika si elite white hat ini gak seperti yang saya sebutkan diatas, dan dia telah dipercaya untuk melindungi server, dan namanya telah terkenal. Kemudian, junior-juniornya yang masih dalam kategori CRACKER berusaha untuk masuk, kemudian ia menangkapnya! Wah, temen-makan temen gitu… soalnya dulu si white hat ini minimal pasti pernah ngelakuin hal yang sama waktu cupu dulu… Mau dilepaskan? Tidak bisa! Itu sama saja dengan mendukung kejahatan, berarti BLACK HAT! Nah lo, gimane neh…? Satu hal yang pasti dari pembahasan diatas, punya satu inti. JIKA ENGKAU INGIN JADI HEKER DI INDONESIA, seringlah maen ke tempat pengetikan, dan jika suatu ketika engkau dapat rejeki nemu komputer yang lagi sesi ADMINISTRATOR, passwordlah semuanya. tunggu beberapa saat mpe bosnya datang, dan dia akan kesulitan, saat itu juga, tawarkan bantuan, kemudian pura-puralah mengetik dan buka passwordnya, dan katakan dengan bahasa digital : “BOS, KEBETULAN SAYA BISA BUKANYA DENGAN MENGINJECT FORM LOGIN PADA BASE CORE SYSTEMNYA KERNEL SISTEM OPERASI. ADA BUG YANG MASIH TERSISA DI TRX FILENYA DAN SAYA SUDAH PERBAIKI, DAN BOS, PERLU DIINGAT, SAYA BUKAN HACKER.” Dengan kalimat SAYA BUKAN HACKER, orang itu akan menganggap kamu bener2 heker. Dengan cara demikian, niscaya, kamu sudah dianggap HEKER INDONESIA. catatan : “Tidak semua heker indonesia seperti diatas! Sayapun “mengangkat topi” hormat pada beberapa diantaranya seperti Sakitjiwa, S’to, Xnuxer, D0d1, dan yang lain. Saya menulis ini bukan karena saya Seorang HEKER atau iri terhadap HEKER. Saya sudah punya pekerjaan. Pengamen, dan saya serius ^_^”

Uzmanlar, “Zombi Ağı” adı da verilen botnetlerin asıl hedefinin evlerdeki kullanılan bilgisayarlar olduğuna işaret ederek, siber suçluların böylesi bir ağa erişim sağlamak için ne uzmanlaşmış bir bilgiye ne de büyük miktarlarda bir paraya ihtiyacı olmadığının altını çizdi.

Bu konudaki hizmetlerin birçok bilgisayar korsanı tarafından küçük ücretler karşılığında sunulduğu belirten bilişim uzmanları, artık botnetlerin, internet üzerindeki yasa dışı gelirin ana kaynakları arasındadır yer aldığını ve siber suçluların elindeki en güçlü silahlardan biri olduğunu söylediler.

BİLGİSAYARLARI NASIL ELE GEÇİRİYORLAR?
Güvenlik uzmanlarının ortak görüşüne göre, dünya çapında evlerde kullanılan bilgisayarlardan en az yüzde 10’u uluslararası robot ağın yani botnetin bir parçası. İnternet arama motoru “Google”un yöneticilerine göre ise şu anda 100 milyondan fazla bilgisayar, botnetlerin kontrolü altında.

Bu ağ için bir tür virüs kullanan siber suçlular, bu tehlikeli yazılımı bir “e-posta” veya “dosya indirme” sitelerindeki en gözde müzik, film ve program dosyalarının içine gizliyor. Hedefteki bilgisayarın kullanıcısı, söz konu “e-posta”yı açtığında veya programı indirdiğinde, anında bilgisayarına bir iki satırdan oluşan bir yazılım yükleniyor. Bu küçük ve gizli program sayesinde, hedefteki bilgisayar artık başkası tarafından yönlendirilebiliyor.

Yaklaşık 10 yıldan beri varlığı tespit edilen bu programlar, zaman içinde daha da geliştirilerek, neredeyse tespit edilemez durama gelmiş durumda. Kişisel bilgisayarları birer “zombi”ye dönüştüren “bot”lar, internet üzerinden girdiği bir ağ üzerindeki 10 binlence bilgisayara bulaşarak, onları da birer suç makinesi haline getiriyor.

İSTİHBARAT ÖRGÜTLERİ DE KULLANIYOR
Botnet’in sadece siber suçlular tarafından değil, birçok ülkenin istihbarat servisleri tarafından da kullanıldığına işaret eden bilişim uzmanları, bu sadeye “hedef” alınan bir ülkedeki on binlerce bilgisayarın ele geçirilerek, tüm kişisel kullanıcı bilgilerinin toplanmasına olanak tanıdığını vurguladı.

Kimi botnet sistemlerini yönetenlerin kontrol altına aldığı “bilgisayar ordusu” sayesinde, hükümetlerin web sitelerine saldırılar düzenlediğini ve “server”larını çökerttiğini ifade eden uzmanlar, kimi zaman da bu yöntemle büyük şirketlerin “server”larının ele geçirilerek, müşterilerine ait tüm bilgilere sahip olduklarını bildirdi.

BOTNET SALDIRISININ SON KURBANI BİRLEŞMİŞ MİLLETLER OLDU
Bilgisayar korsanları, son olarak Birleşmiş Milletler’in (BM) resmi internet sitesini bir süreliğine “hack”leyerek, web sitesine “Hey İsrail ve ABD, çocukları ve diğer insanları öldürmeyin. Barış evrenseldir. Savaşa hayır” yazdı.

Yetkililer, saldırganların ayrıca BM’nin internet sitesine de “botnet” yazılımı yüklendiğini belirterek, bu süre içinde siteye girenlerin bilgisayarlarının da “zombi”ye dönüştüğünü bildirdi.

Saldırganların yakın zamandaki kurbanlarından biri de Hindistan’daki bir banka oldu. Saldırganlar sadece bankanın bilgisayar sistemini “hack”lemekle yetinmeyip, internet sitesine giren herkesin bilgisayarlarına 3 farklı trojan yükleyerek, her birini “zombi” bilgisayar haline getirdi.

SALDIRILARIN HEDEFİNDEKİ BİLGİLER
İnternette en büyük tehlikelerden biri “zararsız” görünen web sitelerinin “zararlı” yazılımlar içermesi. Şimdilik çok yaygın olmayan bu sitelere sızan bilgisayar korsanları, sisteme yerleştirdikleri tehlikeli kodlar sayesinde birçok kullanıcının bilgisayarını ele geçiriyor.

Bugüne kadar aralarından dünyanın en ünlü şirketleri veya kişilerine ait onlarca web siteleri ile online oyun portallarına sızan “hacker”lar, kimi zaman bir reklamı kimi zaman da ünlü bir kişinin resmini “yem” olarak kullanıyor. Bazı yazılımlar ise kişilerin online kimliğini ele geçirmek için programlanırken, hedeflerinde ise bankacılık ve kredi kartı bilgileri, e-posta ve oyun şifreleri bulunuyor. Bu bilgilerin karaborsada büyük bilgilere satıldığını belirten bilişim güvenliği uzmanları, 2007 yılında internet üzerinde tespit edilen zararlı program sayısının 2,2 milyondan fazla olduğununa dikkat çekiyor.  Kaynak:NTVMSNBC

Wenn man abends um kurz vor 23 Uhr nach einer satten Hand voll Bier eine Email aufs Handy vom Zweites Deutsches Fernsehen / Redaktion WISO  von der Email Adresse >> wiso-datendiebstahl@wiso.de << bekommt ... und kein echter Computer in der Nähe steht ... kann einem der Arsch schon mal ziemlich auf Grundeis gehen. Zum Inhalt der Email, die mich ob des Inhaltes die halbe Nacht gekostet hat - ich zitiere:

Ihre E-Mail-Adresse und das Passwort befinden sich nach unseren Recherchen auf einem im Internet frei zugänglichen, in China beheimateten Server.

Die Daten scheinen aus einem Datendiebstahl zu stammen, die Datendiebe haben versucht, sich mit Hilfe dieser Kombination aus Mail-Adresse und Passwort Zugang zu Online-Bezahldiensten zu verschaffen.

Die Daten selbst stammen nach ersten Erkenntnissen aus einer Datenbank, die nichts mit Finanzdienstleistungen zu tun hat und bei der Sie sich in der Vergangenheit einmal angemeldet haben.

Möglicherweise nutzen Sie diese Kombination aus E-Mail-Adresse und Passwort für weitere Internet-Dienste, etwa für Ihren Mail-Account, zum Anmelden bei Online-Shops oder auf anderen Webseiten. In diesem Fall raten wir Ihnen dringend, auf jeder einzelnen dieser Seiten Ihr Passwort unverzüglich zu ändern, bevor irgendjemand aus dem Vorhandensein dieser Daten im Internet einen Vorteil ziehen kann.

Datendiebe haben es lt. WISO auf E-Mail-Adressen und Passwörter abgesehen: 56.000 Datensätze sind nach WISO-Recherchen kürzlich aus einer Unternehmensdatenbank gestohlen worden.

Ich wills kurz machen: mir brennt der Arsch. Danke WISO dass ich als Geschädigter rechtzeitig mein Passwörter ändern durfte. Ich ändere gerade wie ein Wahnsinniger alle jemals von mir existenten Passworte und Benutzernamen um SAFE zu sein. Wenn einer von Euch noch meinen Namen oder ein Passwort von mir findet einfach löschen. Ich habe fertig mit der Sch ... - aber habt Ihr Euch mal die Frage gestellt, wo Ihr Eure Signatur schon alles hinterlassen habt? Drei handgeschriebene Seiten mit möglichen Seiten habe ich schon (analog) runtergeschrieben, um mir darüber mal klar zu werden. Jetzt arbeite ich mich langsam durch die Liste und betreibe Schadensbegrenzung. So sieht's aus. Danke Welt!

Nachtrag - Das steckt dahinter: Das Wirtschaftsprüfungs- und Beratungsunternehmen PricewaterhouseCoopers (PwC) hat heute Strafanzeige gegen bislang unbekannte Daten-Hacker gestellt, die eine externe Servicedatenbank für Jobsuchende angegriffen und dabei Daten gestohlen haben. Diese von einem externen Serviceprovider betriebene Internet-Seite diente interessierten Nutzern zur vereinfachten Erstellung ihrer Bewerbung bei PwC.

Ecco infatti cosa compare tra gli header HTTP delle pagine ospitate su wordpress.com:

X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.

Non c'è che dire, è decisamente un modo molto originale e simpatico per offrire un posto di lavoro.

LONDON, UNITED KINGDOM - 02.09.08. Two boys covered with "Free Gary" stickers demonstrate in support of the British hacker Gary McKinnon outside the Home Office London, England on Tuesday 9th September 2008. Mr. McKinnon has been fighting against extradition to the US on charges of hacking into US Pentagon and NASA computer systems and faces up to 80 years in prison. (Photo by Marc Vallée/marcvallee.co.uk) (c) Marc Vallée, 2008.

"Our citizens, their law" - The Guardian.

Clients : Click on the  images above and below to view a slideshow from the set and click on the link below for rights managed editorial licensing. High resolution images are available on request.

Images: "Gary McKinnon Protest - 02.09.08."

Archive Link : www.archive.marcvallee.co.uk

LONDON, UNITED KINGDOM - 02.09.08. Lucy Clarke, the partner of British hacker Gary McKinnon is comforted by a supporter as she cries during protest outside the Home Office London, England on Tuesday 9th September 2008. Mr. McKinnon has been fighting against extradition to the US on charges of hacking into US Pentagon and NASA computer systems and faces up to 80 years in prison. (Photo by Marc Vallée/marcvallee.co.uk) (c) Marc Vallée, 2008.

Now we’ve learned a much more colorful part of Anderson’s history: In 1985, when he was fourteen and in high school in Escondido, California, Anderson was subject to one of the largest FBI raids in California history after hacking into a Chase Manhattan Bank computer system and subsequently showing his friends how to do it. He was never arrested because he was a minor, but the FBI confiscated all of his computer equipment and some newspaper accounts of the incident stated incorrectly (see image below from a 1986 LA Times story) that he was “convicted in federal court of computer hacking and placed on probation” (the statements were corrected in subsequent articles). Anderson used the hacker name “Lord Flathead.”

MySpace and Anderson would not comment on this post. But most of the information is now available online as news articles from the 1980s (and earlier) have been added to Google and other search engines. We came across an initial article accidentally and started investigating from there. Some of the information in this post has been obtained by a source close to Anderson, including the connection between Anderson and his hacker name.

Lord Flathead Goes Too Far

Anderson, using the name Lord Flathead, was a computer hacker at least since he was 13 years old, which is just about the time the movie WarGames came out in theaters. Like David Lightman in WarGames (played by Mathew Broderick), Anderson was able to hack into computer systems by simply figuring out the right phone number (this was called “war dialing” and was done with the help of a simple computer program that dialed sequential phone numbers until it received a modem response, signaling a computer system on the other end, usually a UNIX mainframe that often had a default password or no password at all). Once you were past the password security, you often had deep access to whatever system you had called.

According to a New York Times article in October 1985, “Lord Flathead,” was the leader of an early black-hat hacker group when he was 14 years old. In July and August 1985, between his freshman and sophomore years, Anderson hacked into a Chase Manhattan Bank DEC VAX computer system (like the one in the image below) that handled “much of Chase’s data processing and record keeping, including records of home mortgages and…portfolios of major customers such as pension funds.” He subsequently showed up to 40 of his friends how to do it.

Anderson obtained or guessed the passwords necessary to get through the first level of security and, once connected, changed at least two passwords to prevent bank officials from accessing the system. According to the New York Times article the group also created fictitious accounts, and Anderson, using the Lord Flathead name, left a message saying that unless he was given free use of the system he would destroy records.

The bank notified the FBI and they set up an “electronic trap in the computer system that traced the calls to at least 23 homes in the San Diego area.” Fifty FBI agents then raided the homes of Anderson and his friends and seized 25 personal computers. The raids were conducted simultaneously at 7 pm to prevent anyone from notifying the other hackers and giving them a chance to destroy evidence. This was one of the largest FBI raids in California history. Our source says the FBI was expecting a serious criminal conspiracy ring of hardcore hackers, not a group of teens led by Anderson, a high school freshman.

Tom was hacking for quite a while before the raid, says our source. Tom, a minor at the time, agreed to stop committing computer crimes and was put on probation. His computer was never returned.

One of the reasons Anderson would hack into living room sized mainframe systems was to get access to computers that could run a C compiler to learn programming. There were no open source or free C compilers at the time, and personal computers had very limited memory and processing power, so hackers would try to access them on other systems.

As far as we can tell Anderson never attempted to destroy records or transfer funds. We can’t find any records of prosecutions being made against any of the people raided.

Supporting documents are here. The LA Times article linked above and the Newsweek article talk about a friend of Anderson, a hacker named Bill Landreth, a published author for Microsoft Press on computer security issues. At Bill’s suggestion Anderson spoke with a literary agent and published books about computer security as well (we are trying to track them down).

Landreth was living with Anderson’s family and disappeared in September 1986 after leaving a suicide note. We haven’t been able to determine Landreth’s fate, although based on this article from 1991 he or someone with his name became a government agent investigating security crimes.

Frankly, my opinion of Tom Anderson just rose significantly. This was pretty hard core stuff in the 80s. Twenty years later he would go on to cofound what would become the largest site on the Internet.

The main reason I decided to maintain this so called diary on wordpress is because it grants me the immunity that I need over the internet. The whole idea of having a custom domain name and blog...bla bla bla beats the whole idea of immunity for me. There is always someone who's gonna know who you are and that beats the purpose of trying to "lay low".

In the coming weeks, I shall update this blog on stuff along the security line that I consider interesting. I shall also post about some of the fun that I have while hacking.