Re: ndr.py and sarah palin

["Dan Moniz" <dnm () pobox com>]

On Wed, Sep 17, 2008 at 2:30 PM, Dave Korn <dave.korn () artimi com> wrote:

> Dave Aitel wrote on 17 September 2008 18:44:
>
> > http://wikileaks.org/wiki/Sarah_Palin_Yahoo_inbox_2008
>
> > From that page:
>
> "Nb. The 'ctunnel.com' reference in the browser screen shots is to a proxy
> service used to prevent the activists from being traced."

[snip]

>  So let me see if I've guessed this right: it's a proxy that rewrites all
> your URLs in rot-13?  And this is supposed to "protect your anonymity"?
>
>  Those activists are screwed.  They better get out of the country PDQ.
> Pardon me, but I'll be sticking with proper mix chains for now.

Well this was predictable[1]:

    "A Tennessee state legislator has confirmed that his son, a
20-year-old student at the University of Tennessee-Knoxville, is the
person being named on blogs and message boards in connection with the
hacking of Alaska Gov. Sarah Palin's e-mail account, a Nashville paper
reported late yesterday."

    "State Rep. Mike Kernell told the Tennessean that his son, David
Kernell, is at the center of speculation about the identity of the
hacker who gained access to Palin's account."

    "On Wednesday, someone identified only as "rubico" posted a
message to 4chan.org's popular /b/ board claiming to have gained
access to Palin's e-mail by using Yahoo's password reset feature.
Although the post was deleted from 4chan.org, a copy was sent to
conservative syndicated columnist Michelle Malkin, who published it on
her blog Wednesday."

But it gets better: why worry about the suitability of ROT-13 when you
have logs? I believe the term is "LULZ!":

    "Gabriel Ramuglia, the webmaster of an Athens, Ga.-based proxy
service, may be able to shed light on the identity of the hacker as
early as today. On Thursday, Ramuglia said that the FBI had contacted
both him and Yahoo the day before, asking for server logs to determine
who had accessed Palin's account.

    "Ramuglia operates Ctunnel, an ad-supported proxy service targeted
primarily at users in schools or businesses who want to access sites
that are normally blocked by network administrators. Screenshots of
several messages from Palin's account showed that the hacker had used
Ramuglia's proxy service in an attempt to hide his or her tracks."

    "He was also confident he would be able to pinpoint the person who
used his proxy service to access Palin's account. "I should be able to
track it down to their original ISP, and then the IP address of the
person who did it," Ramuglia said. "Who did this abused my service and
broke the law.""

Footnotes:

[1] http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9115158


-- 
Dan Moniz <dnm () pobox com> [http://pobox.com/~dnm/]
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave