Full Disclosure mailing list archives
Re: VPN providers and any providers in general...
From: xD 0x41 <secn3t () gmail com>
Date: Sat, 1 Oct 2011 09:11:36 +1000
Oh, it is all old news and old stuff really nowdays... i have seen or, heard rather of these newage bulletproofs,but, we never advertised that, we just moved users around alittle ;) thats also a simple way to stop many crimes, b4 they occur, is to get that user moving away and maybe onto some diff boxes..making it abit harder then...anyhow.. thats heresay. regarding these statements... Not sure how that should be parsed, and the parsing is crucial here - did you mean "they have to commit a crime in their country", or "They have to do something that *would* be a crime in their country"? The general rule is that in order for an extradition to happen, several things must be true: 1) The two countries involved need to have extradition treaties in place. 2) The activity must constitute a crime in the country harboring the accused. 3) The proposed punishment must not be drastically worse than what the harboring country would impose I meant, you must be committing crime, in theyre country, for them to even consider executing the warrants if theyre even in place with, Panam, as i named also, wich is an exmaqple only of one small small place, now, many monarchies, would also be partial to being ordered around... remeber, there is laws in thailand, and many people on 'death row' there, YET, i know for fact the .aussie government will NOT push anything about it, no prisoner-transfers, and even just being accessed appropriately, is NOT easy. Consider China, would you see them executing a warrant, and, they do see those kind of warrants as VERY invasive to theyre way of life, so, depending on the FEROCITY of the crime, maybe then, they will accept that, there would be widespread condemnation, nationally and internationally, that would cause them, to have to execute this warrant, wich, is something such as murder,kidnapping, but, you are talking here about seizing boxes, as they MUST do, and they order this 'as-is' meaning, a business would have to shutdown, to provvide theyre information, or, atleast be hassles by it enough, that this is considered not serious, yet. When it comes to Major fraud and the major fraud squadsm,, then you are committing for example, a white collar-cyber crime, wich could maybe be ripping off many people, of many millions, ofcourse they will act, theyre OWN money is at stake here... So, there is still alot of stigmata about this subject, it is still verymuch taboo to committ an internet crime, and those people gettin caught for stupid stuff like ddos, is really annoying,specially when, you run a dedis, (free),and still have to accept that, these massive udp floods, cannot be stopped... (sorry abit offtopic here but.. just saying... in my case anyhow...) this, is seen abit nowdays, as a money looser, depending on the intensity, and ofcourse, who is involved, and who has the money.If the business hit has a massive reputation, or, the website even, then the likeliness of anything atall happening is a chance, but, this would be rare as we can see... Really, think of howmany cyber crims there is, compared to actual busts. face it, you know that, the amount is now plague proportions, where we are seeing a revolution , because, we also have to create 'PoC' , wich was once,seen as a threat and potentially , fatal error to report a bug, and, seemingly still is , regarding 9bur.st) and, another provider i have had this also happen with, and, even a bank... reporting things, and not being even thanked. i really applaud the stance google has taken with this, and hence, use theyre services asmuch as i can, but, there is only a minority of this now, and slowly it will grow, and there will be a ranking system, wich will be where there will maybe be alot more defining points. At this stage though, i see more theft than good, more bad than good, online. there is now crowds of thousands of people all making even small money from ''click the link for an infection!' popunder etc... for pittance... because, it is still MORE than theyre wage in a month, in theyre country... So, until there is finer, more appropriate security laws, to secure those who are indeeded, trying only to help, and sometimes, receieve emails wich, even lead to them gettin themself infected, just for the sake of helping to stop some spam mail pretending to be a login, because face it as a sec expert, if you are one, you would just knowingly help those who are blinder, and, you know these scams are not there for theyre good spelling, they actually *work* , so, ofcourse any sec person, would put theyre own box in jeopardy, for the sake of the greater good. or , so it is in the crowds i know... i know this is a huge greay area, but legally or not, alot of it is still todo with politics, and still alot of laws not in place for the crimes.. and, until there is, there will be less and less money in IT sec, simple as that. I would like to see this, whole situation changed within 5yrs, but, that is probably too close.. but, it will happen, then, there willbe official-treatys wich cannot be avoided, and, maybe less 'seizure' of boxes, and more 'security work' , wich is, how the most effective takedowns work.. but, any isp manager knows the truth, isps recieve hundreds of takedown-orders yearly, and, act on none. So, it is not a matter of just law, there is still the grey clud of *wheres the rest of the laws* to make it any real, good and viable direct way to arrest someone, in one simple phone call and fax. that is where it will be, once there is more NOC's around and feds online. The military, already spends millions on its own sec, so, theyre no dummys, yet, they also use facebook :P the internet, is still evolving, once the evolution is abit more complete legally, there will still be a cloud over each and every bust, as each one is different, and, qwuestions raised as to what/why/who done what, and, as i know of at this date there si still a guy being blamede for this, who says it did not happen atall lately, but, over a year ago, and, he was 'questioned', now, i have his Private log of conversation, should i be subject to, storing this for another country, and, holding it as evidence, .... but, what the heck if my hd blows up :P the cloud hovers... great topic but, still a very grey area,unfortunately. (Id like to know where id even be ranked! id like to think, a Gebneral or, maybe PM!) cheers, xd On 1 October 2011 08:36, <Valdis.Kletnieks () vt edu> wrote:
On Thu, 29 Sep 2011 23:55:18 +1000, xD 0x41 said:there are KNOWN places, i have used, and known places wich will not store data, or maybe, provide a proxxy but, they can certainly hide a botnet...As far as you know... :)ONLy people who commit ANY crime in THEYRE country, will bearrested...evernoticed the main BIGGER servers are hosted there, even chat ones ?Not sure how that should be parsed, and the parsing is crucial here - did you mean "they have to commit a crime in their country", or "They have to do something that *would* be a crime in their country"? The general rule is that in order for an extradition to happen, several things must be true: 1) The two countries involved need to have extradition treaties in place. 2) The activity must constitute a crime in the country harboring the accused. 3) The proposed punishment must not be drastically worse than what the harboring country would impose So the US can extradite somebody for murder from pretty much anyplace, because out of 213 or so recognized sovereign governments, there's something like 8 that don't have reciprocal treaties in place for extradition, and murder is illegal in pretty much everywhere. However, if you're going after somebody for cybercrime, it won't work unless the country has laws against cybercrime that cover the situation in question. As for the third part, the US has on several occasions had to guarantee no death penalty for accused murderers they've extradited from countries that don't do capital punishment. So Gary McKinnon got hit with extradition even though he never got accused of breaking a British law (as far as I know)- because the charge *would* have been a crime if he *had* targeted a British server rather than a US server. Meanwhile, Julian Assange's extradition on a rape charge hit some serious legal snags because the exact behavior that Assange was accused of didn't actually meet the definition of "rape" in England.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: VPN providers and any providers in general... xD 0x41 (Oct 01)
- <Possible follow-ups>
- Re: VPN providers and any providers in general... xD 0x41 (Oct 01)
- Message not available
- Re: VPN providers and any providers in general... Darren Martyn (Oct 01)
- Re: VPN providers and any providers in general... adam (Oct 01)
- Re: VPN providers and any providers in general... xD 0x41 (Oct 01)
- Re: VPN providers and any providers in general... adam (Oct 01)
- Message not available
- Message not available
- Message not available
- Re: VPN providers and any providers in general... xD 0x41 (Oct 02)
- Re: VPN providers and any providers in general... Darren Martyn (Oct 03)
- Re: VPN providers and any providers in general... xD 0x41 (Oct 03)
- Re: VPN providers and any providers in general... xD 0x41 (Oct 03)
- Re: VPN providers and any providers in general... Darren Martyn (Oct 03)