Mirrors/Zines
1
0
Fork 0
mirror of https://github.com/fdiskyou/Zines.git synced 2025-03-09 00:00:00 +01:00
Code Issues Releases Wiki Activity
Zines/phrack/44/11.txt

270 lines
11 KiB
Text
Raw Permalink Normal View History

1st import into tree
2016-12-14 22:07:35 +00:00
==Phrack Magazine==
Volume Four, Issue Forty-Four, File 11 of 27
****************************************************************************
[Editor's Note:
The following two files are very interesting. I never paid ANY
attention to the realm of our community that focus on virii. For
some reason, the whole idea behind them is a novel concept, but
I never saw any reason to take notice of them. Even when I've
given lectures, I always leave discussion about virii out, since
they should be a moot point. I mean, when "fdisk /mbr" will take
care of so many problems, what's the big deal?
I know I'm over-simplifying things, but jesus...
Well, while I continued to overlook this small but earnest group
of folks who dabble in virii, all kinds of things began to happen.
Groups formed, rivalries flared, paranoia ran rampant and one of the
most ridiculous cottage industries in the history of personal
computing appeared (living on the spread of Fear, Uncertainty and
Doubt.)
Well, in all of this several names have popped up as potential threats
to this little world. One in particular, Sarah Gordon, even got the
spotlight as a paranoid, BBS-busting, hacker-bashing psychopath in a
rather ill-researched and hastily prepared Phrack piece a few years
back. It is rather odd that in all the hype we in the underground
drum up, no one ever bothers to get the other side of the story, so we
feed the fervor and continue the paranoia.
Well, with this in mind, I received a file claiming to have info
regarding the big "expose" of Sarah masquerading as the Dark Avenger.
Now, even a moron like me has heard of the Dark Avenger, so I read it.
After doing so, I wanted to pipe it to /dev/null, but then decided it
would be much more fun to send it to Sarah too, and let her respond to it.
It's amusing as hell, and just goes to show that the underground
has as many similarities in its distinct groups as it does
differences.]
-----------------------------------------------------------------------------
Sara(h?) Gordon AND THE DARK AVENGER SCAM.
By Kohntark
In one of my many online conversations with Sara Gordon
I once asked her about the validity of the VNI interviews and
her real relationship with the alleged dark avenger; after
logging into her VFR BBS and seeing a #2 (hers being #1)
account named after him.
I proceeded to leave a message for the dark avenger there,
claiming that the whole account was bogus as it is highly
improbable that this person might call all the way from
Bulgaria and log into a mediocre BBS just to chat with her,
considering the expense of such long distance call , the
economic situation in Eastern Europe and a fact that
would learn later: Sara(h) Gordon has an account on the
Bulgarian DIGSYS unix server, locally accessible by phone
from there!
As it was expected, Sara(h) quickly 'noticed' my personal
message to the dark avenger and replied to my questioning in
a public post in FIDONET, (I don't read FIDONET posts and she
knows I have no access to them!!!! )
She claimed that the dark avenger was fully aware of how much
money she made out of the VNI interviews and that she was in
touch with him, etc.etc.
Afterward, I questioned her again about the whole affair
and demanded a proof, or some sort of direct contact from the
dark avenger to my anonymous internet account.
Since this was the first time anyone had ever questioned the
validity of her relationship with the DA, she took this to
heart and shortly after, I received 3 short messages
originating from <dav@danbo.digsys.bg> an Internet connected
UNIX system in Bulgaria.
Here they are:
(Private, compromising parts are X'd out)
1st Message:
--------------------------------------------------------------------------------
-
From daemon@digsys.bg Wed Jul 14 19:07 EDT 1993
Received: from danbo.digsys.bg by XXXXXXXXXXXXXXXXXXXXXX; Wed, 14 Jul 93 19:07:3
4 -0400
Return-Path: <dav@danbo.digsys.bg>
Received: by XXXXXXXXXXXXXX (5.67/1.35)
id AA12850; Thu, 15 Jul 93 02:04:46 +0300
Message-Id: <9307142304.AA12850@XXXXXXXXXXXX>
To: XXXXXXX
From: dav@danbo.digsys.bg
Date: Wed, 14 Jul 93 23:41:36 +0300
Subject: No subject
Status: RO
kohntark-
i just talked to a friend of mine who said you dont like her user
log. why shouldnt i call her from bulgaria? i call whoever i want
to, and this is not your problem.
by the way, she sent me your mail. for your information, i do
know how much money she made of that interview. and i also think
that this is none of your business.
also, maybe it would be good for you to know, that by offending
her, you are offending me, too. keep this in mind.
<dav>
Second Message:
-------------------------------------------------------------------------
>My mail with her is none of your business either.
i dont think so, dude.
maybe you need to read the next few lines again,
in case you missed them.
>>
>> also, maybe it would be good for you to know, that by offending
>> her, you are offending me, too. keep this in mind.
>>
>> <dav>
>
>HA HA! and you expect me to believe that you are the DA!
>send me a proof: an email address from bulgaria or tell me
>how many addressing modes does the MTE have?
>
>nice try.
well, what do you think the domain .bg in my email address stands for?
maybe you think its kameroon?
as for the mte, im not giving you any info.
i need not prove anything to anybody, and certainly dont plan to waste more
of my time talking to you. you have been warned.
<dav>
Third Message:
-------------------------------------------------------------------------
oh, yeah. sure it did.
only you will not know where something else came from, when it knocks on your
door. i have nothing more to say.
-------------------------------------------------------------------------
In my ignorance, I blindly trusted the three cryptic replies
to be true, even thought whoever replied refused to give out
trivial information such as the number of addressing modes
for a 2 year old encryption engine (MTE) and spelled Cameroon
with a 'k' (Check out Sara Gordon's spelling of URUGUAY in
VIRUS-L Volume 6 Issue 120 -v06i120)
Shortly after other unrelated discussions and a CUD post from
Sara(h) in which I was mentioned (unnamed), someone warned me
of several posts in NUKENET by an alleged dark avenger and
Todor Todorov from an account belonging to the last,
mentioning me and Aristotle.
In those messages I was referred to as 'hotshot,' a word that
Sara Gordon had used on me several times on our personal
email exchange; It was then that I became highly suspicious
of the whole matter.
I called Virginia's Virus Research Institute's sysop and
owner, Aristotle to find out more about the posts and he
bought to my attention the particular writing style of
Sara(h) Gordon: She NEVER uses capital letters and
apostrophes on her personal email, and always signs her name
on the lower left hand corner. (She seldom signs her posts
nowadays and changes her user name in her vfr@netcom.com
account every week!; for further proof of her writing style,
please refer to public posts in VIRUS-L Volume 6 #120; I also
have over 100K of personal email exchange to prove this
fact!)
It was then that we realized that she was passing herself as
Todor Todorov and the dark avenger (who could possibly verify
their online identity?) and had infiltrated NUKENET..
The writing style described corresponds exactly to the one on
the posts I received from the 'dark avenger.'
Shortly afterward the <dav@danbo.digsys.bg> account was
cancelled and I learned the whole truth:
The danbo.digsys.bg Bulgarian site belongs to Daniel Kalchev,
another self appointed AV researcher whose best claims to
fame are submitting various Bulgarian viruses to Patricia
Hoffman's VSUM!!
(You can check this by doing a search on 'Kalchev' on the
current VSUMs or you can contact him thru:
<daniel@danbo.sigsys.bg> )
He is a very close friend of Sara(h) Gordon and he has an
account in her VFR BBS (you can check this by logging into
her system and checking the user list) and SHE has an
account in digsys.bg under <sarah@danbo.digsys.bg> (this
account is still valid as far as I know; notice the H after
her name!)
What I concluded is that is the DA would never get an account
in such system as he HATES Daniel Kalchev!!!!
This is what really happened: Sara(h) Gordon in her
desperation to prove that she was in touch with the dark
avenger, told her pal Daniel Kalchev to make an account under
the dark avenger's name (<dav> this is how she always refers
to him, even though he never signs his name that way (check
the source code for his 'Dark Avenger' virus or the
'Commander Bomber' virus message name: [DAME])
From there she could email me messages that would come from
Bulgaria and would be untraceable since she would log into
her account in digsys.bg and log into the <dav> account
internally from the same site in Bulgaria. (You can check
where and when most of the people log from in most internet
unix and vax sites)
As it is expected from her, she has denied any of this.
Some of her ridiculous explanations include things like
"hotshot is a very common English word in Bulgaria" !!!
You might ask yourself what is the deal with the h? is it
sara or sarah??
Well, I asked her the same question when I noticed this in
one of the VNI interviews, where her name is spelled as
Sarah.
She replied that this was a mistake of the publisher.
Mistake? well not really, it was another lie, meant to throw
off any information and truth seekers, for example you can
check her account in Daniel Kalchev's system:
<saraH@danbo.digsys.bg> , spelled with an H,
another 'mistake of the publisher?'
:)
Other countless Sara Gordon lies are told in NUKE Info-
Journal # 6.
This behavior puts in question the validity of the VNI
interviews and the reputation of Sara(h) Gordon as a serious
(self appointed) 'virus researcher'
IMHO the VNI interviews are a complete fabrication, meant
only to boost her validity as a 'journalist', and to make her
lots of money, charging for further 'interviews' to other
magazines. (She has offered her paid 'interviewing' services
to various other publications.)
To the best of my knowledge the information I present here
is true and can be checked.
I chose to publish this information, despite threats against
my well being and countless lies about me propagated by
Sara(h) Gordon.
I am doing this to stop the lies and corruption fostered by
the Anti-Virus industry.
Reference in a new issue Copy permalink