Re: U.S.-Based Chinese Dissident Website DDoS'd Again - And Joe-Jobbed?

["Dude VanWinkle" <dudevanwinkle () gmail com>]

> From the link:

[Update] As a couple of comments have suggested, "just because you
don't see a lock on the page that collects the information, doesn't
mean that it doesn't post through an https connection." This may be
correct. Here is the code of the form. It does, in fact, appear to
invoke an API that rests on a secure server, but with my limited
JavaScript skills, I cannot be certain that the form data is being
encrypted. If someone with a little more expertise would be willing to
chime in, I'd much appreciate it. If I turn out to be wrong, my
humblest apologies for much ado about nothing. Though I suppose it
would be nice if the form offered some sort of visible assurance of
security.

[Update 2] See Dustin's comment. By his account, the form submission
appears to be secure. Sorry for the false alarm, but again, when it
comes to insuring the security of your personal information, one
should be ever-vigilant. My thanks to the Digg and Reddit communities
for their sleuthing.

[Update 3] I am a moron and a douche bag who likes to shoot his mouth
off about technology I don't understand

:-)

-JP

On Jan 8, 2008 1:52 AM, Paul Ferguson <fergdawg () netzero net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Via UPI.
>
> [snip]
>
> A U.S.-based Web site that hosts Chinese dissidents' blogs is being hacked
> again, days after an attack took it offline and nearly destroyed its
> archives.
>
> The Web site, Boxun.com, which hosts some 2000 blogs, was the target of a
> "very strong" distributed denial of service, or DDOS, attack last week, its
> editor, Watson Meng, told United Press International.
>
> He added that hackers probing the Web sites of several U.S. government
> agencies had "spoofed" or forged their Internet addresses to make it seem
> as if the probes came from his site.
>
> "Our service provider received complaints from a number of government
> agencies," he said.
>
> [snip]
>
> More:
> http://www.upi.com/International_Security/Emerging_Threats/Briefing/2008/01
> /07/chinese_dissident_site_hacked_again/3849/
>
> Previously:
> http://www.darkreading.com/document.asp?doc_id=142072
>
> - - ferg
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.3 (Build 3017)
>
> wj8DBQFHgx2Tq1pz9mNUZTMRAvgvAKDrMpGzmGDEolcpHbgGYJG845WwRACfdM23
> bDmuwmNjLIrKQ6HZXKffQpA=
> =ohog
> -----END PGP SIGNATURE-----
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  fergdawg(at)netzero.net
>  ferg's tech blog: http://fergdawg.blogspot.com/
>
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.