[Cspace]

I am sorry about this, but I have no choice but to remove the mod rights of BigBro and suspend him for 10 days for a direct and intended privacy breach yesterday.

I have received a notice of his use of a dynamic image in a PM which captures the viewer's IP and does a port scan, and possibly something else although we are not positive at the moment (will look into it). The tracking of an IP and a port scan are direct breaches of privacy which also can potentially give a hacker a means to compromise a victim's computer.

BigBro was not likely hacking, he was doing this to discover who a certain anonymous member was. This is something which he could not do with his mod powers so he did this instead.

I scanned the database for this malicious file and it was only sent to one member. This member will take the appropriate actions to remove the threat brought upon him.

To my knowledge, this program was not used to figure out who the anonymous person was, although he did discover it through another (although legal) means.

There is not a threat to everyone here, although if you are sent a message with a black empty square image please let me know (and mention it in the title). If BigBro does anything else of this sort he will be banned from the forums and possibly the entire server, as would anyone who tries this.

The administration of CurvedSpace is dedicated to maintaining a safe community, and threats such as these will always be promptly removed. This is why it is important to report any suspicious actions on the board, so they can be promptly handled and files can be removed for everyone's safety.

[Dark Alex666]

Evil him. Using hacker programs. We dont like that, oh no we dont

[Baseballl]

I'm assuming that all alt accounts are to be banned?

[Dragonman]

Temporary IP ban if that's possible so that he just doesn't create a new alt account. I wonder why he wanted to know about this anonymous user...

BTW, don't we call hackers "crackers" now?

[Bodom]

Someone comes, all smods know who he/she is and they keep it quiet, he wants to find out who he/she is so he does so..

This post has been edited by Echliurn: 14 January 2005 - 11:21 PM

[obiwan22]

Gah..... I love it when people flame me and I'm not allowed to know who... Once I find out who you are, you're getting the 'Go $&%@ Yourself' website spammed into your email account.

There.

[Cspace]

I'm assuming that all alt accounts are to be banned?

Yes, well, suspended by any SMod and up if verified.

[Phieta]

BTW, don't we call hackers "crackers" now?

Only if you're picky *dodges tomatoes* and only if the hacker is being malicious...

So if our Mattbro was just trying to figue out who our anonymous person was, he was just hacking... if he was trying to get into the person's computer, heck, he was still just hacking... if his intent was to get into their computer, steal passwords, delete files, et al, he was cracking.

Meh.

I also don't see how the port scan would help figure out who the person was... and can't regular mods see IP addresses anyway? Then again, maybe the image would see the "true" address (as apposed to a proxy). But I'm thinking out loud here.

[Final F8]

and can't regular mods see IP addresses anyway?

Nope.

[Phieta]

And now a word from our sponsor.

This wasn't even a IP tracer, or port scanner. *Sigh*    All it was was a small image. When the PM was read, my server logged the IP, simple. I just compared this to a few other IPs to eventually worked out who it was. It isn't a trojan, or virus, or anything mallicious at all. All it is is a little black box.

Also, to try and dig out some information, I traced it using tracert, a normal IP scanner and Norton Internet Security. It didn't breach privacy acts in any way, I just wanted to find out who flamed me. Also, you should note that I haven't even said anything to the person that flamed me at all, I'm quite happy to leave things how they are, I'd just prefer to know who I should trust.

-Matt

[Cspace]

Since it is difficult to tell what it is, that's why Big got 10 days instead of the 20+ days stated in the rules. The aspects which resulted in this are

1) The intent, there was an attempt to obtain the IP of the anonymous member, something which will require outside means for he was not in a position which lets him match the name to another login.

2) Previous acts on the site, although not malicious, would lead one to believe that there was a chance that he could do something like this.

3) The manner in which the image (dynamic or not) was conveyed to the target(s). A basically empty PM with an inviting title tricking the person into viewing it.

4) The implications of a "black box", which is the format in which actually malicious scripts are sometimes presented.

5) Big was bragging about the image being an IP tracker and port scanner earlier to a recipient, whether or not it really was. Big verified this tonight (that he said that, while claiming that it was basically a joke), although he could have been trying to scare someone or something and there is no way to actually prove it either way.

This is why the action was taken. Big is not hacking, it is what it is. It is considered a "privacy breach" either way. He should not be condemned for it, but this should be the last of it. The actions taken would have been taken for anyone and are to preserve the safety of the community.

[Ruckus Fox]

Heh.....Hehehe.....You're lost...All of you...Cspace nailed -most- of it on the head...

Dragonman: Wrong, really, I'm a hacker....have you banned me yet?

Cspace: Hmm....Didn't know you yourself were this strict...But I know what you're doing, you're trying to bring federal laws onto the internet...Very unwise if I may say so because it won't work. Government wasn't designed for law and order, it was designed to keep people who think too much in line...Like myself...Which is why I choose to be a hacker and "defy" the laws of both physics and logic...

Phieta, (Message): Obviously you've never heard the riddle of "The Little Black Box"? It's an old riddleish type rhyming poem that went on about a curious lad who founded a black box among some ruins his kid friends played at. Put quite simply...That black box held everything he ever feared and everything he ever hold close to him....Think of it like your IP....Everything you have.....Inside a little black box...Now belongs to them, to manipulate as they see pleasing. It does amuse me so how I can inform people like this.

---Ruckus the Rogue

P.S. To the Note: Trust.....No one...

[Xemem]

*gets a cold shiver*
Okay...this is getting freaky I mean, I heard ppl can do this stuff. but I have never really seen it happening(even if I havn't seen some lil box thingy). this is freaky...im just gana go...over there...yeah.

[Dragonman]

Ruckus: Cspace gets strict when something that could threaten the safety of members occurs. That's what any good admin does; it's the top concern throughout the forums.

[asyluman]

Is this not the same kind of stuff as those signs in people's sigs everywhere that say:

You are running {Internet Browser} an a {blah blah blah} connection. your IP is {blah blah blah}

Is it? Or am I dumb?