Security Incidents mailing list archives
RE: Monkeybrains.net and badtrans compromise information
From: "Michael Graham" <jmgraham () midsouth rr com>
Date: Fri, 4 Jan 2002 15:04:20 -0600
I really don't want to sound whiny, but: Can we PLEASE stop the constant cross-posting to the various secfocus lists? If you're interested in more than one list, subscribe to them individually. I'm sure though that some passing interest is no excuse to effectively spam the mailboxes of anyone who is subscribed to multiple lists. It only takes a couple of these cross-posted threads at the same time to turn into tons of redundant e-mail. Thanks Michael Graham CCSA CCSE Line Haul Systems Integration FedEx Services -----Original Message----- From: Ken Pfeil [mailto:Ken () infosec101 org] Sent: Friday, January 04, 2002 2:50 PM To: van Wyk, Ken; incidents () securityfocus com Cc: focus-virus () securityfocus com Subject: RE: Monkeybrains.net and badtrans compromise information Here's a little snippet from the site. Any legal experts in the crowd? "Individuals MonkeyBrains is doing these requests for information for free for individual users. The software, time, energy, and the whole site is run by one person: me! So, if you utilize this service, then feel free to donate $10 (or more, or less) to my ISP, monkeybrains.net. Or, if you need some consulting, buy me a plane ticket, give me some $$$ and I'd love to work for you for a couple of days or weeks. Traveling is fun! Corporations If you are on the security team for an isp or corporation, and wish to have a list of all the compromised accounts and email addresses, you must contribute at least $10 for me to email you domain wide results. I was doing this for free, but after about 100 requests, I noted: "Fark, this is taking up a lot of my time. These corporatations have the money and will not mind parting with a little, so I am going to charge them for my time." Also, while this service was free, I received ZERO donations, so now, this free service is a pay-for service. Now, you may wonder, who the heck would use this service from some random guy; well, these domains have used this service: .nasdaq-online.com .prudential.com .motorola.com .etrade.com .saic.com .mmm.com .bp.com .mil (organized by number of charaters) Also, I am forcing good policy on corporations: abuse () yourdomain com must be a valid email address at your domain. Results are only sent to that address for requesting domains. This ensures that sensitive information is not sent to joe_schmoo () yourdomain com. Furthermore, as an ISP operator, I get highly annoyed when domains do not have abuse accounts set up. Microtransactions between large companies and users of the Internet are encouraged by making PayPal the payment method for this service. $1 - Thanks! $5 - This site is great $10 - Send me the info! $20 - Take a coffee break and walk the dog! $50 - Fancy dinner with girlfriend $100 - This site helped me patch up a bunch of compromised accounts! In closing, I don't want to sound like a money grubber, but I am self employed and received $0 to make this website. Help out if you like, and if you don't want to, that is fine too. - Rudy (badtrans () monkeybrains net)"
-----Original Message----- From: van Wyk, Ken [mailto:Ken () para-protect com] Sent: Friday, January 04, 2002 2:38 PM To: incidents () securityfocus com Cc: focus-virus () securityfocus com Subject: RE: Monkeybrains.net and badtrans compromise information Jon Williams writes:I've got to admit, I was suspicious when I got the samemessage, but when Itried getting the information and was told essentially "You've got compromised passwords, but you have to pay us to find out which," itsoundsmore like extortion than good cyber citizenship.I'd just like to point out a couple things briefly: 1) We have no affiliation whatsoever with monkeybrains.net; 2) We were unaware of their intent to charge for this information; 3) After scanning for ":443" in their database/web site and seeing >
2000
compromised SSL-encrypted sessions, we started alerting our customers; 4) We alerted a number of companies whose employees, customers, etc.,
were
in that database, however there was no obligation or fee to any of
those
companies for our alerts; 5) Had we known of monkeybrains.net's intention to charge for releasing the information, we would have noted so in the alerts that we sent to companies that we found in their database. Cheers, Ken Kenneth R. van Wyk CTO & Corporate Vice President Para-Protect, Inc. www.para-protect.com
------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Monkeybrains.net and badtrans compromise information Joe-Clifton (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Ken Pfeil (Jan 04)
- <Possible follow-ups>
- RE: Monkeybrains.net and badtrans compromise information Williams Jon (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information van Wyk, Ken (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Ken Pfeil (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Michael Graham (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Ken Pfeil (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Slighter, Tim (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Nick FitzGerald (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Brian McWilliams (Jan 04)