AOL Hotmail Yahoo



MOSSAD's control over the Internet


Contents:

The Mossad takeover of popular Webmail
MOSSAD takes over MOSNEWS.COM
Re: MOSSAD takes over MOSNEWS.COM
High Alert, good websites get taken down
Cloak and Dagger under blackbox routing attack
Compromised DNS backbone providers
Re: [IANA #91363] Compromised DNS backbone providers
Keyboard JitterBug eavesdropping
The Anti Spam Controversy
Facebook Snubs Your E-mail
Firefox first-run page tracking
Downloads

The Mossad takeover of popular Webmail


It turns out that the output of a whois query is dependent on the specifics of the whois version used. Ain't that strange? In the below reports i used the Mandriva Linux 2007.0 version of whois, whois-4.7.13-1mdk :
   [jackson:stock]:(~)$ rpm -q -i whois-4.7.13-1mdk
   Name        : whois                        Relocations: /usr 
   Version     : 4.7.13                            Vendor: (none)
   Release     : 1mdk                          Build Date: Sat 15 Apr 2006 02:07:42 AM CEST
   Install Date: Tue 07 Nov 2006 04:36:18 AM CET      Build Host: jackson.stokkie.net
   Group       : Networking/Other              Source RPM: whois-4.7.13-1mdk.src.rpm
   Size        : 432712                           License: GPL
   Signature   : (none)
   URL         : http://www.linux.it/~md/software/
   Summary     : Enhanced WHOIS client
   Description :
   This is a new whois (RFC 954) client rewritten from scratch.

   It is derived from and compatible with the usual BSD and RIPE whois(1)
   programs.

   It is intelligent and can automatically select the appropriate whois
   server for most queries.
   [jackson:stock]:(~)$
When checking with http://www.linux.it/~md/software/ one is referred to :

http://ftp.debian.org/debian/pool/main/w/whois/

But ehh, how strange, whois-4.7.13.tar.gz is not listed there anymore. More specific, a whole range of whois versions from 2006 and 2005 have been removed. That is all versions between whois-4.7.5 and whois-4.7.20. It turns out that most people on my local linux maillinglist could not reproduce the below whois query's and got only a single whois server listed. For yahoo.com they then only got whois.markmonitor.com as a valid answer. So whats going on here?

A renewed installation of whois with urpmi on Mandriva Linux 2007.0 using a online Mandriva RPM archive still resulted in the same whois version, whois-4.7.13-1mdk.i586.rpm and is still able to reproduce the results below. whois-4.7.13-1mdk has been updated to whois-4.7.13-2mdk which contains updated references to new IP assignments. See the downloads below for a whois binary for your OS. whois.exe is Whois 2.5 from nsauditor.com. This win32 edition doesn't show all the details, but does show if compromised whois server records are added.

Date: Tue, 19 Jun 2007 07:58:12 +0200 (CEST)
From: "Robert M. Stockmann" 
To: cloak.dagger@gmail.com, lennybloom@gmail.com, 
    stefangrossmann@t-online.de, too@slingshot.co.nz, 
    skolnick@ameritech.net, eric@vaticanassassins.org, 
    tips@infowars.com, tarpley@tarpley.net, tom@tomflocco.com>, 
    takingaim@pacbell.net, stewwebb@sierranv.net, 
    prophecy@texemarrs.com, webmaster@rense.com, 
    wmreditor@waynemadsenreport.com, captainmay@prodigy.net, 
    palast@gregpalast.com, henry@savethemales.ca, 
    chamish@netvision.net.il, smith@iamthewitness.com, 
    crescentandcross@gmail.com, articles@davidicke.com
Subject: URGENT : The Mossad takeover of Email and Websites
Message-ID: 
MIME-Version: 1.0

Hi,

Do not become offended if your popular email adress ending with

   @hotmail.com,
   @aol.com,
   @yahoo.com,

is skipped from this small email list. There's a very simple
reason for this, as a whois of these three domains will show ;


WHOIS HOTMAIL.COM : TAKENOVER BY THE MOSSAD
========================================================================
[jackson:stock]:(~)$ whois hotmail.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.


   Server Name: HOTMAIL.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
   IP Address: 69.41.185.211
   Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM
   Whois Server: whois.itsyourdomain.com
   Referral URL: http://www.itsyourdomain.com

   Server Name: HOTMAIL.COM.IS.N0T.AS.1337.AS.GULLI.COM
   IP Address: 80.190.192.24
   Registrar: KEY-SYSTEMS GMBH
   Whois Server: whois.rrpproxy.net
   Referral URL: http://www.key-systems.net

   Server Name: HOTMAIL.COM.IS.HOSTED.ON.PROFITHOSTING.NET
   IP Address: 66.49.213.213
   Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM
   Whois Server: whois.joker.com
   Referral URL: http://www.joker.com

   Server Name: HOTMAIL.COM.BR
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com

   Server Name: HOTMAIL.COM.AU
   Registrar: WILD WEST DOMAINS, INC.
   Whois Server: whois.wildwestdomains.com
   Referral URL: http://www.wildwestdomains.com

   Domain Name: HOTMAIL.COM
   Registrar: TUCOWS INC.
   Whois Server: whois.tucows.com
   Referral URL: http://domainhelp.opensrs.net
   Name Server: NS1.MSFT.NET
   Name Server: NS2.MSFT.NET
   Name Server: NS3.MSFT.NET
   Name Server: NS4.MSFT.NET
   Name Server: NS5.MSFT.NET
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 13-oct-2006		==========
   Creation Date: 27-mar-1996
   Expiration Date: 28-mar-2014


WHOIS AOL.COM : TAKENOVER BY THE MOSSAD
========================================================================
[jackson:stock]:(~)$ whois aol.com    

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.


   Server Name: AOL.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
   IP Address: 69.41.185.197
   Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM
   Whois Server: whois.itsyourdomain.com
   Referral URL: http://www.itsyourdomain.com

   Server Name: AOL.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
   IP Address: 203.36.226.2
   Registrar: TUCOWS INC.
   Whois Server: whois.tucows.com
   Referral URL: http://domainhelp.opensrs.net

   Server Name: AOL.COM.IS.N0T.AS.1337.AS.GULLI.COM
   IP Address: 80.190.192.24
   Registrar: KEY-SYSTEMS GMBH
   Whois Server: whois.rrpproxy.net
   Referral URL: http://www.key-systems.net

   Server Name: AOL.COM.IS.0WNED.BY.SUB7.NET
   IP Address: 216.78.25.45
   Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM
   Whois Server: whois.itsyourdomain.com
   Referral URL: http://www.itsyourdomain.com

   Server Name: AOL.COM.AINT.GOT.AS.MUCH.FREE.PORN.AS.SECZ.COM
   IP Address: 209.187.114.133
   Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM
   Whois Server: whois.itsyourdomain.com
   Referral URL: http://www.itsyourdomain.com

   Domain Name: AOL.COM
   Registrar: AMERICA ONLINE, INC. DBA AOL AND/OR COMPUSERVE-AOL
   Whois Server: whois.registrar.aol.com
   Referral URL: http://www.registrar.aol.com
   Name Server: DNS-01.NS.AOL.COM
   Name Server: DNS-02.NS.AOL.COM
   Name Server: DNS-06.NS.AOL.COM
   Name Server: DNS-07.NS.AOL.COM
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 24-oct-2006	=================
   Creation Date: 22-jun-1995
   Expiration Date: 23-nov-2007


WHOIS YAHOO.COM : TAKENOVER BY THE MOSSAD
========================================================================
[jackson:stock]:(~)$ whois yahoo.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.


   Server Name: YAHOO.COM.ZZZZZZ.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
   IP Address: 203.36.226.2
   Registrar: TUCOWS INC.
   Whois Server: whois.tucows.com
   Referral URL: http://domainhelp.opensrs.net

   Server Name: YAHOO.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
   IP Address: 69.41.185.196
   Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM
   Whois Server: whois.itsyourdomain.com
   Referral URL: http://www.itsyourdomain.com

   Server Name: YAHOO.COM.ZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
   IP Address: 217.107.217.167
   Registrar: ONLINENIC, INC.
   Whois Server: whois.OnlineNIC.com
   Referral URL: http://www.OnlineNIC.com

   Server Name: YAHOO.COM.VN
   Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
   Whois Server: whois.melbourneit.com
   Referral URL: http://www.melbourneit.com

   Server Name: YAHOO.COM.VIRGINCHASSIS.COM
   IP Address: 66.218.71.205
   Registrar: DOTSTER, INC.
   Whois Server: whois.dotster.com
   Referral URL: http://www.dotster.com

   Server Name: YAHOO.COM.UNIQUELYUJEWELS.COM
   IP Address: 66.218.71.205
   Registrar: TUCOWS INC.
   Whois Server: whois.tucows.com
   Referral URL: http://domainhelp.opensrs.net

   Server Name: YAHOO.COM.TWIXTEARS.COM
   IP Address: 66.218.71.205
   Registrar: DOTSTER, INC.
   Whois Server: whois.dotster.com
   Referral URL: http://www.dotster.com

   Server Name: YAHOO.COM.TW
   Registrar: GO DADDY SOFTWARE, INC.
   Whois Server: whois.godaddy.com
   Referral URL: http://registrar.godaddy.com

   Server Name: YAHOO.COM.SG
   Registrar: DOTSTER, INC.
   Whois Server: whois.dotster.com
   Referral URL: http://www.dotster.com

   Server Name: YAHOO.COM.OPTIONSCORNER.COM
   IP Address: 66.218.71.205
   Registrar: NAMESDIRECT.COM, INC.
   Whois Server: whois.namesdirect.com
   Referral URL: http://www.namesdirect.com

   Server Name: YAHOO.COM.MX
   Registrar: DIRECT INFORMATION PVT LTD D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.PublicDomainRegistry.com

   Server Name: YAHOO.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
   IP Address: 203.36.226.2
   Registrar: TUCOWS INC.
   Whois Server: whois.tucows.com
   Referral URL: http://domainhelp.opensrs.net

   Server Name: YAHOO.COM.JOSEJO.COM
   IP Address: 66.218.71.205
   Registrar: NAMESDIRECT.COM, INC.
   Whois Server: whois.namesdirect.com
   Referral URL: http://www.namesdirect.com

   Server Name: YAHOO.COM.JENNINGSASSOCIATES.NET
   IP Address: 66.218.71.205
   Registrar: DOTSTER, INC.
   Whois Server: whois.dotster.com
   Referral URL: http://www.dotster.com

   Server Name: YAHOO.COM.IS.N0T.AS.1337.AS.SEARCH.GULLI.COM
   IP Address: 80.190.192.24
   Registrar: KEY-SYSTEMS GMBH
   Whois Server: whois.rrpproxy.net
   Referral URL: http://www.key-systems.net

   Server Name: YAHOO.COM.HK
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com

   Server Name: YAHOO.COM.ELPOV.COM
   IP Address: 66.21.71.205
   Registrar: DOTSTER, INC.
   Whois Server: whois.dotster.com
   Referral URL: http://www.dotster.com

   Server Name: YAHOO.COM.DALLARIVA.COM
   IP Address: 66.218.71.205
   Registrar: DOTSTER, INC.
   Whois Server: whois.dotster.com
   Referral URL: http://www.dotster.com

   Server Name: YAHOO.COM.CHRISIMAMURAPHOTOWORKS.COM
   IP Address: 66.218.71.205
   Registrar: TUCOWS INC.
   Whois Server: whois.tucows.com
   Referral URL: http://domainhelp.opensrs.net

   Server Name: YAHOO.COM.BR
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com

   Server Name: YAHOO.COM.BGPETERSON.COM
   IP Address: 66.218.71.205
   Registrar: DOTSTER, INC.
   Whois Server: whois.dotster.com
   Referral URL: http://www.dotster.com

   Server Name: YAHOO.COM.AU
   Registrar: WILD WEST DOMAINS, INC.
   Whois Server: whois.wildwestdomains.com
   Referral URL: http://www.wildwestdomains.com

   Domain Name: YAHOO.COM
   Registrar: MARKMONITOR INC.
   Whois Server: whois.markmonitor.com
   Referral URL: http://www.markmonitor.com
   Name Server: NS1.YAHOO.COM
   Name Server: NS2.YAHOO.COM
   Name Server: NS3.YAHOO.COM
   Name Server: NS4.YAHOO.COM
   Name Server: NS5.YAHOO.COM
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 22-jul-2005	   ========================
   Creation Date: 18-jan-1995
   Expiration Date: 19-jan-2012



WHOIS GMAIL.COM : STILL OK, AS OF Tue Jun 19 07:47:50 CEST 2007
========================================================================
[jackson:stock]:(~)$ whois gmail.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.


   Domain Name: GMAIL.COM
   Registrar: MARKMONITOR INC.
   Whois Server: whois.markmonitor.com
   Referral URL: http://www.markmonitor.com
   Name Server: NS1.GOOGLE.COM
   Name Server: NS2.GOOGLE.COM
   Name Server: NS3.GOOGLE.COM
   Name Server: NS4.GOOGLE.COM
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 10-apr-2006
   Creation Date: 13-aug-1995
   Expiration Date: 12-aug-2014

Registrant:
        Google Inc. (DOM-425410)
        Please contact gmail-abuse@google.com 1600 Amphitheatre Parkway Mountain View CA 94043 US

    Domain Name: gmail.com

        Registrar Name: Markmonitor.com
        Registrar Whois: whois.markmonitor.com
        Registrar Homepage: http://www.markmonitor.com

    Administrative Contact:
        DNS Admin (NIC-1467103)  Google Inc.
        1600 Amphitheatre Parkway Mountain View CA 94043 US
        dns-admin@google.com +1.6502530000 Fax- +1.6506188571
    Technical Contact, Zone Contact:
        DNS Admin (NIC-1467103)  Google Inc.
        1600 Amphitheatre Parkway Mountain View CA 94043 US
        dns-admin@google.com +1.6502530000 Fax- +1.6506188571

    Created on..............: 1995-Aug-13.
    Expires on..............: 2014-Aug-12.
    Record last updated on..: 2006-Dec-29 18:36:05.

    Domain servers in listed order:

    NS1.GOOGLE.COM
    NS2.GOOGLE.COM
    NS3.GOOGLE.COM
    NS4.GOOGLE.COM


Please warn your friends who use AOL.COM, YAHOO.COM or HOTMAIL.COM  for
email to take appropiate measures regarding your EMAIL communications,
SOON !!!!!!

Best Regards,

Robert
PS. I am not affiliated to GMAIL or GOOGLE in any way by name, relation,
    business, friendship, marriage or whatever way one can imagine.
-- 
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org  stock@stokkie.net


MOSNEWS MN Files

MOSSAD takes over MOSNEWS.COM


Date: Tue, 19 Jun 2007 08:27:56 +0200 (CEST)
From: "Robert M. Stockmann" 
To: cloak.dagger@gmail.com, lennybloom@gmail.com, 
     stefangrossmann@t-online.de, too@slingshot.co.nz, 
     skolnick@ameritech.net, eric@vaticanassassins.org, 
     tips@infowars.com, tarpley@tarpley.net, tom@tomflocco.com, 
     takingaim@pacbell.net, stewwebb@sierranv.net, 
     prophecy@texemarrs.com, webmaster@rense.com, 
     wmreditor@waynemadsenreport.com, captainmay@prodigy.net, 
     palast@gregpalast.com, henry@savethemales.ca, 
     chamish@netvision.net.il, smith@iamthewitness.com, 
     crescentandcross@gmail.com, articles@davidicke.com
Subject: MOSSAD takes over MOSNEWS.COM
Message-ID: 
MIME-Version: 1.0

Hi,

The MOSSAD has takenover the popular website MOSNEWS.COM, which had
tons of info on the Russian Oligarchs :

[jackson:stock]:(~)$ whois mosnews.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.


   Domain Name: MOSNEWS.COM
   Registrar: REGISTER.COM, INC.
   Whois Server: whois.register.com
   Referral URL: http://www.register.com
   Name Server: DNS10.REGISTER.COM
   Name Server: DNS9.REGISTER.COM
   Status: clientDeleteProhibited
   Status: clientRenewProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 30-apr-2007
   Creation Date: 09-oct-2003
   Expiration Date: 09-oct-2007

   Registrant: 
      Eric Wolf
      Eric Wolf
      Slomtzion Ha-Malcha 24 
      Hertzelia, IL 46662
      IL
      Email: wolf.extreme@gmail.com

   Registrar Name....: REGISTER.COM, INC.
   Registrar Whois...: whois.register.com
   Registrar Homepage: www.register.com 

   Domain Name: mosnews.com

      Created on..............: Thu, Oct 09, 2003
      Expires on..............: Tue, Oct 09, 2007
      Record last updated on..: Wed, Feb 21, 2007

   Administrative Contact:
      Eric Wolf
      Eric Wolf
      Slomtzion Ha-Malcha 24 
      Hertzelia, IL 46662
      IL
      Phone: 972546236249
      Email: wolferic@mac.com

   Technical Contact:
      Register.Com
      Domain NULL Registrar
      575 8th Avenue 
      New York, NY 10018
      US
      Phone: 902-749-2701

   DNS Servers:

   dns10.register.com
   dns9.register.com

[jackson:stock]:(~)$ nslookup www.mosnews.com
Server:         10.0.18.71
Address:        10.0.18.71#53

Non-authoritative answer:
Name:   www.mosnews.com
Address: 67.19.18.66


[jackson:stock]:(~)$ whois 67.19.18.66

OrgName:    ThePlanet.com Internet Services, Inc. 
OrgID:      TPCM
Address:    1333 North Stemmons Freeway
Address:    Suite 110
City:       Dallas
StateProv:  TX
PostalCode: 75207
Country:    US

So the former valuable website MOSNEWS.COM is currently hosted
somewhere in Dallas, TX, under auspicious rendition by :

      Eric Wolf
      Eric Wolf
      Slomtzion Ha-Malcha 24 
      Hertzelia, IL 46662
      IL
      Email: wolf.extreme@gmail.com

Mr. Wolf (a family member of former Stasi DDR Spymaster Markus Wolf?) 
sure knew NOT to use email from aol.com, yahoo.com or hotmail.com.  I 
came to this remarkable insight after checking some links again on the 
webpage :

"Russian Israeli duel for power, oil and dirty cash"
 http://crashrecovery.org/fischer/

in particular :

  [7] "Campaign Against the Oligarchs", Updated: 23.09.2005 21:36 MSK
  http://www.mosnews.com/mn-files/oligarchs.shtml

  [8] "Boris Berezovsky", Updated: 31.10.2006 12:24 MSK
  http://www.mosnews.com/mn-files/berezovsky.shtml

To visit archived copies of these pages :

  [7] "Campaign Against the Oligarchs", Updated: 23.09.2005 21:36 MSK
  http://web.archive.org/web/20051121014913/http://www.mosnews.com/mn-files/oligarchs.shtml

  [8] "Boris Berezovsky", Updated: 31.10.2006 12:24 MSK
  http://web.archive.org/web/20051215132641/http://www.mosnews.com/mn-files/berezovsky.shtml


Checking Google for 

http://www.google.com/search?hl=en&q=Eric+Wolf%0D%0AMosnews&btnG=Google+Search

shows this :

Whatever happened to the WTC HARD-DRIVE recoveries? - Forums ...
You posting anymore lies about DNS entries and who owns MOSNEWS? 
... Eric Wolf Slomtzion Ha-Malcha 24 Hertzelia, IL 46662 IL Phone: 
972546236249 ...
www.libertyforum.org/showflat.php?Cat=& 
Board=news_crime&Number=1245955&page=0&view=collap... - 92k - 
Cached - Similar pages


  "seraphina
   (rebel)
   12/29/06 05:46 PM

   Re: Whatever happened to the WTC HARD-DRIVE recoveries?  [ To: 
   Aeryn_Sun  |  Post 295155565, reply to 295062100 ] (Score: 2)
   
    We must deal with Lie #25 from Aeryn_Sun: 
    
   The anally-obsessed Jew sex pest, writes:
   
   Quote:
   You posting anymore lies about DNS entries and who owns MOSNEWS?
    
   You don't even know how to obtain and read a DNS entry: 
    
   Quote:
   $ whois mosnews.com 
   [Querying whois.internic.net] 
   [Redirected to whois.register.com] 
   [Querying whois.register.com] 
   [whois.register.com] 
    
    Domain Name: MOSNEWS.COM 
    
    Created on..............: Thu, Oct 09, 2003 
    Expires on..............: Tue, Oct 09, 2007 
    Record last updated on..: Wed, Jul 05, 2006 
    
    Organization: 
    Eric Wolf 
    Slomtzion Ha-Malcha 24 
    Hertzelia, IL 46662 
    IL 
    Phone: 972546236249 
    Email: wolferic@mac.com 
    
    Administrative Contact: 
    Eric Wolf 
    Slomtzion Ha-Malcha 24 
    Hertzelia, IL 46662 
    IL 
    Phone: 972546236249 
    Email: wolferic@mac.com 
    
    Domain servers in listed order: 
    
    DNS9.REGISTER.COM 216.21.234.75 
    DNS10.REGISTER.COM 216.21.226.75 
    
   The admin contact for the MOSNEWS.COM domain is some yhid from 
   Herzelia, Israel. 
    
   End of Story, you devious piece of Jewish shit. "


Regards,

Robert
-- 
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org  stock@stokkie.net

MOSNEWS MN Files

Re: MOSSAD takes over MOSNEWS.COM


From: Greg Hallett 
Subject: Re: MOSSAD takes over MOSNEWS.COM
Date: Tue, 19 Jun 2007 20:46:25 +1200
To: Robert M. Stockmann 
X-Mailer: Apple Mail (2.752.3)
X-AntiVirus: scanned for viruses by AMaViS 0.2.4 (ftp://crashrecovery.org/pub/linux/amavis/)
X-Status: 
X-Keywords:                 

Robert,

Russia has been one big Jewish Olig since 1917.
As you know the Russian Revolution was a Jewish takeover of Russia,
which then spread communism, socialism and totalitarianism over the  
Western World
and formed the basis of the Cold War enemy, while  Israel ran the  
Cold War from other Jewlands, like London, New York Washington,
and other places the Israelis were occupying, like Fiordland, in the  
South Island of New Zealand.

Putin has been a Zionist for a long time, at least since 1980 when he  
was running
the Trawler Wars in and around New Zealand with the goal to launch a  
nuclear strike on Taupo in the North Island of New Zealand.
The Wairakei Geothermal Power Station, 20 km north of Taupo was  
producing all the heavy water for the Western World
from 1961 to around 1972 and was still on their nuclear hit list in  
2002.
The NZSIS base was Flight's Camp, just around the corner.

While in Wellington, Putin was getting his information off Helen  
Clark and Margaret Wilson, both KGB agents.
They are now the Prime Minister and Speaker of the House of Parliament.

So it's no wonder an Israeli secret service has taken over Moscow  
News/Mossad News.
No doubt this would have occurred with complete Putin complicity.
After all, it was Jewish bankers who put Putin in power by allowing  
Yeltsin to steal some US$1 billion or more,
have this 'discovered' then have Yeltsin call Putin for help.
Putin then bargained to help Yeltsin in exchange for the presidency  
before the end of 1999.
Yeltsin complied, at the last moment, on 31 December 1999 . . . and  
the rest of Russian history is Zionist history.
Not that the previous 83 years wasn't Zionist history also.

When you look at wars now, you have to look at what hand the Jews had  
in it,
and there are few notable wars without their involvement.

"Anti-Semitism" is the Jewish version of an 'eccumenical slap on the  
wrist'.
It is an empowered word designed to work like "excommunication for  
raising the paedophile issue".
Both are warranted . . . so its good to expose Catholic paedophiles
and its good to expose the wrongdoings of Jews and of Israel . . .
So when one is 'excommunicated' and labeled 'anti-Semitic', one  
should feel proud,
just as one should feel proud to be 'homophobic', if indeed, they are  
homophobic.

Since the Jews own so much of the media, most say it's bad to be  
'anti-Semitic' as a way of keeping their jobs secure.
I have certainly found, that in writing history', if you are prepared  
to be anti-Semitic, you can write the truth about history.
The truth of the 20th century has not been told, because the  
historians weren't prepared to write anything negative about Jews.

Since the Jews were so thoroughly involved in creating WWII and the  
Cold War,
misnamed 'anti-Semitic' writers can now write the truth, and feel  
proud about it.
So, in the name of 'truth',
let's disempower the word "anti-Semitic" and write how things really  
went down,
only not in Russia,
as the Mossad own MosNews,
so the chances of getting this message over their wireless are all  
but lost,
once again.

I think the public should know that Putin is a Zionist,
and that he is not acting in the best interests of Russia, but in the  
best interests of Jewish interests in Russia . . .
and Russian politics over the last 100 years can best be described as  
lies upon lies, upon lies, upon lies, and only the best liars reach  
the top.
So at the top of Russia is another Zionist liar, and his name is  
Vladimir Putin.

Remind me why Putin doesn't disclose where he was 1980-82?

King regards,

Greg Hallett


High Alert, good websites get taken down


Date: Tue, 8 Jan 2008 22:23:31 +0100 (CET)
From: "Robert M. Stockmann" 
To: stewwebb@sierranv.net, stefangrossmann@t-online.de, 
     too@slingshot.co.nz, wmreditor@waynemadsenreport.com, 
     palast@gregpalast.com, tom@tomflocco.com, skolnick@ameritech.net, 
     henry@savethemales.ca, leurenmoret@yahoo.com, 
     prophecy@texemarrs.com, smith@iamthewitness.com, 
     eric@iamthewitness.com, captainmay@prodigy.net, 
     tarpley@tarpley.net, takingaim@pacbell.net, webmaster@rense.com, 
     articles@davidicke.com, chamish@netvision.net.il, 
     michaelcollinspiper1960@yahoo.com, crescentandcross@gmail.com, 
     tips@infowars.com, cloak.dagger@gmail.com, lennybloom@gmail.com, 
     eric@vaticanassassins.org, email@spirituallysmart.com, 
     deadlinelive@yahoo.com, alanwattcuttingthrough@yahoo.com, 
     Tillawi@currentissues.tv
Subject: High Alert, good websites get taken down
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Status: RO
X-Status: 
X-Keywords:                 

Hi,

Here's one :

   http://www.staatsbriefe.de/

This website is gone. How did i came across that? Check your favorite
webpages frequently, like this one :

   "OPERATION CYANIDE"
   http://www.wakeupfromyourslumber.com/node/1948

And check for missing pictures. Apparently this picture is gone :
http://www.staatsbriefe.de/1994/bilder/cyanide.jpg

But also this picture is gone :
http://www.talkingproud.us/ImagesHistory/LBJVietnamPhotos/Helms.jpg

From http://web.archive.org/web/20061125013154/www.staatsbriefe.de/start.htm
goto to the bottom and click on "VERWEISE" (links) :

   http://www.klaus-krusche.de/
   Unabhängiger Online-Publizist

Well he's gone too, what's next :

   http://www.johnkaminski.com/
   Unabhängiger Online-Publizist (USA)

Yep, John Kaminski has been stripped of his .com domain also.
Anyone who has heard from John Kaminski recently?

   http://www.americanfreepress.net/
   US-Zeitung, die sich nicht zum Mainstream zählt.

Well they are still here today. But it seems some nasty crap, annihilating
_INDEPENDENT_ reporting, is happening as we speak. So what's left today?

I'm getting a little sick and tired of that hyped up Ron Paul campaign. 
The guy tells some good things, but he omits certain key issues. STOP 
recycling that Ron Paul stuff, it will kill all your last working brain 
cells. I'm not gonna listen for another 9 months to all this Ron Paul 
Campaganda when the elections are only in November 2008. Sure go ahead, 
elect the guy, but it takes more as one guy to clean up Washington D.C.

Cheers,

Robert
-- 
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org  stock@stokkie.net

A renewed reading of John Kaminksi's interesting blog articles comes highly recommended. His last published article is part III: Who Are They?" of a series titled Mindlock. In it Kaminski identifies the real hazards and dangers whom a Unabhängiger Online-Publizist can expect. From my own experience i can only admit that Kaminksi was right on the money. Interesting enough after Kaminski's Internet Essays were pulled down, running a blogsite became the new game in town.
Although John was stripped from his .com website, he soon after registered a .info domain instead on Jul 2, 2008, and today runs the website http://johnkaminski.info/.

Cloak and Dagger under blackbox routing attack


Date: Tue, 15 May 2007 12:27:30 +0200 (CEST)
From: "Robert M. Stockmann" 
To: cloak.dagger@gmail.com, lennybloom@gmail.com, 
     stefangrossmann@t-online.de, too@slingshot.co.nz, 
     skolnick@ameritech.net, eric@vaticanassassins.org, 
     tips@infowars.com, prisonplanetweb@hotmail.com, 
     tarpley@tarpley.net, tom@tomflocco.com, takingaim@pacbell.net, 
     stewwebb@sierranv.net, prophecy@texemarrs.com, 
     deadlinelive@yahoo.com, webmaster@rense.com, 
     wmreditor@waynemadsenreport.com, captainmay@prodigy.net, 
     palast@gregpalast.com, henry@savethemales.ca, 
     leurenmoret@yahoo.com, michaelcollinspiper1960@yahoo.com, 
     chamish@netvision.net.il, smith@iamthewitness.com
Subject: Cloak and Dagger under blackbox routing attack
In-Reply-To: <291a79940705142228t5b24f1a2y5a2a73c052b44575@mail.gmail.com>
Message-ID: 
MIME-Version: 1.0

Hi,

It seems that a couple of very nasty backbone router goons have 
recently aquired the capabilities of blackbox routing manipulation.  
These 'goons' turn out to be NOT your nextdoor hacker wannabee's, but 
are merely organized crime Corporations with full access and control of 
large IP-NETWORKS comprising A and B CLASS ip-ranges, which turn out to 
be in use at the most important backbone Global IP-ROUTING and ATM 
SWITCHING Internet Exchange Point's.

In the below presented case they are found present at the Amsterdam 
(AMS-IX) Internet Exchange Point [1], and The Pan American (PAIX) 
Internet Exchange Point in New York, MAE-East [2], and the Frankfurt 
Internet Exchange (F-IX) [3], and obviously the Toronto Internet 
Exchange (TorIX) [4] :

[1] Amsterdam : http://www.ams-ix.net/
[2] New York  : http://www.paix.net/
                http://www.mae.net/fac/mae-east.htm
                http://en.wikipedia.org/wiki/MAE-East
[3] Frankfurt : http://www.de-cix.net/
                http://www.franap.net/
                http://www.kleyrex.net/
[4] Toronto   : http://www.torix.net/


>From stock@stokkie.net Tue May 15 01:21:51 2007 +0200
Date: Tue, 15 May 2007 01:21:50 +0200 (CEST)
From: "Robert M. Stockmann" 
To: noc@cogentco.com, abuse@cogentco.com, ipalloc@cogentco.com
cc: cloak.dagger@gmail.com, lennybloom@gmail.com, stewwebb@sierranv.net, 
     tom@tomflocco.com, stefangrossmann@t-online.de, 
     too@slingshot.co.nz, eric@vaticanassassins.org
Subject: [ABUSE] PSI/COGENTCO blackbox routing harassment
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0


Sent by EMAIL and FAX

      Cogent Communications/
      Performance Systems International
      1015 31ST ST NW
      WASHINGTON, DC 20007-4406
      USA
      tel: +1 202-295-4200 
      fax: +1 202-338-8798
      noc@cogentco.com, abuse@cogentco.com, ipalloc@cogentco.com.

Subject : [ABUSE] PSI/COGENTCO blackbox routing harassment

Dear Network Operators,

After further investigation, it's straightforward evident to me that 
the web-server hosting of www.cloakanddagger.de (213.68.215.8) is 
severely compromised. In previous months www.cloakanddagger.de simply 
was blocked, hacked or put offline. 

This time "they" (Orca Associates?) have installed/(or hired?) a more
sophisticated team of "Certified Ethical Hacker's" (www.eccouncil.org)??

Well so it seems to me. I did some traceroute's and added a new tool 
called tcptraceroute, which does the same as traceroute but uses the 
more commonly used tcp port 80 (http), which needs to be open for 
webservers.

I did a traceroute and tcptraceroute (on port 80) from my own ADSL at 
home, and at a ADSL located at a customer of my company Stockmann 
Automatisering :

Traceroute at home :
------------------------------------------------------------------------

[jackson:root]:(~)# traceroute www.cloakanddagger.de
traceroute to www.cloakanddagger.de (213.68.215.8), 30 hops max, 46 byte packets
 1  hubble (10.0.18.72)  0.264 ms  0.162 ms  0.500 ms
 2  1-28.bbned.dsl.internl.net (82.215.28.1)  10.272 ms  9.615 ms  9.560 ms
 3  ge1-1.xr1.nik-asd.internl.net (217.149.196.33)  10.090 ms  9.804 ms  10.184 
ms
 4  v265.mpd01.ams03.atlas.cogentco.com (130.117.242.149)  10.529 ms  10.500 ms 
 10.086 ms
 5  t4-2.mpd01.ams03.atlas.cogentco.com (130.117.2.65)  10.600 ms  10.515 ms  10
.618 ms
 6  t2-0-0.core01.ams03.atlas.cogentco.com (130.117.0.33)  88.223 ms  88.544 ms 
 87.917 ms
 7  p1-0.core01.lon01.atlas.cogentco.com (130.117.1.225)  90.183 ms  90.200 ms  
90.166 ms
 8  t1-4.mpd02.lon01.atlas.cogentco.com (130.117.1.74)  18.502 ms  18.128 ms  18
.164 ms
 9  * t8-1.mpd03.jfk02.atlas.cogentco.com (66.28.4.41)  90.459 ms  89.883 ms
10  v3491.mpd01.jfk05.atlas.cogentco.com (154.54.7.10)  93.609 ms  93.857 ms  93
.433 ms
11  g13-0-0.core01.jfk05.atlas.cogentco.com (154.54.1.154)  87.876 ms  87.863 ms
  87.892 ms
12  uunet.jfk05.atlas.cogentco.com (154.54.12.182)  94.153 ms  94.103 ms  93.367
 ms
13  0.so-2-3-0.XL3.NYC4.ALTER.NET (152.63.3.154)  92.895 ms  92.519 ms  93.331 m
s
14  0.so-2-0-0.IL1.NYC9.ALTER.NET (152.63.9.241)  93.415 ms  93.025 ms  93.846 m
s
15  0.so-1-0-0.IR1.NYC12.ALTER.NET (152.63.23.62)  93.667 ms  93.365 ms  93.622 
ms
16  so-7-0-0.TR1.FFT1.ALTER.NET (146.188.15.217)  183.575 ms  183.011 ms  183.53
0 ms
17  so-4-0-0.XR1.FFT4.ALTER.NET (146.188.3.110)  179.571 ms  179.640 ms  179.597
 ms
18  POS0-0-0.GW11.FFT4.ALTER.NET (149.227.22.6)  184.289 ms  184.049 ms  184.540
 ms
19  Orca-up.Wiesbaden.de.ALTER.NET (139.4.22.118)  185.225 ms  185.001 ms  184.7
79 ms
20  * * *
21  * * *
22  * * *

[jackson:root]:(~)#


TCPTraceroute at home :
------------------------------------------------------------------------

[jackson:root]:(~)# tcptraceroute www.cloakanddagger.de
Selected device eth0, address 10.0.18.71, port 33807 for outgoing packets
Tracing the path to www.cloakanddagger.de (213.68.215.8) on TCP port 80 (http), 
30 hops max
 1  10.0.18.72  0.280 ms  0.328 ms  0.485 ms
 2  1-28.bbned.dsl.internl.net (82.215.28.1)  10.470 ms  9.811 ms  9.582 ms
 3  ge1-1.xr1.nik-asd.internl.net (217.149.196.33)  10.305 ms  9.894 ms  10.597 
ms
 4  v265.mpd01.ams03.atlas.cogentco.com (130.117.242.149)  9.790 ms  10.114 ms  
9.878 ms
 5  t4-2.mpd01.ams03.atlas.cogentco.com (130.117.2.65)  10.502 ms  10.601 ms  10
.204 ms
 6  t2-0-0.core01.ams03.atlas.cogentco.com (130.117.0.33)  88.019 ms  88.085 ms 
 88.399 ms
 7  p1-0.core01.lon01.atlas.cogentco.com (130.117.1.225)  89.858 ms  89.793 ms  
89.682 ms
 8  t1-4.mpd02.lon01.atlas.cogentco.com (130.117.1.74)  23.749 ms  18.408 ms  18
.458 ms
 9  t8-1.mpd03.jfk02.atlas.cogentco.com (66.28.4.41)  90.349 ms  89.573 ms  91.1
02 ms
10  v3491.mpd01.jfk05.atlas.cogentco.com (154.54.7.10)  93.584 ms  93.477 ms  93
.807 ms
11  g13-0-0.core01.jfk05.atlas.cogentco.com (154.54.1.154)  87.632 ms  87.350 ms
  87.623 ms
12  uunet.jfk05.atlas.cogentco.com (154.54.12.182)  93.800 ms  94.339 ms  93.819
 ms
13  0.so-2-1-0.XL3.NYC4.ALTER.NET (152.63.3.150)  93.579 ms  93.458 ms  92.840 m
s
14  0.so-2-0-0.IL1.NYC9.ALTER.NET (152.63.9.241)  93.548 ms  93.528 ms  92.994 m
s
15  0.so-1-0-0.IR1.NYC12.ALTER.NET (152.63.23.62)  94.627 ms  93.224 ms  93.078 
ms
16  so-7-0-0.TR1.FFT1.ALTER.NET (146.188.15.217)  183.230 ms  182.705 ms  183.01
2 ms
17  so-0-1-0.XR1.FFT4.ALTER.NET (146.188.8.133)  178.609 ms  177.607 ms  178.047
 ms
18  POS0-0-0.GW11.FFT4.ALTER.NET (149.227.22.6)  201.967 ms  199.097 ms  200.252
 ms
19  Orca-up.Wiesbaden.de.ALTER.NET (139.4.22.118)  184.728 ms  184.591 ms  184.6
92 ms
20  * * *
21  213.68.215.8 [open]  184.966 ms  184.823 ms  185.730 ms
[jackson:root]:(~)# 


Traceroute at customer :
------------------------------------------------------------------------
[mail:root]:(~)# traceroute www.cloakanddagger.de
traceroute to www.cloakanddagger.de (213.68.215.8), 30 hops max, 38 byte packets
 1  sdsllan (194.123.233.249)  0.348 ms  0.279 ms  0.293 ms
 2  gv-dc2-ias-ard11.nl.kpn.net (62.12.4.26)  7.908 ms  5.360 ms  5.365 ms
 3  gv-dc2-ipc-cr02.nl.kpn.net (195.190.232.74)  9.774 ms  285.277 ms  8.002 ms
 4  rt-dc2-ipc-br02.nl.kpn.net (195.190.232.75)  8.937 ms  8.710 ms  11.327 ms
 5  195.190.233.98 (195.190.233.98)  9.347 ms  10.428 ms  9.221 ms
 6  asd-dc2-ias-ur10.nl.kpn.net (195.190.227.7)  7.400 ms  7.849 ms  7.882 ms
 7  asd-dc2-ipc-br02.nl.kpn.net (195.190.227.203)  8.961 ms  11.157 ms  8.852 ms
 8  asd-dc2-ias-csg01.nl.kpn.net (195.190.227.202)  8.264 ms  8.291 ms  7.811 ms
 9  193.172.217.118 (193.172.217.118)  8.281 ms  7.544 ms  7.813 ms
10  so-1-2-0.TR1.AMS2.ALTER.NET (146.188.5.93)  10.765 ms  9.427 ms  9.922 ms
11  so-6-1-0.TR2.FFT1.ALTER.NET (146.188.15.214)  16.144 ms  15.238 ms  16.109 ms
12  so-2-0-0.XR2.FFT4.ALTER.NET (146.188.8.145)  16.551 ms  14.879 ms  15.277 ms
13  POS12-0-0.GW11.FFT4.ALTER.NET (149.227.22.34)  14.456 ms  14.458 ms  15.288 ms
14  Orca-up.Wiesbaden.de.ALTER.NET (139.4.22.118)  15.729 ms  15.742 ms  15.261 ms
15  * * *
16  * * *
17  * * *

[mail:root]:(~)# 


TCPTraceroute at customer :
------------------------------------------------------------------------

[mail:root]:(~)# tcptraceroute www.cloakanddagger.de
Selected device eth0, address 194.123.233.250, port 44752 for outgoing packets
Tracing the path to www.cloakanddagger.de (213.68.215.8) on TCP port 80 (http), 30 hops max
 1  sdsllan (194.123.233.249)  0.284 ms  0.257 ms  0.232 ms
 2  gv-dc2-ias-ard11.nl.kpn.net (62.12.4.26)  31.691 ms  6.207 ms  6.142 ms
 3  gv-dc2-ipc-cr02.nl.kpn.net (195.190.232.74)  9.746 ms  10.404 ms  9.492 ms
 4  rt-dc2-ipc-br02.nl.kpn.net (195.190.232.75)  10.251 ms  10.045 ms  9.857 ms
 5  195.190.233.98  10.268 ms  10.080 ms  10.306 ms
 6  asd-dc2-ias-ur10.nl.kpn.net (195.190.227.7)  7.954 ms  8.351 ms  7.789 ms
 7  asd-dc2-ipc-br02.nl.kpn.net (195.190.227.203)  10.156 ms  9.936 ms  9.862 ms
 8  asd-dc2-ias-csg01.nl.kpn.net (195.190.227.202)  8.369 ms  8.352 ms  7.813 ms
 9  193.172.217.118  8.224 ms  8.447 ms  9.082 ms
10  so-1-2-0.TR1.AMS2.ALTER.NET (146.188.5.93)  9.446 ms  9.110 ms  9.005 ms
11  so-6-0-0.TR1.FFT1.ALTER.NET (146.188.8.162)  31.839 ms  16.427 ms  15.015 ms
12  so-0-1-0.XR1.FFT4.ALTER.NET (146.188.8.133)  15.272 ms  14.927 ms  14.818 ms
13  POS0-0-0.GW11.FFT4.ALTER.NET (149.227.22.6)  14.843 ms  14.649 ms  14.847 ms
14  Orca-up.Wiesbaden.de.ALTER.NET (139.4.22.118)  16.498 ms  16.117 ms  15.701 ms
15  213.68.215.8  16.528 ms  16.779 ms  17.745 ms
16  213.68.215.8 [open]  16.057 ms  16.289 ms  16.927 ms
[mail:root]:(~)# 

It's clear that, in my case, two Corporations called PSI and COGENTO 
are at play here. PSI uses 130.117.xxx.yyy and 154.54.xxx.yyy and 
COGENTO uses 66.28.xxx.yyy in the example from my home :

PSI :
------------------------------------------------------------------------
OrgName:    Performance Systems International Inc. 
OrgID:      PSI
Address:    1015 31st St NW
City:       Washington
StateProv:  DC
PostalCode: 20007
Country:    US

NetRange:   130.117.0.0 - 130.117.255.255 
CIDR:       130.117.0.0/16 
NetName:    COGENT-EUROPEAN-OPERATIONS-001
NetHandle:  NET-130-117-0-0-1
Parent:     NET-130-0-0-0-0
NetType:    Direct Assignment

NetRange:   154.54.0.0 - 154.54.255.255 
CIDR:       154.54.0.0/16 
NetName:    PSINET-B2-54
NetHandle:  NET-154-54-0-0-1
Parent:     NET-154-0-0-0-0
NetType:    Direct Assignment


COGENTCO:
------------------------------------------------------------------------
OrgName:    Cogent Communications 
OrgID:      COGC
Address:    1015 31st St NW
City:       Washington
StateProv:  DC
PostalCode: 20007
Country:    US

NetRange:   66.28.0.0 - 66.28.255.255 
CIDR:       66.28.0.0/16 
NetName:    COGENT-NB-0000
NetHandle:  NET-66-28-0-0-1
Parent:     NET-66-0-0-0-0
NetType:    Direct Allocation

COGENTCO and PSI are clearly close business partners in what ever they 
are doing. Comparing the above traceroute and tcptraceroute results 
with those at my customers location, its clear that 'certain' regular 
visitors of cloakanddagger.de are being harrassed by blackbox routing 
over ip-networks in the ownership of COGENTCO/PSI..

It's most likely that both Lenny Bloom and Tom Heneghan, site owners of 
www.cloakanddagger.de, are faced with the same 'blackbox' PSI/COGENTCO 
harassment, as they stated that access to their webserver 
www.cloakanddagger.de was severely compromised because they could not 
publish or edit their own website content anymore.

I'm most confident that the 'blackbox' routing will be removed from the 
IP-NETWORK ranges in ownership of COGENTCO and PSI. Thanking you for 
your cooperation, I reside,

Yours Sincerely,

Robert M. Stockmann
-- 
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org  stock@stokkie.net



On Tue, 15 May 2007, Lenny Bloom wrote:

> Date: Tue, 15 May 2007 01:28:43 -0400
> From: Lenny Bloom 
> To: Robert M. Stockmann 
> Subject: Re: Give us some Cloak audio!
> 
> I cannot get access to publish to the Cloak.
> For whatever reason which I dont know I can't and really am handcuffed.
> Be Patient.
> Lenny
> 
> 
> On 5/14/07, Robert M. Stockmann  wrote:
> >
> >
> > Hi Lenny,
> >
> > As Dunblaine Tony gets kicked out of Downingstreet 10, and Bush has
> > moved to COG (Continuity of Government) and COOP (Continuity of
> > Operations), a clear defensive strategy to save ones Presidential butt,
> > I wonder to myself :
> >
> > Where's the new Cloak audio's ?
> >
> > Cheers,
> >
> > Robert
-- 
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org  stock@stokkie.net


Register.com Internet Assigned Numbers Authority






Compromised DNS backbone providers


It turns out that my own DNS servers, hooked up to my ADSL at home, are blocked, somehow, from querying when finding certain websites. e.g. http://xckd.com/, http://www.globalhealthfreedom.org/, etc. all result in :
An error occurred while loading http://www.globalhealthfreedom.org/:

Unknown host www.healthfreedomusa.org
Interesting enough when inserting the dialup nameserver ip's from my ADSL ISP, into /etc/resolv.conf or as forwarders inside named.conf, the above two websites suddenly work normally again. So this looks like a harassement targeted at my 100% independent running DNS/Web/Email servers, which i setup to work from my ADSL at home.
Date: Fri, 29 Jun 2007 07:39:35 +0200 (CEST)
From: "Robert M. Stockmann" 
To: iana@iana.org
Subject: Compromised DNS backbone providers
Message-ID: 
MIME-Version: 1.0


Internet Assigned Numbers Authority
4676 Admiralty Way, Suite 330 
Marina del Rey, CA  90292 
USA

+1-310-823-9358 (phone) 
+1-310-823-8649 (facsimile)

Subject: Compromised DNS backbone providers

Dear Sir/Madam,

As many of you have noticed recently, is that a lot, and i mean
a LOT of usefull websites have gone offline. Typically websites
which report about serious issues concerning all kind of aspects
with regards to our current troubled times. So how far does
this dirty gambit rabbit hole go?

Here's a couple :

www.mediabypass.com 		Registrar of Record: TUCOWS, INC.
				Whois Server: whois.tucows.com
				Name Server: NS1.WVR.NET
				Problem: No DNS records active

www.healthfreedomusa.org	Registrar of Record: Go Daddy Software, Inc.
				Whois Server: whois.godaddy.com
				Name Server:NS29.1AND1.COM
				Problem: No DNS records active

www.crystalinks.com		Registrar of Record: NETWORK SOLUTIONS, LLC.
                          	Whois Server: whois.networksolutions.com
				Name Server: NS29.1AND1.COM
				Problem: No DNS records active

www.newworldorderchat.com	Registrar: DOTSTER, INC.
				Whois Server: whois.dotster.com
				Name Server: NS1.STORMDNS.COM
				Problem: No DNS records active

www.lp.org			Registrar of Record: NETWORK SOLUTIONS, LLC.
                          	Whois Server: whois.networksolutions.com
				Name Server: NS1.LP.ORG
				Problem: No DNS records active

Although the nameservers of the above DNS-less domains could still be 
alive with their ip-numbers, the whois service of the Registrar of 
Record could have been compromised by secret service. So lets check the 
whois servers of the above 4 domains :

WHOIS TUCOWS.COM :
========================================================================
[jackson:stock]:(~)$ whois tucows.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Server Name: TUCOWS.COM.RESPECTED.BY.WWW.DNDIALOG.COM
   IP Address: 81.177.3.240
   Registrar: MONIKER ONLINE SERVICES, INC.
   Whois Server: whois.moniker.com
   Referral URL: http://www.moniker.com/whois.html

   Domain Name: TUCOWS.COM
   Registrar: TUCOWS INC.
   Whois Server: whois.tucows.com
   Referral URL: http://domainhelp.opensrs.net
   Name Server: DNS1.TUCOWS.COM
   Name Server: DNS2.TUCOWS.COM
   Name Server: DNS3.TUCOWS.COM
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 13-oct-2006
   Creation Date: 07-sep-1995
   Expiration Date: 06-sep-2007


WHOIS NETWORKSOLUTIONS.COM :
========================================================================
[jackson:stock]:(~)$ whois networksolutions.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Server Name: NETWORKSOLUTIONS.COM.RESPECTED.BY.WWW.DNDIALOG.COM
   IP Address: 81.177.3.240
   Registrar: MONIKER ONLINE SERVICES, INC.
   Whois Server: whois.moniker.com
   Referral URL: http://www.moniker.com/whois.html

   Domain Name: NETWORKSOLUTIONS.COM
   Registrar: NETWORK SOLUTIONS, LLC.
   Whois Server: whois.networksolutions.com
   Referral URL: http://www.networksolutions.com
   Name Server: NS1.NETSOL.COM
   Name Server: NS2.NETSOL.COM
   Name Server: NS3.NETSOL.COM
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 26-jun-2006
   Creation Date: 27-apr-1998
   Expiration Date: 26-apr-2016


WHOIS DOTSTER.COM :
========================================================================
[jackson:stock]:(~)$ whois dotster.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Server Name: DOTSTER.COM.RESPECTED.BY.WWW.DNDIALOG.COM
   IP Address: 81.177.3.240
   Registrar: MONIKER ONLINE SERVICES, INC.
   Whois Server: whois.moniker.com
   Referral URL: http://www.moniker.com/whois.html

   Server Name: DOTSTER.COM.IMAGESOFWNC.COM
   IP Address: 64.94.117.196
   Registrar: DOTSTER, INC.
   Whois Server: whois.dotster.com
   Referral URL: http://www.dotster.com


   Server Name: DOTSTER.COM.GOLDENHEARTGROUP.COM
   IP Address: 66.11.230.74
   Registrar: DOTSTER, INC.
   Whois Server: whois.dotster.com
   Referral URL: http://www.dotster.com

   Domain Name: DOTSTER.COM
   Registrar: DOTSTER, INC.
   Whois Server: whois.dotster.com
   Referral URL: http://www.dotster.com
   Name Server: NS1.DOTSTER.COM
   Name Server: NS2.DOTSTER.COM
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 27-apr-2007
   Creation Date: 12-dec-1999
   Expiration Date: 12-dec-2011


WHOIS GODADDY.COM :
========================================================================
[jackson:stock]:(~)$ whois godaddy.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Server Name: GODADDY.COM.THEANTHEMS.NET
   IP Address: 68.178.211.122
   Registrar: TUCOWS INC.
   Whois Server: whois.tucows.com
   Referral URL: http://domainhelp.opensrs.net

   Server Name: GODADDY.COM.SANGRAALBODYWORK.COM
   IP Address: 68.178.211.122
   Registrar: DOTSTER, INC.
   Whois Server: whois.dotster.com
   Referral URL: http://www.dotster.com

   Server Name: GODADDY.COM.RUSSIANHORNY4U.COM
   IP Address: 68.178.211.9
   Registrar: WILD WEST DOMAINS, INC.
   Whois Server: whois.wildwestdomains.com
   Referral URL: http://www.wildwestdomains.com

   Server Name: GODADDY.COM.RESPECTED.BY.WWW.DNDIALOG.COM
   IP Address: 81.177.3.240
   Registrar: MONIKER ONLINE SERVICES, INC.
   Whois Server: whois.moniker.com
   Referral URL: http://www.moniker.com/whois.html

   Server Name: GODADDY.COM.QUINTAFLORIDA.COM
   IP Address: 68.178.254.161
   Registrar: DOTSTER, INC.
   Whois Server: whois.dotster.com
   Referral URL: http://www.dotster.com

   Server Name: GODADDY.COM.NIFTYENGLISH.NET
   IP Address: 64.202.165.10
   IP Address: 64.202.167.92
   Registrar: A TECHNOLOGY COMPANY, INC. D/B/A NAMESYSTEM.COM
   Whois Server: whois.namesystem.com
   Referral URL: http://www.NameSystem.com

   Server Name: GODADDY.COM.NAIVEDESIGN.NET
   IP Address: 68.178.254.73
   Registrar: WILD WEST DOMAINS, INC.
   Whois Server: whois.wildwestdomains.com
   Referral URL: http://www.wildwestdomains.com

   Server Name: GODADDY.COM.MADE4BABES.COM
   IP Address: 68.178.254.107
   Registrar: DOTSTER, INC.
   Whois Server: whois.dotster.com
   Referral URL: http://www.dotster.com

   Server Name: GODADDY.COM.KOEUNPARK.COM
   IP Address: 64.202.167.92
   IP Address: 64.202.165.10
   Registrar: A TECHNOLOGY COMPANY, INC. D/B/A NAMESYSTEM.COM
   Whois Server: whois.namesystem.com
   Referral URL: http://www.NameSystem.com

   Server Name: GODADDY.COM.KARLAADAMS.COM
   IP Address: 63.241.136.156
   Registrar: GO DADDY SOFTWARE, INC.
   Whois Server: whois.godaddy.com
   Referral URL: http://registrar.godaddy.com

   Server Name: GODADDY.COM.JMAHERREALTOR.COM
   IP Address: 64.202.165.70
   Registrar: NAMESDIRECT.COM, INC.
   Whois Server: whois.namesdirect.com
   Referral URL: http://www.namesdirect.com

   Server Name: GODADDY.COM.INDYMETROWOMAN.COM
   IP Address: 68.178.254.122
   Registrar: DSTR ACQUISITION. I, LLC DBA 000DOMAINS.COM
   Whois Server: whois.000domains.com
   Referral URL: http://www.000domains.com

   Server Name: GODADDY.COM.HOPEHASFAILEDUS.COM
   IP Address: 64.202.163.148
   Registrar: GO DADDY SOFTWARE, INC.
   Whois Server: whois.godaddy.com
   Referral URL: http://registrar.godaddy.com

   Server Name: GODADDY.COM.GGONYA.NET
   IP Address: 64.202.167.92
   IP Address: 64.202.165.10
   Registrar: A TECHNOLOGY COMPANY, INC. D/B/A NAMESYSTEM.COM
   Whois Server: whois.namesystem.com
   Referral URL: http://www.NameSystem.com

   Server Name: GODADDY.COM.DATINGMATCHUP.NET
   IP Address: 68.178.232.44
   Registrar: WILD WEST DOMAINS, INC.
   Whois Server: whois.wildwestdomains.com
   Referral URL: http://www.wildwestdomains.com

   Server Name: GODADDY.COM.DAHLGLASS.NET
   IP Address: 64.202.163.8
   Registrar: DOTSTER, INC.
   Whois Server: whois.dotster.com
   Referral URL: http://www.dotster.com

   Server Name: GODADDY.COM.AND.ALEX.FUCKED.BY.WWW.DNDIALOG.COM
   IP Address: 81.177.3.240
   Registrar: MONIKER ONLINE SERVICES, INC.
   Whois Server: whois.moniker.com
   Referral URL: http://www.moniker.com/whois.html

   Domain Name: GODADDY.COM
   Registrar: GO DADDY SOFTWARE, INC.
   Whois Server: whois.godaddy.com
   Referral URL: http://registrar.godaddy.com
   Name Server: CNS1.SECURESERVER.NET
   Name Server: CNS2.SECURESERVER.NET
   Name Server: CNS3.SECURESERVER.NET
   Status: clientDeleteProhibited
   Status: clientRenewProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 24-jan-2007
   Creation Date: 02-mar-1999
   Expiration Date: 02-mar-2016

So it seems that none of the above 4 toplevel whois/dns providers have 
their own whois record secured. Through this security flaw, the whois  
service hijackers can render any website offline by publishing 
false DNS server records for the client domain. 

Probably by overruling whois servers like WHOIS.TUCOWS.COM, 
WHOIS.NETWORKSOLUTIONS.COM, WHOIS.DOTSTER.COM and WHOIS.GODADDY.COM by 
using a different whois server, the DNS record nuke Gig is executed.

Through the listing of "extra" additional whois server records _ABOVE_ 
the real whois server, the published DNS server records for the client 
domain can be changed into erroneous DNS nameserver names or ip-numbers.

This means serious trouble, and if not resolved and cleaned up soon,
these offenders might take the whole internet down.

Yours Sincerely,

Robert M. Stockmann
-- 
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org  stock@stokkie.net


Register.com Internet Assigned Numbers Authority






Re: [IANA #91363] Compromised DNS backbone providers


Date: Sun, 15 Jul 2007 21:10:48 +0200 (CEST)
From: "Robert M. Stockmann" <stock@stokkie.net>
To: Kim Davies via RT <iana-questions@icann.org>
Subject: Re: [IANA #91363] Compromised DNS backbone providers 
In-Reply-To: <rt-3.5.HEAD-12433-1184352479-730.91363-6-0@icann.org>
Message-ID: <Pine.LNX.4.44.0707152051450.25012-100000@hubble.stokkie.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status: RO
X-Status: 
X-Keywords:                 

On Fri, 13 Jul 2007, Kim Davies via RT wrote:

> Date: Fri, 13 Jul 2007 11:48:00 -0700
> From: Kim Davies via RT <iana-questions@icann.org>
> To: stock@stokkie.net
> Subject: [IANA #91363] Compromised DNS backbone providers 
> 
> Dear Mr Stockmann,
> 
> We received your facsimile transmission dated 29 June 2007 concerning 
> "Compromised DNS backbone providers".
> 
> We reviewed the information you provided and have found no evidence 
> there are any serious issues or problems in what you have provided.
> 
> Your first issue is that a number of domains have "No DNS records 
> active". This is not correct:
> 
> * www.healthfreedomusa.org resolves as an A record to 74.208.10.167
> * www.crystalinks.com resolves as an A record to 82.165.148.74
> * www.newworldorderchat.com resolves as an A record to 74.200.66.7
> * www.lp.org resolves as a CNAME record to lp.org

Ok, well there is indeed a weird thing going on with my own DNS servers :

  "[jackson:root]:(~)# nslookup 
   > www.microsoft.com
   Server:         10.0.18.72
   Address:        10.0.18.72#53

   Non-authoritative answer:
   www.microsoft.com       canonical name = toggle.www.ms.akadns.net.
   toggle.www.ms.akadns.net        canonical name = g.www.ms.akadns.net.
   g.www.ms.akadns.net     canonical name = lb1.www.ms.akadns.net.
   Name:   lb1.www.ms.akadns.net
   Address: 207.46.19.190
   Name:   lb1.www.ms.akadns.net
   Address: 207.46.19.254
   Name:   lb1.www.ms.akadns.net
   Address: 207.46.192.254
   Name:   lb1.www.ms.akadns.net
   Address: 207.46.193.254
   > www.healthfreedomusa.org
   ;; Got SERVFAIL reply from 10.0.18.71, trying next server
   ;; Got SERVFAIL reply from 10.0.18.72, trying next server
   Server:         10.0.18.84
   Address:        10.0.18.84#53

   ** server can't find www.healthfreedomusa.org: SERVFAIL
   > www.crystalinks.com
   ;; Got SERVFAIL reply from 10.0.18.71, trying next server
   ;; Got SERVFAIL reply from 10.0.18.72, trying next server
   Server:         10.0.18.84
   Address:        10.0.18.84#53
   
   ** server can't find www.crystalinks.com: SERVFAIL
   > www.newworldorderchat.com
   ;; Got SERVFAIL reply from 10.0.18.71, trying next server
   ;; Got SERVFAIL reply from 10.0.18.72, trying next server
   Server:         10.0.18.84
   Address:        10.0.18.84#53
   
   ** server can't find www.newworldorderchat.com: SERVFAIL
   > www.lp.org
   ;; Got SERVFAIL reply from 10.0.18.71, trying next server
   ;; Got SERVFAIL reply from 10.0.18.72, trying next server
   Server:         10.0.18.84
   Address:        10.0.18.84#53
   
   ** server can't find www.lp.org: SERVFAIL
   > 
   [jackson:root]:(~)# "

The above results are obtained, when my named.conf has no forwarder
nameservers active. If I activate the forwarders from my ISP inside
named.conf :

        // INTER.NL.NET
        forwarders { 217.149.196.6; 217.149.192.6; };

I get the following results :

  "[jackson:root]:(~)# nslookup 
   > www.healthfreedomusa.org
   Server:         10.0.18.71
   Address:        10.0.18.71#53

   Non-authoritative answer:
   Name:   www.healthfreedomusa.org
   Address: 74.208.10.167
   > www.crystalinks.com
   Server:         10.0.18.71
   Address:        10.0.18.71#53
   
   Non-authoritative answer:
   Name:   www.crystalinks.com
   Address: 82.165.148.74
   > www.newworldorderchat.com
   Server:         10.0.18.71
   Address:        10.0.18.71#53
   
   Non-authoritative answer:
   Name:   www.newworldorderchat.com
   Address: 74.200.66.7
   > www.lp.org
   Server:         10.0.18.71
   Address:        10.0.18.71#53
   
   Non-authoritative answer:
   www.lp.org      canonical name = lp.org.
   Name:   lp.org
   Address: 74.53.96.35
   > 
   [jackson:root]:(~)# "

After consulting with the tech support desk of my ISP, INTER.NL.NET
they assured me that the ip-number of my ADSL connection , 82.215.30.181 ,
has no restrictions imposed of any kind, like those needed
for a DNS name server. This means that higher upstream my ip-number
is somehow blocked from direct DNS access to certain backbone DNS
nameservers.

If you can find out how my ip-number is blocked, you may be able
to prevent future DNS blocking on other nameservers, which may have
a more drastic impact on blocking whole parts on the internet.

> The only address for which we could not resolve a DNS record for was 
> www.mediabypass.com. This is due to SERVFAIL errors with the two 
> authoritative  name servers for the domain, which is a problem with the 
> name server operators  for the domain, not with any "DNS backbone".
> 
> As to your list of WHOIS outputs, we do not see anything wrong with 
> them. We note you have listed WHOIS records for 'host' objects like 
> 'TUCOWS.COM.RESPECTED.BY.WWW.DNDIALOG.COM' as well as for 'domain' 
> objects like 'TUCOWS.COM' -- perhaps that is causing you some 
> confusion. The two are unrelated objects in the database.
> 
> If you have evidence of actual problems with the Internet whereby 
> there are security problems, or any erroneous data -- we will happily 
> research them. However nothing you have provided shows any indication 
> of such problems.
> 
> With kindest regards,
> 
> Kim Davies
> Internet Assigned Numbers Authority
> 

I thank you for your response,
Best Regards,

Robert
-- 
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org  stock@stokkie.net

Normally spoken DNS queries on UDP port 53 to the DNS Root Servers are not blocked, but recently, it seems, times have changed [1][2]. It's a sad situation, where the nasty odor of a staged and orchestrated problem, the fabricated reaction inside 'mainstream IT press' and a MOSSAD desired solution has been forced upon the small ISP's and independent DNS servers. A solution which results in my name.cache zone file failing to directly retrieve information regarding 'certain' domain names. As of Oct 31, 2007, the workaround offered is to 'rely' on the nameserver cache of your upstream ISP's DNS nameservers. This should be enough food for thought about _WHO IS_ creating these weird situations and problems.

[1] "Health of the Domain Name System (DNS Garbage)"
©2002-2007 BIND9.NET.
All rights reserved.
Page last modified on Mon 12 March 2007 03:20:58 CET
http://www.bind9.net/dnshealth

[2] "UPDATE: Lessons learned from Internet root server attack"
By Carolyn Duffy Marsan
, Network World, 02/08/07
http://www.networkworld.com/news/2007/020807-internet-root-server-hack.html

Secure your keyboard











Keyboard JitterBug eavesdropping


Date: Sat, 28 Jul 2007 02:56:06 +0200 (CEST)
From: "Robert M. Stockmann" 
To: stewwebb@sierranv.net, stefangrossmann@t-online.de, 
     too@slingshot.co.nz, wmreditor@waynemadsenreport.com, 
     palast@gregpalast.com, tom@tomflocco.com, skolnick@ameritech.net, 
     henry@savethemales.ca, prophecy@texemarrs.com, 
     smith@iamthewitness.com, eric@iamthewitness.com, 
     captainmay@prodigy.net, tarpley@tarpley.net, 
     takingaim@pacbell.net, webmaster@rense.com, 
     articles@davidicke.com, chamish@netvision.net.il, 
     crescentandcross@gmail.com, tips@infowars.com, 
     cloak.dagger@gmail.com, lennybloom@gmail.com, 
     eric@vaticanassassins.org
Subject: Keyboard JitterBug eavesdropping
Message-ID: 
MIME-Version: 1.0

Hi,

In this vibrant era of getting the truth out, signed, sealed, delivered
and published on the Internet, its important to make sure your
working place, i.e. your workstation is also securely signed and sealed.

I came across the following USENIX article :

"Keyboards and Covert Channels"
 by Gaurav Shah, Andres Molina and Matt Blaze , 2006-05-17
 Department of Computer and Information Science 
 University of Pennsylvania 
http://www.usenix.org/events/sec06/tech/shah/shah_html/jbug-Usenix06.html

In it the authors demonstrate that todays unwarrented wiretapped
NSA activities, normally don't result in much success as serious
internet users routinely apply encryption into their communications,
like IPSec tunneling, ssh, VPN access connections, secure webtraffic
https when i.e. doing Internet banking activities.

However, secret service found a clever approach to all this, by covertly
installing a Keyboard JitterBug into your keyboard :

  "5.1 Architecture 

   Our Keyboard JitterBug is implemented as a hardware interception 
   device that sits between the keyboard and the computer. It is also 
   possible to implement a JitterBug by modifying the keyboard 
   firmware or the internal keyboard circuits, but the 
   bump-in-the-wire implementation lends itself to easy installation 
   on existing keyboards without the need for any major modification. 
   Figure 2 shows the high-level architecture of the Keyboard 
   JitterBug. 

   The Keyboard JitterBug adds timing information to keypresses in the 
   form of small jitters that are unnoticeable to a human operator. If 
   the user is typing in an interactive network application, then each 
   keystroke will be sent in its own network packet. Ignoring the 
   effects of buffering and network delays (the ideal case), the 
   timing of the network packets will mirror closely the times at 
   which the keystroke were received by the keyboard controller on the 
   host. By observing these packet timings, an eavesdropper can 
   reconstruct the original information that was encoded by the 
   Keyboard JitterBug."

There's however a straighforward effective solution to this possibility,
and that is to seal some screws of your keyboard. You must of course
be sure your keyboard has not yet been "JitterBug"-ed yet.

Cheers,

Robert
-- 
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org  stock@stokkie.net


Sender Policy Framework, Censure the Independent?



The Anti Spam Controversy


From: "Robert M. Stockmann" <stock@stokkie.net>
Subject: The libspf/libsrs vs. libspf2/libsrs2 controversy
Date: Wed, 17 Oct 2007 00:23:21 +0200
User-Agent: Pan/0.14.2.91 (As She Crawled Across the Table)
Message-Id: <pan.2007.10.16.22.23.21.827112@stokkie.net>
Newsgroups: comp.os.linux.advocacy
X-Pan-Internal-Post-Server: XS4ALL
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 8bit


Hi,

After i sent the below email to the Developers of libspf , the email
server of Meng Weng Wong from pobox.com responded with a interesting but
also strange error message :

   delivery 29415:
   failure:207.106.133.15_does_not_like_recipient./
   Remote_host_said:_554_<mengwong@pobox.com>:_Recipient_address_rejected:_broadband/
   _returned_deny:_161-98.mxp.dsl.internl.net_looks_like_a_consumer_broadband_machine/
   Giving_up_on_207.106.133.15./

So today anti-spam efforts go as far as to reject email because the
sending email server is using a "consumer_broadband_machine" ip-number. If
that is all what anti-spam is about, then the true agenda of anti-spam
guru's has been exposed : Make email a costly service, censure certain
people's email from the internet using misty anti-spam rules, and in the
end allow the old times rulers to take over the Internet, go back to
pre-Internet ages and resume business as usual.

Date: Wed, 17 Oct 2007 00:04:33 +0200 (CEST)
From: "Robert M. Stockmann" <stock@stokkie.net>
To: root@teddy.ch
cc: Patrick Earl <patearl@patearl.net>, Sean Comeau <scomeau@obscurity.org>, 
    Matthias Ruttmann <ruttmann@bartels.de>, 
    Rob McMahon <Rob.McMahon@warwick.ac.uk>, 
    Meng Weng Wong <mengwong@pobox.com>
Subject: The libspf/libsrs vs. libspf2/libsrs2 controversy
Message-ID: <Pine.LNX.4.44.0710162354420.14634-100000@hubble.stokkie.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status: RO

Hello Dominik Mahrer,

I am a little confused about the SPF/SRS and SPF2/SRS2 competition. 
libspf-1.0.0-RC6/AUTHORS lists the following active developers :

  "Active developers:
   ------------------
  
   James Couzens .......... <jcouzens@codeshare.ca>
   Michael Weiner ......... <mweiner@codeshare.ca>
   Teddy .................. <teddy@codeshare.ca>
   Travis Anderson ........ <tanderson@codeshare.ca>"

I assume you are teddy@codeshare.ca as you support libspf on

	http://www.teddy.ch/libspf/

and started your own company teddy.ch. If that is the case, i have a 
couple of questions for you.  

1. there seems to be some controversy which
   libraries to use :
   libspf or libspf2
   libsrs or libsrs2

2. Do you have a working libsrs (the original James Couzens implementation),
   and also the qmail and sendmail MTA patches for this?

From the FreeBSD ports i downloaded libsrs.0.3.beta.tar.bz2 which 
clearly is designed and written for performance, where the spf2 and 
srs2 crowd clearly is tailored around the Perl::Whatever:Plugin 
culture. For email and a sound MTA server i detest such Perl::XYZ 
solutions.

In fact Larry Wall's Perl is absolutely 100% orthogonal in contradiction 
of what the UNIX Linux philosophy stands for. What the secret agenda is 
behind the zealous promotion of Perl on UNIX/Linux I today have some 
well funded explanations, who clearly point to the objective to 
have the UNIX/Linux platform migrated in a below average platform, both 
in performance and scalability.

Qmail is one of the MTA's out there who still stick to the old diehard 
UNIX philosophy, of building a complex service out of a number of 
separate but fast programs in the C programming language. That's what 
UNIX is : the blinding fast execution of complicated tasks using a 
chain of many small, fast and rock-solid programs. 

From libsrs.3/TODO we read :

  "libsrs v0.3 beta
   (c) 2004 James Couzens <jcouzens@obscurity.org>
  
   TODO:
   - MTA patches
   -- Qmail 99% done
   -- Sendmail 50% done
   -- Exim3 0%
   -- Exim4 0%
   -- Postfix 0%
   -- Courier 0%
   -- Autoconf this library - someone with experience please do this!
      Would be nice to use configure and have it build proper make files
      for BSD/Linux etc..
  
   - OTHER
   -- Get this to compile in solaris "
 
Currently it seems that www.libsrs.org is offline and also
codeshare.ca. Luckily we now have http://libspf.userfriendly.net/.
But still I'm in the dark where the qmail MTA patch for James Couzens
version of libsrs can be downloaded.

I found somewhere on a obscure ftp server this patch : 
qmail-srs-0.3.patch which obviously is to used together with 
libsrs.0.3.beta.tar.bz2 . But when inspecting this patch it seems to 
link with -lsrs2 instead of -lsrs

qmail-srs-0.3.patch :

  "INSTALL INSTRUCTIONS
   
   1) Download and install libsrs2 from http://www.libsrs2.org/download.html

   2) Apply this patch

   tar -xzf /path/to/qmail-1.03.tar.gz
   cd qmail-1.03
   patch -p1 < qmail-srs-0.2.patch "

Then again it seems there's a lot of cash to be made with SPF/SRS as 
besides aol.com now also gmail.com is implementing spf1 records inside 
its DNS. 

I somehow have the impression that the libspf2/libsrs2 crowd is 
seriously trying to eat you guys lunch/diner and mortgage for the house 
with this. And from what i am seeing they are actually are getting away 
with it. This needs to be stopped.

Certainly as James Couzens has been the True pioneer for the SPF DNS 
record anti-spam solution. See the news article collections on 
http://libspf.userfriendly.net/ (***), i.e. [1][2][3][4].

Thanks,
Best Regards,

Yours Sincerely,

Robert M. Stockmann
PS.
[1] "Spoofed From: Prevention"
   Posted by timothy  on Sun Oct 05, 2003 09:18 PM
   http://yro.slashdot.org/article.pl?sid=03/10/06/0044200&mode=thread

[2] "SPF Design Frozen"
   Posted by timothy  on Tue Dec 16, 2003 12:29 AM
   http://developers.slashdot.org/article.pl?sid=03/12/16/0349243&mode=thread

[3] "AOL Now Publishing SPF Records"
   Posted by CowboyNeal  on Fri Jan 09, 2004 05:03 AM
   http://it.slashdot.org/article.pl?sid=04/01/09/0435234&mode=thread

[4] "AOL Tests Sender Permitted From / E-mail Caller ID"
   Posted by timothy  on Sun Jan 25, 2004 10:22 PM
   http://yro.slashdot.org/article.pl?sid=04/01/26/0043227&mode=thread
--
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org  stock@stokkie.net

(***) [1] libspf.org - The Original ANSI C SPF Reference Library
by James Couzens
published and last edited on May 17, 2005
http://crashrecovery.org/internet/libspf.org.html

[2] libspf.org - The Original ANSI C SPF Reference Library
by James Couzens
published and last edited on Nov 9, 2004
http://crashrecovery.org/internet/libspf.org2.html

[3] FTC Email Authentication Summit and Sender ID
Groklaw
Tuesday, November 09 2004 @ 03:16 AM EST
http://www.groklaw.net/article.php?story=20041109031629840

[4] Electronic Commerce in Canada - Task Force on Spam
Industry Canada Site
Created: 2005-06-06, Updated: 2008-02-08
http://www.ic.gc.ca/epic/site/ecic-ceac.nsf/en/h_gv00248e.html

[5] Stopping Spam Creating a Stronger, Safer Internet
Report of the Task Force on Spam
, May 2005
http://www.ic.gc.ca/epic/site/ecic-ceac.nsf/en/h_gv00317e.html
http://crashrecovery.org/internet/stopping_spam_May2005.pdf

[5] Sender Policy Framework: Authorizing Use of Domains in MAIL FROM
draft-lentczner-spf-00
Created: October 12, 2004, Expires: April 12, 2005
http://www.ozonehouse.com/mark/spf/draft-lentczner-spf-00.html

After checking my spam logs, i noticed how a spammer was sending countless emails using jrabbit@mmsrep.com as his from address :


From SRS0=QORU=PV=mmsrep.com=jrabbit@srs.stokkie.net Sat Oct 27 06:35:12 2007
Return-Path: <SRS0=QORU=PV=mmsrep.com=jrabbit@srs.stokkie.net>
Delivered-To: stock@hubble.stokkie.net
Received: (qmail 6889 invoked by alias); 27 Oct 2007 06:35:12 -0000
Delivered-To: anonymous@stokkie.net
Received: (qmail 6565 invoked from network); 27 Oct 2007 06:35:11 -0000
Received: from unknown (HELO mercermc.com) (88.210.54.251)
  by dmz.stokkie.net with SMTP; 27 Oct 2007 06:35:11 -0000
Received-SPF: none (dmz.stokkie.net: domain of jrabbit@mmsrep.com
 does not designate permitted sender hosts)
Return-Path: <Joni@mmsrep.com>
Received: from 208.65.144.13 (HELO mmsrep.com.inbound15.mxlogic.net)
     by stokkie.net with esmtp (VKBMGJBRVQ XPROK)
     id YlTWr3-sTEW2u-R0
     for anonymous@stokkie.net; Sat, 27 Oct 2007 10:35:13 +0400
Message-ID: <fc7301c81863$87554340$ac100b73@Joni>
From: "Joni D. Driscoll" <Joni@mmsrep.com>
To: "Staci Y. Dahl" <anonymous@stokkie.net>
Subject: Our wonder-medicine will make your dick so impressive
Date: Sat, 27 Oct 2007 10:35:13 +0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="----=_NextPart_64625_FCDB_01C81885.0E66E340"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1506
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
X-AntiVirus: scanned for viruses by AMaViS 0.2.4 (ftp://crashrecovery.org/pub/linux/amavis/)
X-AntiVirus: scanned for viruses by AMaViS 0.2.4 (ftp://crashrecovery.org/pub/linux/amavis/)
X-DSPAM-Result: Spam
X-DSPAM-Processed: Sat Oct 27 08:35:14 2007
X-DSPAM-Confidence: 0.9997
X-DSPAM-Probability: 1.0000
X-DSPAM-Signature: 4722dc2169345126716110
X-DSPAM-Factors: 15,
	bed+We, 0.99990,
	style7+font, 0.99990,
	pleasure, 0.99990,
	Subject*medicine, 0.99990,
	Pakistan, 0.99990,
	From*D, 0.99990,
	breaker!, 0.99990,
	a+Rely, 0.99990,
	To*anonymous+stokkie, 0.99990,
	Subject*will, 0.99990,
	color+#FF2F2F, 0.99990,
	bed+span, 0.99990,
	Delivered-To*anonymous+stokkie, 0.99990,
	#2B3235+span, 0.99990,
	xual+reality!, 0.99990
Status: O
X-Status: 
X-Keywords:                  

When checking upon the mmsrep.com website i however found the following notice :

MMSREP.COM Email Hi-Jacked

What's interesting though is that the mmsrep.com domain does not designate SPF1 records inside its DNS, and then of course SPF/SRS enabled email servers never can check if the used ip-address by the hijacker from jrabbit@mmsrep.com was valid or not.

Some claim SPF is a Harmful solution, see links collection at "Criticism of Anti-spam Research", but a simple DNS TXT entry addition to the zone file of mmsrep.com would at least prevent My Email Server to accept spam from jrabbit@mmsrep.com .

The MX records of mmsrep.com seem ok :


   [hubble:stock]:(~)$ nslookup 
   > set type=MX
   > mmsrep.com.
   Server:         10.0.18.72
   Address:        10.0.18.72#53

   Non-authoritative answer:
   mmsrep.com      mail exchanger = 15 mmsrep.com.inbound15.mxlogicmx.net.
   mmsrep.com      mail exchanger = 15 mmsrep.com.inbound15.mxlogic.net.
   
   Authoritative answers can be found from:
   mmsrep.com      nameserver = ns.oneononeinternet.com.
   mmsrep.com      nameserver = ns2.oneononeinternet.com.
   mmsrep.com.inbound15.mxlogic.net        internet address = 208.65.144.13
   mmsrep.com.inbound15.mxlogic.net        internet address = 208.65.144.12
   mmsrep.com.inbound15.mxlogicmx.net      internet address = 208.65.144.12
   mmsrep.com.inbound15.mxlogicmx.net      internet address = 208.65.144.13
   >
   [hubble:stock]:(~)$ 

This jrabbit@mmsrep.com dude seems to know his spam job, as he even inserted a fake Received: from header, see the red part above, and compare this with the real Received: from header in green. In effect SPF/SRS would effectively dismiss and rule out the Email MX intermediairy from Russia with ip-number 88.210.54.251.

The Find Us on Facebook Campaign logo


Facebook Snubs Your E-mail



From MAILER-DAEMON Sun Aug  5 01:07:47 2012
Date: 05 Aug 2012 01:07:47 +0200
From: Mail System Internal Data <MAILER-DAEMON@stokkie.net>
Subject: DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA
X-IMAP: 1344121667 0000000000
Status: RO

This text is part of the internal format of your mail folder, and is not
a real message.  It is created automatically by the mail system software.
If deleted, important folder data will be lost, and it will be re-created
with the data reset to initial values.

From stock@stokkie.net Sun Aug  5 01:03:46 2012 +0200
Date: Sun, 5 Aug 2012 01:03:46 +0200 (CEST)
From: "Robert M. Stockmann" <stock@stokkie.net>
To: tarpley@tarpley.net
cc: stewwebb@stewwebb.com,  <skolnick@ameritech.net>,  <tom2@tomflocco.com>, 
     <too@slingshot.co.nz>,  <timrifat@rvscience.com>, 
     <pseudoskylax@gmail.com>,  <shanktalk@yahoo.com>,  <one_ibl@yahoo.com>, 
     <stefangrossmann@t-online.de>,  <palast@gregpalast.com>, 
     <henry@savethemales.ca>,  <leurenmoret@yahoo.com>,  <rick458@cox.net>, 
     <stangfeedback@gmail.com>,  <smith@iamthewitness.com>, 
     <eric@iamthewitness.com>,  <ognir2@gmail.com>,  <prothink@yahoo.com>, 
     <captainmay@prodigy.net>,  <tarpley@tarpley.net>, 
     <takingaim@pacbell.net>, Max Keiser <keiserreport@rttv.ru>, 
     <OnTheEdge@presstv.com>,  <eirns@larouchepub.com>, 
     <info@larouchepac.com>,  <freeworldalliance@yahoo.com>, 
     <articles@davidicke.com>,  <springmeiermessages@hotmail.com>, 
     <chamish@netvision.net.il>,  <michaelcollinspiper1960@yahoo.com>, 
     <crescentandcross@gmail.com>,  <Tillawi@currentissues.tv>, 
     <tips@infowars.com>,  <wmreditor@waynemadsenreport.com>, 
     <cloak.dagger@gmail.com>, Lenny Bloom <lennybloom@gmail.com>, 
     <eric@vaticanassassins.org>,  <email@spirituallysmart.com>, 
     <deadlinelive@yahoo.com>,  <vyzygothraw@hotmail.com>, 
     <alanwattcuttingthrough@yahoo.com>,  <cartalucci@gmail.com>
Subject: sending email to tarpley.net
Message-ID: <Pine.LNX.4.44.1208050055450.2904-100000@hubble.stokkie.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status: RO
X-Status: 
X-Keywords:                 


Hello Webster,

This must be a total joke :

  [hubble:stock]:(~)$ telnet tarpley.net 25
  Trying 174.120.201.94...
  Connected to tarpley.net (174.120.201.94).
  Escape character is '^]'.
  220-gator1124.hostgator.com ESMTP Exim 4.77 #2 Sat, 04 Aug 2012 17:54:01 -0500
  220-We do not authorize the use of this system to transport unsolicited, 
  220 and/or bulk e-mail.
  helo stokkie.net
  250 gator1124.hostgator.com Hello stokkie.net [82.161.213.135]
  mail from: stock@stokkie.net
  250 OK
  rcpt to: tarpley@tarpley.net
  451 Temporary local problem - please try later
  quit
  221 gator1124.hostgator.com closing connection
  Connection closed by foreign host.
  [hubble:stock]:(~)$ 

Please contact your Exim administrator to fix the email server
configuration in case someone is sending email to you.

Best Regards,

Robert
-- 
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org  stock@stokkie.net


From MAILER-DAEMON Sat Aug 04 23:04:17 2012
Return-Path: <>
Delivered-To: stock@stokkie.net
Received: (qmail 6612 invoked from network); 4 Aug 2012 23:04:17 -0000
Received: from bosmailout07.eigbox.net (66.96.190.7)
  by hubble.stokkie.net with SMTP; 4 Aug 2012 23:04:17 -0000
Received-SPF: none (hubble.stokkie.net: domain of bosmailout07.eigbox.net 
  does not designate permitted sender hosts)
Received: from bosmailscan07.eigbox.net ([10.20.15.7])
	by bosmailout07.eigbox.net with esmtp (Exim)
	id 1SxnNz-0007eo-0J
	for stock@stokkie.net; Sat, 04 Aug 2012 19:03:55 -0400
Received: from exim by bosmailscan07.eigbox.net with local (Exim)
	id 1SxnNy-0006yI-BG
	for stock@stokkie.net; Sat, 04 Aug 2012 19:03:54 -0400
X-Failed-Recipients: tillawi@currentissues.tv
Auto-Submitted: auto-replied
From: Mail Delivery System <Mailer-Daemon@eigbox.net>
To: stock@stokkie.net
Subject: Mail delivery failed: returning message to sender
Message-Id: <E1SxnNy-0006yI-BG@bosmailscan07.eigbox.net>
Date: Sat, 04 Aug 2012 19:03:54 -0400
X-AntiVirus: scanned for viruses by AMaViS 0.2.4 ClamAV 0.97.3/15218/Sat 
   Aug  4 21:50:33 2012 (http://crashrecovery.org/amavis.html)
Status: RO
X-Status: 
X-Keywords:                 

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  tillawi@currentissues.tv
    mailbox is full: retry timeout exceeded

------ This is a copy of the message's headers. ------

Return-path: <stock@stokkie.net>
Received: from bosimpinc01.eigbox.net ([10.20.13.1])
	by bosmailscan07.eigbox.net with esmtp (Exim)
	id 1SxnNw-0005Kg-VA
	for tillawi@currentissues.tv; Sat, 04 Aug 2012 19:03:52 -0400
Received: from stokkie.net ([82.161.213.135])
	by bosimpinc01.eigbox.net with NO UCE
	id in3s1j00N2vqad609n3sl8; Sat, 04 Aug 2012 19:03:53 -0400
X-EN-OrigIP: 82.161.213.135
X-EN-IMPSID: in3s1j00N2vqad609n3sl8
Received: (qmail 2945 invoked by uid 500); 4 Aug 2012 23:03:46 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 4 Aug 2012 23:03:46 -0000
Received-SPF: pass (localhost: domain of stock@stokkie.net designates 127.0.0.1
  as permitted sender) receiver=localhost; client_ip=127.0.0.1; 
  envelope-from=stock@stokkie.net;
Date: Sun, 5 Aug 2012 01:03:46 +0200 (CEST)
From: "Robert M. Stockmann" <stock@stokkie.net>
To: tarpley@tarpley.net
cc: stewwebb@stewwebb.com,  <skolnick@ameritech.net>,  <tom2@tomflocco.com>, 
     <too@slingshot.co.nz>,  <timrifat@rvscience.com>, 
     <pseudoskylax@gmail.com>,  <shanktalk@yahoo.com>,  <one_ibl@yahoo.com>, 
     <stefangrossmann@t-online.de>,  <palast@gregpalast.com>, 
     <henry@savethemales.ca>,  <leurenmoret@yahoo.com>,  <rick458@cox.net>, 
     <stangfeedback@gmail.com>,  <smith@iamthewitness.com>, 
     <eric@iamthewitness.com>,  <ognir2@gmail.com>,  <prothink@yahoo.com>, 
     <captainmay@prodigy.net>,  <tarpley@tarpley.net>, 
     <takingaim@pacbell.net>, Max Keiser <keiserreport@rttv.ru>, 
     <OnTheEdge@presstv.com>,  <eirns@larouchepub.com>, 
     <info@larouchepac.com>,  <freeworldalliance@yahoo.com>, 
     <articles@davidicke.com>,  <springmeiermessages@hotmail.com>, 
     <chamish@netvision.net.il>,  <michaelcollinspiper1960@yahoo.com>, 
     <crescentandcross@gmail.com>,  <Tillawi@currentissues.tv>, 
     <tips@infowars.com>,  <wmreditor@waynemadsenreport.com>, 
     <cloak.dagger@gmail.com>, Lenny Bloom <lennybloom@gmail.com>, 
     <eric@vaticanassassins.org>,  <email@spirituallysmart.com>, 
     <deadlinelive@yahoo.com>,  <vyzygothraw@hotmail.com>, 
     <alanwattcuttingthrough@yahoo.com>,  <cartalucci@gmail.com>
Subject: sending email to tarpley.net
Message-ID: <Pine.LNX.4.44.1208050055450.2904-100000@hubble.stokkie.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-AntiVirus: scanned for viruses by AMaViS 0.2.4 ClamAV 0.97.3/15218/Sat 
   Aug  4 21:50:33 2012 (http://crashrecovery.org/amavis.html)
X-EN-Class: impinc

From MAILER-DAEMON Sat Aug 04 23:04:24 2012
Return-Path: <>
Delivered-To: stock@stokkie.net
Received: (qmail 6712 invoked from network); 4 Aug 2012 23:04:24 -0000
Received: from smtpout001-bnc.ash2.facebook.com (HELO smtpin.mx.facebook.com) (66.220.157.24)
  by hubble.stokkie.net with SMTP; 4 Aug 2012 23:04:24 -0000
Received-SPF: none (hubble.stokkie.net: domain of smtpin.mx.facebook.com does 
  not designate permitted sender hosts)
Return-Path: <>
Message-ID: <27.BA.28430.26AAD105@smtpin.mx.facebook.com>
From: Facebook <mailer-daemon@mx.facebook.com>
To: stock@stokkie.net
Subject: Sorry, your message could not be delivered
Date: Sat, 04 Aug 2012 16:04:02 -0700
Content-Type: multipart/report; report-type=delivery-status;
 boundary="7S+GzeMGPlHubG3Q6ZwrI88X0sPCgcszKBmCDg=="
X-AntiVirus: scanned for viruses by AMaViS 0.2.4 ClamAV 0.97.3/15218/Sat 
  Aug  4 21:50:33 2012 (http://crashrecovery.org/amavis.html)
Status: RO
X-Status: 
X-Keywords:                 

--7S+GzeMGPlHubG3Q6ZwrI88X0sPCgcszKBmCDg==
Content-Type: text/plain; charset=UTF-8

This message was created automatically by Facebook.

Based on the email preferences of the person you're trying to email, this 
message could not be delivered.

--7S+GzeMGPlHubG3Q6ZwrI88X0sPCgcszKBmCDg==
Content-Type: message/delivery-status

Reporting-MTA: dns; 10.138.205.193
Arrival-Date: Sat, 04 Aug 2012 16:04:01 -0700

Last-Attempt-Date: Sat, 04 Aug 2012 16:04:32 -0700
Action: failed
Diagnostic-Code: smtp; 550 5.1.1 RCP-P2 
  http://postmaster.facebook.com/response_codes?ip=184.170.143.155#rcp 
  Refused due to recipient preferences
Final-Recipient: rfc822; tlthe5th@facebook.com
Status: 5.1.1

--7S+GzeMGPlHubG3Q6ZwrI88X0sPCgcszKBmCDg==
Content-Type: text/plain; charset=UTF-8
Content-Disposition: inline


Hello Webster,

This must be a total joke :

  [hubble:stock]:(~)$ telnet tarpley.net 25
  Trying 174.120.201.94...
  Connected to tarpley.net (174.120.201.94).
  Escape character is '^]'.
  220-gator1124.hostgator.com ESMTP Exim 4.77 #2 Sat, 04 Aug 2012 17:54:01 -0500
  220-We do not authorize the use of this system to transport unsolicited, 
  220 and/or bulk e-mail.
  helo stokkie.net
  250 gator1124.hostgator.com Hello stokkie.net [82.161.213.135]
  mail from: stock@stokkie.net
  250 OK
  rcpt to: tarpley@tarpley.net
  451 Temporary local problem - please try later
  quit
  221 gator1124.hostgator.com closing connection
  Connection closed by foreign host.
  [hubble:stock]:(~)$ 

Please contact your Exim administrator to fix the email server
configuration in case someone is sending email to you.

Best Regards,

Robert
-- 
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org  stock@stokkie.net

--7S+GzeMGPlHubG3Q6ZwrI88X0sPCgcszKBmCDg==--

The enforced Firefox 3.6 'Upgrade'






















Firefox first-run page tracking



From stock@stokkie.net Sat Mar  3 14:56:21 2012 +0100
Date: Sat, 3 Mar 2012 14:56:21 +0100 (CET)
From: "Robert M. Stockmann" <stock@stokkie.net>
To: dmcanotice@mozilla.com,  <credits@mozilla.org>,  <webmaster@mozilla.org>, 
     <trademarks@mozilla.org>,  <licensing@mozilla.org>
cc: stewwebb@stewwebb.com,  <skolnick@ameritech.net>,  <tom2@tomflocco.com>, 
     <too@slingshot.co.nz>,  <timrifat@rvscience.com>, 
     <pseudoskylax@gmail.com>,  <shanktalk@yahoo.com>,  <one_ibl@yahoo.com>, 
     <stefangrossmann@t-online.de>,  <palast@gregpalast.com>, 
     <henry@savethemales.ca>,  <leurenmoret@yahoo.com>,  <rick458@cox.net>, 
     <stangfeedback@gmail.com>,  <smith@iamthewitness.com>, 
     <eric@iamthewitness.com>,  <ognir2@gmail.com>,  <prothink@yahoo.com>, 
     <captainmay@prodigy.net>,  <tarpley@tarpley.net>, 
     <takingaim@pacbell.net>, Max Keiser <keiserreport@rttv.ru>, 
     <OnTheEdge@presstv.com>,  <eirns@larouchepub.com>, 
     <info@larouchepac.com>,  <freeworldalliance@yahoo.com>, 
     <articles@davidicke.com>,  <springmeiermessages@hotmail.com>, 
     <chamish@netvision.net.il>,  <michaelcollinspiper1960@yahoo.com>, 
     <crescentandcross@gmail.com>,  <Tillawi@currentissues.tv>, 
     <tips@infowars.com>,  <wmreditor@waynemadsenreport.com>, 
     <cloak.dagger@gmail.com>, Lenny Bloom <lennybloom@gmail.com>, 
     <eric@vaticanassassins.org>,  <email@spirituallysmart.com>, 
     <deadlinelive@yahoo.com>,  <vyzygothraw@hotmail.com>, 
     <alanwattcuttingthrough@yahoo.com>,  <cartalucci@gmail.com>, 
     <curtcrosby@gmail.com>,  <webmaster@rense.com>, 
    Micha Kat <drsmkat@yahoo.com>, Micha Kat <michaombudsman@gmail.com>, 
    "Fred N. van Kempen" <fred.van.kempen@microwalt.nl>,  <ohb@hardebol.nl>, 
    "Dasia, Stephan" <stephan.dasia@capgemini.com>,  <arend@argusoog.org>, 
    JDTV Producties <jdtvproducties@live.nl>,  <anton@niburu.nl>, 
     <sdn@planet.nl>,  <mr.drs.bou@planet.nl>,  <rudy.hannah@planet.nl>, 
     <freespirit01@planet.nl>,  <andrevergeer@ziggo.nl>
Subject: Questionable conduct with Firefox first-run page
Message-ID: <Pine.LNX.4.44.1203031409220.31051-100000@hubble.stokkie.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status: RO
X-Status: 
X-Keywords:                                                   
X-UID: 2
Content-Length: 3290


Dear Sir/Madam, 

Whenever firing up a mozilla firefox edition, on my ubuntu Linux 
laptop, which has no Cache directory and files yet, the browser will 
redirect itself to a start-up page :

   http://www.mozilla.org/en-US/projects/firefox/3.6.23/firstrun/

where i use firefox v.3.6.23 . I personally want to run with v.3.6.23.  
Now your most favorable one-liner will most probably be "please upgrade 
to firefox 10", but i don't want that. What next happens is that a 
$HOME/.mozilla/firefox/profiles.ini file is generated which shows the 
following content :

   [acer20:stock]:(~/.mozilla/firefox)$ ll
   total 20
   drwx------ 4 stock stock 4096 Mar  3 14:17 ./
   drwx------ 4 stock stock 4096 Mar  3 13:54 ../
   drwx------ 6 stock stock 4096 Mar  3 14:11 76htm1qh.default/
   drwx------ 2 stock stock 4096 Mar  3 13:54 Crash Reports/
   -rw-r--r-- 1 stock stock   94 Mar  3 14:04 profiles.ini
   [acer20:stock]:(~/.mozilla/firefox)$
   
   [acer20:stock]:(~/.mozilla/firefox)$ cat profiles.ini 
   [General]
   StartWithLastProfile=1
   
   [Profile0]
   Name=default
   IsRelative=1
   Path=76htm1qh.default
   
   [acer20:stock]:(~/.mozilla/firefox)$

So any intrusive 3rd party software add-on , wherever it may interface, 
can blindly read $HOME/.mozilla/firefox/profiles.ini and locate the 
rest of the Cache directory :

   $HOME/.mozilla/firefox/76htm1qh.default

The strange thing is that when i remove $HOME/.mozilla/firefox/profiles.ini
a restart of the firefox browser leads me again to the start-up page
http://www.mozilla.org/en-US/projects/firefox/3.6.23/firstrun/
and a new cache and profile directory is created with a subsequently
updated $HOME/.mozilla/firefox/profiles.ini  :

   [acer20:stock]:(~/.mozilla/firefox)$ rm profiles.ini
   
After Firefox is restarted ....

   [acer20:stock]:(~/.mozilla/firefox)$ ll
   total 24
   drwx------ 5 stock stock 4096 Mar  3 14:17 ./
   drwx------ 4 stock stock 4096 Mar  3 13:54 ../
   drwx------ 7 stock stock 4096 Mar  3 14:17 76htm1qh.default/
   drwx------ 2 stock stock 4096 Mar  3 13:54 Crash Reports/
   -rw-r--r-- 1 stock stock   94 Mar  3 14:17 profiles.ini
   drwx------ 6 stock stock 4096 Mar  3 14:18 ya5zfcob.default/
   [acer20:stock]:(~/.mozilla/firefox)$ 
   [acer20:stock]:(~/.mozilla/firefox)$ cat profiles.ini 
   [General]
   StartWithLastProfile=1

   [Profile0]
   Name=default
   IsRelative=1
   Path=ya5zfcob.default
   
   [acer20:stock]:(~/.mozilla/firefox)$ 

So not only do the Boys and Girls of the Mozilla Firefix start-up
department warn the user that he/she is running a 'oldie' version of firefox,
they also keep a database, where all the details of the users cache
directory are stored, as real-time data at mozilla.org, which then in
turn can be used to convert their warning into a hard-fact reality Trojan
intrusion.
This should not be the case, ever. Now we all witnessed what happened 
when GoDaddy decided to pro-actively support SOPA and block its 
customers domains DNS. Please be warned that Mozilla Firefox could be 
affected with the same fate, when above described practices remain
unanswered by mozilla.com or mozilla.org.

Yours Sincerely,

Robert M. Stockmann
-- 
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org  stock@stokkie.net

From gerv@mozilla.org Mon Mar 05 10:24:04 2012
Return-Path: <gerv@mozilla.org>
Delivered-To: stock@stokkie.net
Received: (qmail 14626 invoked from network); 5 Mar 2012 10:24:04 -0000
Received: from dm-mail03.mozilla.org (63.245.208.213)
  by hubble.stokkie.net with SMTP; 5 Mar 2012 10:24:04 -0000
Received-SPF: none (hubble.stokkie.net: domain of gerv@mozilla.org does not designate permitted sender hosts)
Received: from [192.168.0.101] (93.243.187.81.in-addr.arpa [81.187.243.93])
	(Authenticated sender: gerv@mozilla.org)
	by dm-mail03.mozilla.org (Postfix) with ESMTP id 876904AED9F;
	Mon,  5 Mar 2012 02:23:22 -0800 (PST)
Message-ID: <4F549418.9030006@mozilla.org>
Date: Mon, 05 Mar 2012 10:23:20 +0000
From: Gervase Markham <gerv@mozilla.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0) Gecko/20120118 Thunderbird/10.0
MIME-Version: 1.0
To: "Robert M. Stockmann" <stock@stokkie.net>
CC: dmcanotice@mozilla.com, credits@mozilla.org, webmaster@mozilla.org, 
 trademarks@mozilla.org, licensing@mozilla.org, stewwebb@stewwebb.com, 
 skolnick@ameritech.net, tom2@tomflocco.com, too@slingshot.co.nz, 
 timrifat@rvscience.com, pseudoskylax@gmail.com, shanktalk@yahoo.com, 
 one_ibl@yahoo.com, stefangrossmann@t-online.de, palast@gregpalast.com, 
 henry@savethemales.ca, leurenmoret@yahoo.com, rick458@cox.net, 
 stangfeedback@gmail.com, smith@iamthewitness.com, 
 eric@iamthewitness.com, ognir2@gmail.com, prothink@yahoo.com, 
 captainmay@prodigy.net, tarpley@tarpley.net, takingaim@pacbell.net, 
 Max Keiser <keiserreport@rttv.ru>,
 OnTheEdge@presstv.com, eirns@larouchepub.com, info@larouchepac.com, 
 freeworldalliance@yahoo.com, articles@davidicke.com, 
 springmeiermessages@hotmail.com, chamish@netvision.net.il, 
 michaelcollinspiper1960@yahoo.com, crescentandcross@gmail.com, 
 Tillawi@currentissues.tv, tips@infowars.com, 
 wmreditor@waynemadsenreport.com, cloak.dagger@gmail.com, 
 Lenny Bloom <lennybloom@gmail.com>,
 eric@vaticanassassins.org, email@spirituallysmart.com, 
 deadlinelive@yahoo.com, vyzygothraw@hotmail.com, 
 alanwattcuttingthrough@yahoo.com, cartalucci@gmail.com, 
 curtcrosby@gmail.com, webmaster@rense.com, Micha Kat <drsmkat@yahoo.com>, 
 Micha Kat <michaombudsman@gmail.com>,
 "Fred N. van Kempen" <fred.van.kempen@microwalt.nl>, ohb@hardebol.nl, 
 "Dasia, Stephan" <stephan.dasia@capgemini.com>,
 arend@argusoog.org, JDTV Producties <jdtvproducties@live.nl>, 
 anton@niburu.nl, sdn@planet.nl, mr.drs.bou@planet.nl, 
 rudy.hannah@planet.nl, freespirit01@planet.nl, andrevergeer@ziggo.nl
Subject: Re: Questionable conduct with Firefox first-run page
References: <Pine.LNX.4.44.1203031409220.31051-100000@hubble.stokkie.net>
In-Reply-To: <Pine.LNX.4.44.1203031409220.31051-100000@hubble.stokkie.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-AntiVirus: scanned for viruses by AMaViS 0.2.4 ClamAV 0.97.3/14584/Mon Mar  5 10:34:35 2012 (http://crashrecovery.org/amavis.html)
Status: RO
X-Status: A
X-Keywords:                                                   
X-UID: 3
Content-Length: 2026

Hi Robert,

I'm afraid you have misunderstood a few things.

On 03/03/12 13:56, Robert M. Stockmann wrote:
> So any intrusive 3rd party software add-on , wherever it may interface, 
> can blindly read $HOME/.mozilla/firefox/profiles.ini and locate the 
> rest of the Cache directory :
> 
>    $HOME/.mozilla/firefox/76htm1qh.default

If software can read your profiles.ini, it can almost certainly just
look inside $HOME/.mozilla/firefox/ and find the name of the profile
directory that way. The profile directory name is randomized to mitigate
limited privilege attacks, not full privilege attacks.

(Note that this directory is your entire user profile - bookmarks,
passwords, form filling information etc., not just the cache.)

> The strange thing is that when i remove $HOME/.mozilla/firefox/profiles.ini
> a restart of the firefox browser leads me again to the start-up page
> http://www.mozilla.org/en-US/projects/firefox/3.6.23/firstrun/
> and a new cache and profile directory is created with a subsequently
> updated $HOME/.mozilla/firefox/profiles.ini  :

Why is this strange? If you delete your profiles.ini, Firefox can no
longer find your profile - so it assumes you have just installed the
browser, creates a new one, and takes you to the First Run page. Which
is exactly what you document happens.

> So not only do the Boys and Girls of the Mozilla Firefix start-up
> department warn the user that he/she is running a 'oldie' version of firefox,

Yes... nothing wrong with that, is there?

> they also keep a database, where all the details of the users cache
> directory are stored, as real-time data at mozilla.org, which then in
> turn can be used to convert their warning into a hard-fact reality Trojan
> intrusion.

I don't fully understand that point, but insofar as I do, it's entirely
wrong, and does not follow at all from the things you have described.

There is no mozilla.org-hosted central database of the profile directory
names of users. Why on earth would we want or need such a thing?

Gerv

From stock@stokkie.net Mon Mar  5 12:44:46 2012 +0100
Date: Mon, 5 Mar 2012 12:44:46 +0100 (CET)
From: "Robert M. Stockmann" <stock@stokkie.net>
To: Gervase Markham <gerv@mozilla.org>
cc: dmcanotice@mozilla.com,  <credits@mozilla.org>,  <webmaster@mozilla.org>, 
     <trademarks@mozilla.org>,  <licensing@mozilla.org>, 
     <stewwebb@stewwebb.com>,  <skolnick@ameritech.net>,  <tom2@tomflocco.com>, 
     <too@slingshot.co.nz>,  <timrifat@rvscience.com>, 
     <pseudoskylax@gmail.com>,  <shanktalk@yahoo.com>,  <one_ibl@yahoo.com>, 
     <stefangrossmann@t-online.de>,  <palast@gregpalast.com>, 
     <henry@savethemales.ca>,  <leurenmoret@yahoo.com>,  <rick458@cox.net>, 
     <stangfeedback@gmail.com>,  <smith@iamthewitness.com>, 
     <eric@iamthewitness.com>,  <ognir2@gmail.com>,  <prothink@yahoo.com>, 
     <captainmay@prodigy.net>,  <tarpley@tarpley.net>, 
     <takingaim@pacbell.net>, Max Keiser <keiserreport@rttv.ru>, 
     <OnTheEdge@presstv.com>,  <eirns@larouchepub.com>, 
     <info@larouchepac.com>,  <freeworldalliance@yahoo.com>, 
     <articles@davidicke.com>,  <springmeiermessages@hotmail.com>, 
     <chamish@netvision.net.il>,  <michaelcollinspiper1960@yahoo.com>, 
     <crescentandcross@gmail.com>,  <Tillawi@currentissues.tv>, 
     <tips@infowars.com>,  <wmreditor@waynemadsenreport.com>, 
     <cloak.dagger@gmail.com>, Lenny Bloom <lennybloom@gmail.com>, 
     <eric@vaticanassassins.org>,  <email@spirituallysmart.com>, 
     <deadlinelive@yahoo.com>,  <vyzygothraw@hotmail.com>, 
     <alanwattcuttingthrough@yahoo.com>,  <cartalucci@gmail.com>, 
     <curtcrosby@gmail.com>,  <webmaster@rense.com>, 
    Micha Kat <drsmkat@yahoo.com>, Micha Kat <michaombudsman@gmail.com>, 
    "Fred N. van Kempen" <fred.van.kempen@microwalt.nl>,  <ohb@hardebol.nl>, 
    "Dasia, Stephan" <stephan.dasia@capgemini.com>,  <arend@argusoog.org>, 
    JDTV Producties <jdtvproducties@live.nl>,  <anton@niburu.nl>, 
     <sdn@planet.nl>,  <mr.drs.bou@planet.nl>,  <rudy.hannah@planet.nl>, 
     <freespirit01@planet.nl>,  <andrevergeer@ziggo.nl>
Subject: Re: Questionable conduct with Firefox first-run page
In-Reply-To: <4F549418.9030006@mozilla.org>
Message-ID: <Pine.LNX.4.44.1203051242550.564-100000@hubble.stokkie.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status: RO
X-Status: 
X-Keywords:                                                   
X-UID: 1
Content-Length: 4349

On Mon, 5 Mar 2012, Gervase Markham wrote:

> Date: Mon, 05 Mar 2012 10:23:20 +0000
> From: Gervase Markham <gerv@mozilla.org>
> To: Robert M. Stockmann <stock@stokkie.net>
> Cc: dmcanotice@mozilla.com, credits@mozilla.org, webmaster@mozilla.org,
>      trademarks@mozilla.org, licensing@mozilla.org, stewwebb@stewwebb.com,
>      skolnick@ameritech.net, tom2@tomflocco.com, too@slingshot.co.nz,
>      timrifat@rvscience.com, pseudoskylax@gmail.com, shanktalk@yahoo.com,
>      one_ibl@yahoo.com, stefangrossmann@t-online.de, palast@gregpalast.com,
>      henry@savethemales.ca, leurenmoret@yahoo.com, rick458@cox.net,
>      stangfeedback@gmail.com, smith@iamthewitness.com, eric@iamthewitness.com,
>      ognir2@gmail.com, prothink@yahoo.com, captainmay@prodigy.net,
>      tarpley@tarpley.net, takingaim@pacbell.net,
>      Max Keiser <keiserreport@rttv.ru>, OnTheEdge@presstv.com,
>      eirns@larouchepub.com, info@larouchepac.com, freeworldalliance@yahoo.com,
>      articles@davidicke.com, springmeiermessages@hotmail.com,
>      chamish@netvision.net.il, michaelcollinspiper1960@yahoo.com,
>      crescentandcross@gmail.com, Tillawi@currentissues.tv, tips@infowars.com,
>      wmreditor@waynemadsenreport.com, cloak.dagger@gmail.com,
>      Lenny Bloom <lennybloom@gmail.com>, eric@vaticanassassins.org,
>      email@spirituallysmart.com, deadlinelive@yahoo.com,
>      vyzygothraw@hotmail.com, alanwattcuttingthrough@yahoo.com,
>      cartalucci@gmail.com, curtcrosby@gmail.com, webmaster@rense.com,
>      Micha Kat <drsmkat@yahoo.com>, Micha Kat <michaombudsman@gmail.com>,
>      Fred N. van Kempen <fred.van.kempen@microwalt.nl>, ohb@hardebol.nl,
>      "Dasia, Stephan" <stephan.dasia@capgemini.com>, arend@argusoog.org,
>      JDTV Producties <jdtvproducties@live.nl>, anton@niburu.nl, sdn@planet.nl,
>      mr.drs.bou@planet.nl, rudy.hannah@planet.nl, freespirit01@planet.nl,
>      andrevergeer@ziggo.nl
> Subject: Re: Questionable conduct with Firefox first-run page
> 
> Hi Robert,
> 
> I'm afraid you have misunderstood a few things.
> 
> On 03/03/12 13:56, Robert M. Stockmann wrote:
> > So any intrusive 3rd party software add-on , wherever it may interface, 
> > can blindly read $HOME/.mozilla/firefox/profiles.ini and locate the 
> > rest of the Cache directory :
> > 
> >    $HOME/.mozilla/firefox/76htm1qh.default
> 
> If software can read your profiles.ini, it can almost certainly just
> look inside $HOME/.mozilla/firefox/ and find the name of the profile
> directory that way. The profile directory name is randomized to mitigate
> limited privilege attacks, not full privilege attacks.
> 
> (Note that this directory is your entire user profile - bookmarks,
> passwords, form filling information etc., not just the cache.)
> 
> > The strange thing is that when i remove $HOME/.mozilla/firefox/profiles.ini
> > a restart of the firefox browser leads me again to the start-up page
> > http://www.mozilla.org/en-US/projects/firefox/3.6.23/firstrun/
> > and a new cache and profile directory is created with a subsequently
> > updated $HOME/.mozilla/firefox/profiles.ini  :
> 
> Why is this strange? If you delete your profiles.ini, Firefox can no
> longer find your profile - so it assumes you have just installed the
> browser, creates a new one, and takes you to the First Run page. Which
> is exactly what you document happens.
> 
> > So not only do the Boys and Girls of the Mozilla Firefix start-up
> > department warn the user that he/she is running a 'oldie' version of firefox,
> 
> Yes... nothing wrong with that, is there?
> 
> > they also keep a database, where all the details of the users cache
> > directory are stored, as real-time data at mozilla.org, which then in
> > turn can be used to convert their warning into a hard-fact reality Trojan
> > intrusion.
> 
> I don't fully understand that point, but insofar as I do, it's entirely
> wrong, and does not follow at all from the things you have described.
> 
> There is no mozilla.org-hosted central database of the profile directory
> names of users. Why on earth would we want or need such a thing?

So why are we enforced to visit a mozilla start-up page in the first
place? is there an option inside firefox to switch this off ?

Robert
-- 
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org  stock@stokkie.net

From gerv@mozilla.org Mon Mar 05 12:09:40 2012
Return-Path: <gerv@mozilla.org>
Delivered-To: stock@stokkie.net
Received: (qmail 12518 invoked from network); 5 Mar 2012 12:09:40 -0000
Received: from dm-mail03.mozilla.org (63.245.208.213)
  by hubble.stokkie.net with SMTP; 5 Mar 2012 12:09:40 -0000
Received-SPF: none (hubble.stokkie.net: domain of gerv@mozilla.org does not designate permitted sender hosts)
Received: from [192.168.0.101] (93.243.187.81.in-addr.arpa [81.187.243.93])
	(Authenticated sender: gerv@mozilla.org)
	by dm-mail03.mozilla.org (Postfix) with ESMTP id 9F3384AEE21;
	Mon,  5 Mar 2012 04:09:01 -0800 (PST)
Message-ID: <4F54ACDB.5010103@mozilla.org>
Date: Mon, 05 Mar 2012 12:08:59 +0000
From: Gervase Markham <gerv@mozilla.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0) Gecko/20120118 Thunderbird/10.0
MIME-Version: 1.0
To: "Robert M. Stockmann" <stock@stokkie.net>
CC: stewwebb@stewwebb.com, skolnick@ameritech.net, tom2@tomflocco.com, 
 too@slingshot.co.nz, timrifat@rvscience.com, pseudoskylax@gmail.com, 
 shanktalk@yahoo.com, one_ibl@yahoo.com, stefangrossmann@t-online.de, 
 palast@gregpalast.com, henry@savethemales.ca, leurenmoret@yahoo.com, 
 rick458@cox.net, stangfeedback@gmail.com, smith@iamthewitness.com, 
 eric@iamthewitness.com, ognir2@gmail.com, prothink@yahoo.com, 
 captainmay@prodigy.net, tarpley@tarpley.net, takingaim@pacbell.net, 
 Max Keiser <keiserreport@rttv.ru>,
 OnTheEdge@presstv.com, eirns@larouchepub.com, info@larouchepac.com, 
 freeworldalliance@yahoo.com, articles@davidicke.com, 
 springmeiermessages@hotmail.com, chamish@netvision.net.il, 
 michaelcollinspiper1960@yahoo.com, crescentandcross@gmail.com, 
 Tillawi@currentissues.tv, tips@infowars.com, 
 wmreditor@waynemadsenreport.com, cloak.dagger@gmail.com, 
 Lenny Bloom <lennybloom@gmail.com>,
 eric@vaticanassassins.org, email@spirituallysmart.com, 
 deadlinelive@yahoo.com, vyzygothraw@hotmail.com, 
 alanwattcuttingthrough@yahoo.com, cartalucci@gmail.com, 
 curtcrosby@gmail.com, webmaster@rense.com, Micha Kat <drsmkat@yahoo.com>, 
 Micha Kat <michaombudsman@gmail.com>,
 "Fred N. van Kempen" <fred.van.kempen@microwalt.nl>, ohb@hardebol.nl, 
 "Dasia, Stephan" <stephan.dasia@capgemini.com>,
 arend@argusoog.org, JDTV Producties <jdtvproducties@live.nl>, 
 anton@niburu.nl, sdn@planet.nl, mr.drs.bou@planet.nl, 
 rudy.hannah@planet.nl, freespirit01@planet.nl, andrevergeer@ziggo.nl
Subject: Re: Questionable conduct with Firefox first-run page
References: <Pine.LNX.4.44.1203051242550.564-100000@hubble.stokkie.net>
In-Reply-To: <Pine.LNX.4.44.1203051242550.564-100000@hubble.stokkie.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-AntiVirus: scanned for viruses by AMaViS 0.2.4 ClamAV 0.97.3/14584/Mon Mar  5 10:34:35 2012 (http://crashrecovery.org/amavis.html)
Status: RO
X-Status: 
X-Keywords:                                                   
X-UID: 4

On 05/03/12 11:44, Robert M. Stockmann wrote:
> So why are we enforced to visit a mozilla start-up page in the first
> place? is there an option inside firefox to switch this off ?

Yes, I believe so, as a little Googling would reveal. Set the
about:config preference "browser.startup.homepage_override.mstone" to
the string value "ignore".

Gerv


references :

total 6272
drwxr-xr-x    1 crashrec klant          32 May  4  2008 [DIR] tcptraceroute/
-rw-r--r--    1 crashrec klant       19014 Oct 17  2007 libsrs.0.3.beta.tar.bz2
-rw-r--r--    1 crashrec klant        1522 Jul  4 00:47 MD5SUM
-rw-r--r--    1 crashrec klant       25428 Oct 17  2007 qmail-srs-0.3.patch
-rw-r--r--    1 crashrec klant     1633256 Jun 18  2008 stopping_spam_May2005.pdf
-r--r--r--    1 crashrec klant      120432 Jun 29  2007 whois-4.7.13-1mdk.i586.rpm
-r--r--r--    1 crashrec klant       57469 Jun 29  2007 whois-4.7.13-1mdk.src.rpm
-r--r--r--    1 crashrec klant      122911 Jun 29  2007 whois-4.7.13-1mdk.x86_64.rpm
-rw-r--r--    1 crashrec klant      120923 Jan 18  2008 whois-4.7.13-2mdk.i586.rpm
-rw-r--r--    1 crashrec klant       64179 Jan 18  2008 whois-4.7.13-2mdk.src.rpm
-rw-r--r--    1 crashrec klant      123625 Jan 18  2008 whois-4.7.13-2mdk.x86_64.rpm
-rw-r--r--    1 crashrec klant      121729 Jan 23  2009 whois-4.7.13-3mdk.i586.rpm
-rw-r--r--    1 crashrec klant       64349 Jan 23  2009 whois-4.7.13-3mdk.src.rpm
-rw-r--r--    1 crashrec klant      124483 Jan 23  2009 whois-4.7.13-3mdk.x86_64.rpm
-rw-r--r--    1 crashrec klant       59582 Jan 23  2009 whois_4.7.13-Dec08.tar.gz
-rw-r--r--    1 crashrec klant       59651 Jul 29  2007 whois_4.7.13-Jul07.tar.gz
-r--r--r--    1 crashrec klant       52951 Jun 29  2007 whois_4.7.13.tar.bz2
-r--r--r--    1 crashrec klant       59490 Jun 29  2007 whois_4.7.13.tar.gz
-rw-r--r--    1 crashrec klant       88747 Jul  4 00:31 whois-5.0.11-2mdk.src.rpm
-rw-r--r--    1 crashrec klant       58680 Jul  4 00:31 whois-5.0.11-2mdk.x86_64.rpm
-r--r--r--    1 crashrec klant      486037 Jun 29  2007 whois.exe
-r-xr-xr-x    1 crashrec klant      298838 Jun 29  2007 whois.sco506.coff.bin
-r-xr-xr-x    1 crashrec klant       42980 Jun 29  2007 whois.sco506.dynamic.bin
-r-xr-xr-x    1 crashrec klant      274128 Jun 29  2007 whois.sco506.static.bin
-r-xr-xr-x    1 crashrec klant       34764 Jun 29  2007 whois.sco600.dynamic.bin
-r-xr-xr-x    1 crashrec klant       35744 Jun 29  2007 whois.sol8.dynamic.bin
-r-xr-xr-x    1 crashrec klant      791792 Jun 29  2007 whois.tru64.coff.bin
-r-xr-xr-x    1 crashrec klant       65024 Jun 29  2007 whois.tru64.dynamic.bin

First published on Tue, 19 Jun 2007