Archive for June, 2007

Gone Fishing!

June 28, 2007

Once again, Vacation Time.

I may not die rich but I sure as hell hope I die Happy.

Off to meet Grandaughter # 3 for the first time.

Quick Update on Quickcert Course

June 27, 2007

Of course absolutely nothing is happening with my Quickcert courses on Ethical Hacking and Forensics.

The Fedex tracking shows that it was refused by me after it disappeared for three weeks. For most of that time, the tracking report said “clearence in progress” and no one could find it, Finally, after three weeks they report I refused it. Actually, I refused it by way of an 800 number phone call two weeks ago because they gave me false information about attempted delivery. Hell, barge cargo from Florida only takes a week and there are no customs duties on printed materials or educational materials so this one didn’t need lies and obfuscation .

My original notes of my discussion with Quickcert was posted at my Blog and I believe are somewhat accurate:

The response I got from Quickcert this morning is like those credit card memories – Fucking Priceless.

“I am told that we [Quickcert] are having trouble getting it released back to us through [US] customs. This may turn into a Bay of Pigs fiasco but my shipping guys are on it. They said it would be best for you to get it but I explained your concerns and as soon as we get it I will let you know.”

Why am I not surprised that Quickcert can’t get back their own course materials back on a timely basis. It should only take Homeland Security another three weeks to get the original course materials back in the same box without too much obvious tampering. Looks like Quickcert, US customs, Fedex and American Express will fight it out. American Express is of course my credit card company, and I guess it’s time to think about backing out the charges if I don’t get it soon.

If I ever get the course, I’ll let all the visitors who came looking for information know what I think. It must have some value or customs wouldn’t have fucked with it for a month.

Youngsex and The Castingcouch Begots

June 25, 2007

Youngsex.com led us to castingcouchteens.com and tracking the spawn of that unholy alliance is one of the most difficult things I have ever done. It’s not that it involved kiddie porn, it’s just that I hit all of the spawn listed in this post in an involuntary manner to find out that most of this crap makes the top 25,000 sites in the whole world or pissing women exceeds 99.9% of all the cerebral work on the Web.

When I went to castingcouchteens.com, I was greeted by your typical cop portal with all the disclaimers. Upon entering, there was nothing spectacular, it was just typical average porn. A casual exam of the code, showed that the Javascript was being called from site http://64.38.231.41 very similar to the way femalesex.com got it’s Javascript and images from cnomy.com. (Also, the site was ranked about 23,000 which as mentioned above is quite impressive.

It is hosted by CWIE, off a Level 3 network with no obvious honeypots in the path. I probably would have quit there except for three items. First, there were some obvious close ties to cnomy.com in the code and second, there was a relationship to one of those go to jail sites, pimpmyblackteen.com, which was connected to hotteens.com.

However, the real reason I decided to take a look was when I hit the back-button to get a screen shot of the legal crap, I entered a new site, allreality.com. Once again, I couldn’t find anything special or memorable. The site was hosted by CWIE off a Level 3 backbone. I think their claim to fame was that they offered access to 10 (or maybe 20) sites that all looked the same for one price. Unbelievably, this site ranks in the top 10,000 world wide or bigger than 99.99% of all the sites in the world.

When I hit the back-button again, I was directed to mrbigdickshotchicks.com which brought nothing much to the party. The porn was ordinary. The site was hosted by CWIE off a Level 3 backbone. I guess being part of a spawned group pays. This site is ranked in the top 5,000 in the United States, Egypt and Israel.

Now the back button delivered me to the really bright spot in Middle Eastern Harmony and a blight on my soul which was seehersquirt.com This very obvious piece of crap is exactly what the name applies. Unbelievably, it is ranked in the top 10,000 in the Palestinian Territory, Egypt and Israel. This is higher than the Quran.org (1,048,000) or Torah.org (208,000) although torah.org also makes the top 10,000 in Israel. Once again hosting is by CWIE off a Level 3 Backbone

The backbotton then delivered me to lonelywivesdatingclub.com which is a very weird site. Instead of code sharing and relying on Javascript from a common server as the other sites do, this site uses a php page to tag you and identify the location of your IP so as to offer woman from your own town. Of course the woman you see are the same whether you are surfing from new Jersey or Afghanistan. The other weird aspect is continued Middle Eastern Harmony as lonely people in the Palestinian Territory, Egypt and Israel rank this site in the top 15,000.

Since I couldn’t break out of this loop by hitting the back button, I shut the browser only to discover a popunder which was not blocked by my pop-up blocker. It took me three tries to shut down tv69.com maybe because it was spawned by each of the sites I entered by use of the backbutton. This site also identified a home town and offered to hook me up with lonely women in my own area. As expected, the site was hosted by CWIE off a Level 3 backbone. This site is ranked in the top 7,500 in the United States, Egypt and Israel.

This chain of sites offers an excellent test area for antispyware programs for several reasons. These are definitely law enforcement sites using the best technology. They are related to sites that offer and steer you to kiddie porn but hey don’t do it themselves nor are there residual images of kiddie porn on your machine so they are all legal (if tasteless). Here is a place to play with the best and not end up in jail while testing your new anti-spy products. Testing reports are at the Tigerstail.

The only thing I can’t tell considering their global popularity is the following:  Are these sites spying on Islamics, Israelis or Domestics? Or do the people at homeland security ignore the differences?

Tying Things Together!

June 23, 2007

One of the items I use to tie porn honeypots to each other is to use their begots. If Youngbabes.com redirects to hotteens.com, they are part of the same group. However on occasion, there are even stronger links involving incestuous shared family relationships.

A close examination of the code of the spawn of youngsex.com and youngbabes.com, shows that Femalesex.com, Naked.com, raunchy.com, and orgie.com all rely on cnomy.com as their Javascript and image server. I mean what the heck, the all look alike except for the name so why not share the code and the main information gathering service.

This observation leads to some very interesting relationships which will be seen in future posts.

Kill The Surfer!

June 22, 2007

I mean there is a certain elegant logic to the best way to perfectly secure an operating computer on the internet to preserve the evidence in pristene form.  Quite simply:

Kill the Surfer and Pull the Plug!

Anything short of that will not guarantee that you get the machine in the same condition it was just prior to shutdown. There is a chance you might lose some information in open documents when you pull the plug, but you still preserve the entire history of the mahine. 

If you let the surfer shut it down, there may be programming to damage stored files and make data recovery more time consuming and expensive but definately not impossible.

At the time, a computer is taken as evidence, it should be identified and tagged in and no one allowed to turn it on.  The only thing done to it should be to make a mirror image of the hard drive and then all examinations are done on the mirror hard drive.  This way there is no chance that the drive will be altered or damaged by anyone in the evidence chain. 

Certainly the dumbest thing to do would be to give it to an untrained amature detective at PC Paridise, have them connect to the internet and surf with Internet Explorer so that the weekly history file is created with a date when it was not in the owners possession.  However, since the Techie using your machine is not outside the reasonable expectation of privacy, it doesn’t violate the Bush court rulings.

The actual technique used to shut down the machine was probably malware which effected the video driver over the weekend.  If the owner had taken the machine in on Monday, the weekly index.dat file wouldn’t have jumped out as being an error.  However, he took it to be fixed on Tuesday and the Techie never got around to it until late Wednesday afternoon, so the weekly index.dat file turned out to be a very obvious nine day week at a time the Techie was playing with it. 

In terms of a chain of evidence this one is exceptionally week and I always thought more highly of FBI shutdown trechniques.  In the case of the shutdown of Kevin Mitnick, it’s been alleged that he was given malware which forced his motherboard to overheat and they were waiting for him at the repair shop to connect him to the machine.  Quite simply the techie couldn’t turn the machine on and surf the web therefore potentially corrupting the evidence because the machine was inoperable.  Mitnick was a target of a specific investigation and this trick forced him to give up his machine to people who were waiting for him.

In the current case, Charles Stefano was one of millions of people with a machine infected with malware and under Operation Preditor, the Computer Repair shops had been asked to turn in everyone they saw.  So they weren’t waiting for Stefano, they were waiting for any computerate illeterate person begging for help.

I still believe that the chain of evidence should have been far more secure to have indesputiable proof he did anything.

Arab Porn and Theocracy!

June 21, 2007

I never did quite get around to saying why I thought that the death penalty was being proposed by Iran for Arabic porn sites and I believe the decision is more political than religious. Consider the American Moral Majority which happens to be Christian. Now the Bible I read had little problem with sex and Jesus got off by forgiving whores for their sins which sounds like an up close and personal decision to me.

Still, when politicians are elected on a Christian platform, they never consider what the Bible says but how it will play in morally repressed Oklahoma where no one actually reads the Bible. The answer is of course ban everything and punish everyone. I can’t imagine that an Islamic Moral Majority is a lot more intelligent.

Now the Koran and their supporting holy books offer far more sexual advice than the bible. They took the “go forth and multiply” command and improved upon it. As a source, I am freely misinterpreting Robert Spenser’s The Truth About Muhammad.

According to Muhammad, a man must do what a man has to do. If you had the prowess of 40 men like he did, than you need a dozen wives which he serviced in rotation. For those who were less than a perfect example for man, you should have consensual sex with as many wives as you could afford (including your children), then plant your seed in slaves and concubines which you don’t have to be responsible for.

The opposition to porn could hardly be a rejection of sex as it would be a rejection of Muhammad’s advice. Besides if infidels or sex slaves were used it simply wouldn’t matter because they are not really human and have been used throughout history. There really can’t be a big difference between porn as a favorite to warm men up for their wives and belly dancing.

It is also not likely to be a prohibition against photography as now any Mullah with more than 40 followers puts his image on a poster, holds a protest and declares himself an Ayatollah. Moreover anybody that can afford a ski mask gets a video camera and kills a Christian contractor for a shot at prime time TV.

Even in a theocracy with politicians pandering to the most ignorant members of society there has to be a more solid Biblical reason than being against sex and/or pictures and to find it, you should look at the most perfect example for all mankind, Muhammad.

He was more concerned with spies, their facilitators and traitors than he was in protecting woman . To the extent that kiddie porn and Arab porn is created by and hosted in America and used to spy on visitors to the sites, they should follow his example. That is assassinate and kill all traitors, spies and facilitators before their honeypots and malware infect too many machines in Iran and steal all the secrets.

This all makes sense in a primitive sort of way. If I were an Arab theocratic politician who had no understanding of the Internet, web hosting or honeypots, it would be simpler to kill all operators of porn site because they might be spies and blame it on ill defined sins.

It works in for politicians in America so it probably will work for politicians in Iran.

The Spawn of YoungBabes & YoungSex

June 19, 2007

When young babes engage in young sex, they produce multiple offsprings which creates more or a spawn than a family. Since apples don’t fall far from tree, the spawn of cop sites are likely to be cop sites. Here is the update of the Law Enforcement Honeypot List

Finally figured out how to update this page easily, so the updates could be more frequent. Bookmark the page if you find it valuable. If nothing else, its a hell of a list of honeypots that might be a challenge to hack.

Domestic Spying – What Do They Find Out?

June 19, 2007

Regular readers already know the answer. First they have my unique machine ID which ties my copy of XP to my machine and my specific hardware. The cookies I have, tie all my session surfing habits to my visit to the honeypot and report my email identities. From my WordPress blog, they can access all of my drafts several days ahead of publication. From my index.dat files, and the lists of most recently used files, they know all the search terms I have visited and from the cache memory they can search for hashed pictures of kiddie porn.

Data Mining Programs allow them to evplore every file on my machine and keystroke loggers allow people to track my activity in real time. They know every site I have been to , how long I stayed, whether I printed anything from it and the number of links I visited. The only way to avoid it is to cleanse every machine after every site visit destroying all cookies before entering the next site. Hardly practical.

My IP address ties me to my ISP who has my credit card, social security number, name, phone, employer and home address. Since they are already in bed with the ISP’s that have Carnivore on them, they can get all those records. With this they can then get credit reports. Hell, they can also Google me under my real name to find all public information.

As I travel and use laptops to enter my admin page, they can find out who’s house I surf from and what machines I’m on. They can track that machine identity to my war driving and theft of service.

Since all Federal agencies are cooperating for “persons of interest”, they can track my every motion when they swipe my passport at customs.

The question is not what they know, but what they don’t know.

Is Arab Porn Worth Dying For?

June 18, 2007

There has been a lot of press about Iran’s new laws regarding the death penalty for those engaged in producing Internet porn and equally draconian penalties for those possessing or surfing for it. Now you really have to ask what is their real social interest in such laws. I mean after all, Muhammad who was the most perfect example of all men claimed to have the sexual prowess of 40 men and had about a dozen wifes who he slept with in rotation to satisfy all. His followers were urged to take as many wives as needed, they could satisfy and that they could afford including all the children they may have. If they couldn’t afford a wife and children, they could satisfy themselves with slaves or concubines. Certainly sex and sensuality are not the issues.

Prior to this blog, I had never even conceived of the concept of Arab, Muslim or Islamic porn. Even now, it’s not a big concern and I probably would never written about it because this blog has little to do with porn and a whole lot to do with fabricated evidence. What changed my mind is when I went to a law enforcement Honeypot called Femalesex.com which had been spawned by younbabes.com doing something with youngsex.com. The first few times I visited, nothing much happened and my first reports were that it was a boring and very uninteresting cop site with models that were fully clothed and old when the design was first done about five years ago and they are probably all grandmothers by now.

After I got stalked by the FBI’s carnivore, the portal changed. On one machine, I was offered “sexual child abuse” and on another one on the same network I was offered Arab porn. Now there was really no attraction in going to the child sexual abuse sites as I had seen the pictures at trial and like the Holocaust pictures, they remain embedded in your mind with no need for a refresher.

I have to admit I was pleasantly surprised by the quality of the Arab porn I was referred to. For those who are not familiar with arabstreethookers.com, it is ranked 37,878 globally and it is in the top 25,000 sites in Lebanon, Palestinian Territory, Egypt, Jordan, Bahrain, Algeria, Morocco, Pakistan, Saudi Arabia, India, Israel, United Arab Emirates and Malaysia.

Actually, it is a quality site designed by cops and lawyers who have some taste for a change. All of the child access porn blockers are on the portal page and the testimony about all models being above 18 is there, along with a politically correct statement about non-defamation. As previously reported, the models are mature (30+) Mediterranean types with full figures and olive complexion, – just the type that makes me start dribbling down my chin and acting like a fool.

When you track the site from foreign servers, it sort of ends up in New York behind firewalls that block your knowledge of the exact location and when you track it from America it seems like it’s in Atlanta. None of the code appears to be terribly malicious and this appears to be a passive information gathering Honeypot.

Now I’m pretty sure because of the begot from femalesex.com, arabstreethookers.com is more a cop/spy site than it is an Arab pornsite, so it really shouldn’t be counted as Arab porn. Still, if you are a connoisseur of porn and are not Arab, this could be considered a pleasing set of eyecandy for a quick visit.

Now the only real Arab porn site I tripped across was egyptbeauty.com which is just one of those nasty 1950 type porn publications with black and white type pictures, airbrushed over at the appropriate place. Only one model is used on a dozen affiliated sites as they could probably only find one Egyptian slut in the world. She is obese and those who like obese sex might be attracted to this site as all that cellulite and fat might put a whole new wrinkle on sex. I’m not sure the death penalty is appropriate for this type of tasteless crap, but some punishment is deserved for accidentally exposing me to it.

I’m totally amazed that in Egypt, Yemen, Palestinian Territory, Syrian Arab Republic, Bahrain, Sudan and Pakistan this site is ranked in the top 25,000 and it has a global rank 214,722.

Go figure, their is no accounting for taste.

There are no apparent honeypots along the route to this site and no obvious malicious code. So put a little middle eastern spice in your life and sneak-a-peak.

As the kid’s say:

It’s soooooooooo bad.

Why Fuck Chuck??

June 17, 2007

At the start of this trial there could be no doubt that Charles Stephano was being railroaded, tarred and feathered. All the forensic evidence and some judicial decisions pointed to a setup. I mean there was no direct link between the computer and the crap on it with Mr. Stephano. The Techie had it for a couple of days and Agent Carter surfed more pages at some sites than Mr. Stephano did. Without the computer admitted, the whole case would collapse.

Throughout the course of the trial, the lies from their computer expert Shannon Perkins have been discussed in detail and every time we presented new credible evidence she simply lied and perjured herself.

Now one of the interesting trivial discoveries I have made is that you can’t Googe federal agents or experts to find out anything about them and their past credibility. However their system is not perfect? (An interesting aside is to testify for the defense, you must provide your home address and social security number while Federal Law Enforcement Officers provide nothing that can be validated – not even their name on a Google search.)

I tripped across the following online resume for Shannon Perkins and now, I’m really confused. She had to know about Trojans on dial-up, involuntary porn and malware. I mean this woman had fantastic credentials and was credibly intelligent from her record prior to this trial. It turns out that she is a SANS certified GSEC (Global Securities Essential Certification) and had to pass a test involving malware and honeypots. Why would the government work so hard at convicting Stephano to the point of destroying this womans technical credibility for life by having her blatantly perjure herself?

Who the fuck is Charles Stephano and why did the government frame him?