If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
[OT] Annexcafe User2User newsgroup
On Wed, 6 May 2009 08:46:06 +0100, "~BD~"
wrote: "Grybeard" wrote in message ... "Reckon he finally figured it out?" ****** That is what 'Grybeard' posted after I had been bannished from YET_ANOTHER_FORUM_THAT_BANISHED_ME_FOR_STALKING . *Is* CUT_STALKING_LINK a safe place for folk to go to get help with their computer problems? I don't know, Bl&^&^%dy De&^%îL. But it was probably MUCH safer after they BANNED you. So *WHY* did you state you had *NEVER* been banned for stalking ? And *WHY* did you CHANGE your nick to post ? []'s PS I noticed you recently tried to revive the SEVEN YEAR OLD STALKING thread in a completely unrelated forum. Message-ID: I'm posting to your usual forums, so people can get to know you better. I'm sure everybody will want to help you. I mean, you are after the "bad guys", right ? -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
Ads |
#2
|
|||
|
|||
[OT] Annexcafe User2User newsgroup
On 09/11/2016 15:00, Shadow wrote:
On Wed, 6 May 2009 08:46:06 +0100, "~BD~" wrote: "Grybeard" wrote in message ... "Reckon he finally figured it out?" ****** That is what 'Grybeard' posted after I had been bannished from YET_ANOTHER_FORUM_THAT_BANISHED_ME_FOR_STALKING . *Is* CUT_STALKING_LINK a safe place for folk to go to get help with their computer problems? I don't know, Bl&^&^%dy De&^%îL. But it was probably MUCH safer after they BANNED you. So *WHY* did you state you had *NEVER* been banned for stalking ? And *WHY* did you CHANGE your nick to post ? []'s In my opinion, the Annexcafe User2User group had been infiltrated by some dishonest folk and I was attempting to expose them. The site pretended to be 'safe' for the users of the group when, of course, it was nothing of the kind. When first I went there, I had never even HEARD of a 'header' and had no idea how the folk there new it was me posting regardless of whatever nym I chose to use. It was a great learning experience though! PS I noticed you recently tried to revive the SEVEN YEAR OLD STALKING thread in a completely unrelated forum. Message-ID: I'm posting to your usual forums, so people can get to know you better. Had you actually READ the thread, you would have realised that what I had tried to describe to Tim Jackson at that time was _identical_ to what I more recently found in the IdentIt.ca web page. I wanted to draw matters to his attention if he was still monitoring the 'alt.computer.security' group. I shall email him shortly, now that Microsoft have at last grasped the nettle. I'm sure everybody will want to help you. I mean, you are after the "bad guys", right ? Good guys *DO* help me ..... and I very much appreciate that help. :-) It's a shame that you do not read at the links I post, but here's a pertinent example in full. I hope this helps folk understand. = Here's some more background, lifted from a Usenet group:- Path: eternal-september.org!mx02.eternal-september.org!.POSTED!not-for-mail From: Paul Newsgroups: alt.windows7.general Subject: windows7 upgrade loop Date: Fri, 11 Sep 2015 05:45:00 -0400 Organization: A noiseless patient Spider Lines: 228 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Fri, 11 Sep 2015 09:43:09 +0000 (UTC) Injection-Info: mx02.eternal-september.org; posting-host="b67457fd2129c9f432d3358443878287"; logging-data="16262"; "; posting-account="U2FsdGVkX190Uc9gb75CicrJx5Z/7E0UjdV4PiQvYuk=" User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802) In-Reply-To: Cancel-Lock: sha1:rFPBp0eHXeN8JV4ylqTxMVj6XKQ= ~BD~ wrote: On 11/09/2015 09:35, Paul wrote: ~BD~ wrote: On 07/09/2015 20:25, Eternal Hope wrote: On 07/09/2015 15:53, ~BD~ wrote: On 05/09/2015 17:06, Eternal Hope wrote: You need to understand something. I'm the person who takes your ballpoint pen to bits to see how it works, then I'll dismantle and reassemble your lawnmower to make it less noisy when you insist on cutting your grass at 8:00pm on a summer Sunday evening. I don't need an excuse to try and figure out how something works (or not as the case may be) Hello I suspect we have a vaguely similar mindset! :-) Once, when in Australia, I repaired a non-functioning Distributor on our Ford Estate car by using a spring from a Biro and a 'sculptured' lead pencil. That was to transfer power from the ignition coil to the rotor arm and thus to the spark plugs! ;-) I've spent much of my working life taking other peoples crappy, uncommented, broken source code to bits and putting it back together so that it works as it should have done (i.e complies with the spec) However, I have NOT worked in the IT/computing field and I've had to learn from other folk, people perhaps much like yourself. May I ask if you have ever explored the website described here? http://answers.microsoft.com/en-us/w...15243dd?auth=1 Do you have the skills to detect if all is as it should be there? I confess some surprise when I was confronted by THIS page! https://www.dropbox.com/s/kq08kp1t6k...t%21.tiff?dl=0 I'd welcome your view(s). David Well now this *is* interesting One apparently benign approach and three warning shots. What is your point. You are more than welcome to look me up on LinkedIn! You'll find me he uk.linkedin.com/in/boaterdave If you really are as 'curious' as you first intimated, may I encourage you to visit here (it's affiliated with the Malwarebytes operation). The facility "Quickly and safely dissect malicious or suspect websites" http://vurldissect.co.uk/?url=3194361 It will probably take around one minute to load! It appears to give Aumha a 'clean sheet'! However, if one uses the same facility to 'investigate' www.Identit.ca one gets a completely different story! For a start, there is apparently no PTR record and there is what (to me) appears an anomaly in the code. I'm concerned because if I scroll down at the 'dissect' information page, I see the following - which doesn't seem to have a rightful place there! Can you explain to me why THIS detail appears at line 278? = /tddiv style=" width: 31px; height: 87x; 2; id="layer3"marquee scrollDelay="1044" align="middle" border="0"a href="http://www.nikeairmaxsite.com/"nike air max sneakers/aa href="http ://www.toplacoste.com/"Lacoste Outlet/aa href="http://www.nikedunksales.com/nikesbdunkhigh-c-7.html"nike dunk high/aa href="http://www.frchristianlouboutin.com/"christian louboutin sale/aa href="http://www.nikedunksales.com/"nike dunk/aa href="http://w ww.nikedunksales.com/nikesbdunkmid-c-13.html"nike dunk mid/aa href="http://www.frchristianlouboutin.com/christian-louboutin-shoes-c-5.html"christian louboutin shoes/aa href="http://www.lebronsky.com/kobebryant-c-21.html"kobe bryant shoes/aa href="http://www.airforce1fashion.com/air-force-1-premium-mid-c-239.html& quot;air force one mid/aa href="http://www.frchristianlouboutin.com/"christian louboutin discount/aa href="http://www.lebronsky.com/kobebryantnikezoomkobev5-c-21_28.html"kobe v/a/marquee/div = It doesn't seem to be related to the subject matter of the website itself. Do you think it might in some way be connected with SPAM? Thanks in advance for any insightful comment! -- A memorial to the nearly 300 colleagues I lost on THAT 9/11 - http://memorial.mmc.com A check of the site ("http://www.identit.ca"), at this instant, shows no such thing. In fact, doing "Save as" "Web page complete" reveals some pretty simple HTML code, as well as one whole CSS style sheet. No Javascript, or bunk you cannot understand. A model of web page design, if you ask me. No unnecessary stuff. And certainly no Chinese running shoe adverts. ******* Are you sure your own browser isn't compromised ? Perhaps DNS poisoning, adware injection of links into page content ? Maybe the analysis site you were using, is itself infected ? I've looked at some pretty awful code recently, like the 2.5MB Javascript file on the Yahoo news page, and by comparison seeing this code is a breath of fresh air. Paul Hi Paul I'm totally out of my depth here, which is WHY I'm seeking help/advice. Using my native Safari browser, I can view this .... (does it help you?) I really do hope that my equipment is not at fault!!! snipped tr height="28" td class="bottommenu-color"/td td class="bottommenu-color" style="padding-" table cellpadding="0" cellspacing="0" border="0" tr td class="bottommenuitemactive"Home/td td class="bottommenudivider" div style="width:17px; height:0px;" spacer/spacer/div /tddiv style="; width: 31px; height: 87x; id="layer3"marquee scrollDelay="1044" align="middle" border="0"a href="http://www.nikeairmaxsite.com/"nike air max sneakers/aa href="http://www.toplacoste.com/"Lacoste Outlet/aa href="http://www.nikedunksales.com/nikesbdunkhigh-c-7.html"nike dunk high/aa href="http://www.frchristianlouboutin.com/"christian louboutin sale/aa href="http://www.nikedunksales.com/"nike dunk/aa href="http://www.nikedunksales.com/nikesbdunkmid-c-13.html"nike dunk mid/aa href="http://www.frchristianlouboutin.com/christian-louboutin-shoes-c-5.html"christian louboutin shoes/aa href="http://www.lebronsky.com/kobebryant-c-21.html"kobe bryant shoes/aa href="http://www.airforce1fashion.com/air-force-1-premium-mid-c-239.html"air force one mid/aa href="http://www.frchristianlouboutin.com/"christian louboutin discount/aa href="http://www.lebronsky.com/kobebryantnikezoomkobev5-c-21_28.html"kobe v/a/marquee/div OK, now I see it. Very clever. It's injected code with no line formatting in it. An attempt at one long line that goes off the side of my screen. That's why I didn't notice it in the editor. I would say a third party put that in there. What's also curious, is it doesn't make a visual element on the web page. You can't see it. And there is also no code to record an "ad impression" (so they're not "billing" a third party for having it there). So the stuff that is there, I can't see anyone profiting directly from this. Not the person showing the ad, or the person who injected it. I couldn't find anything to click. It's supposed to be a marquee, but there isn't such an element at the bottom of the page. The only advantage doing that might have, is in influencing a search engine. To raise the priority of the links in question, so perhaps a search on "Nike" is more likely to reference those links. A kind of "salting" for SEO purposes, intended to raise the priority of the Chinese running shoe adverts, so they're more likely to float to the top in a search on Google. And you can see, the fact that I missed that (didn't see it off the side of my screen), the people who maintain that web page probably don't see it either. Since the marquee cannot be seen as a visual item on the rendered web page, it's pretty hard to detect it. I would guess the person doing the injecting, sees that the web page was "hand edited" and took advantage of that fact (knows it'll go off the side of the screen, so a person editing the HTML won't notice). The only way you'd detect that, is with something like TripWire on the server (you notice that the file checksums changed, even though you haven't edited the code recently). Since you can't click those links, it's not like you will be going to those sites by accident. Paul = Uncovering bad guys isn't easy! ;-) The full thread is he- https://social.technet.microsoft.com...m=winservergen -- David B. |
#3
|
|||
|
|||
[OT] Annexcafe User2User newsgroup
On Wed, 9 Nov 2016 16:40:22 +0000, "David B." "David
wrote: On 09/11/2016 15:00, Shadow wrote: On Wed, 6 May 2009 08:46:06 +0100, "~BD~" wrote: "Grybeard" wrote in message ... "Reckon he finally figured it out?" ****** That is what 'Grybeard' posted after I had been bannished from YET_ANOTHER_FORUM_THAT_BANISHED_ME_FOR_STALKING . *Is* CUT_STALKING_LINK a safe place for folk to go to get help with their computer problems? I don't know, Bl&^&^%dy De&^%îL. But it was probably MUCH safer after they BANNED you. So *WHY* did you state you had *NEVER* been banned for stalking ? And *WHY* did you CHANGE your nick to post ? []'s In my opinion Nobody cares. PS I noticed you recently tried to revive the SEVEN YEAR OLD STALKING thread in a completely unrelated forum. Message-ID: I'm posting to your usual forums, so people can get to know you better. SNIP_COPIOUS_PROOF_OF_STALKING Thank you for confirming. NOW everyone knows EXACTLY what you are. Couldn't have painted a better picture of you myself. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
#4
|
|||
|
|||
[OT] Annexcafe User2User newsgroup
On 09/11/2016 16:55, Shadow wrote:
[....] Nobody cares. You are wrong - *AGAIN*! PS I noticed you recently tried to revive the SEVEN YEAR OLD STALKING thread in a completely unrelated forum. Message-ID: I'm posting to your usual forums, so people can get to know you better. SNIP_COPIOUS_PROOF_OF_STALKING Thank you for confirming. NOW everyone knows EXACTLY what you are. Couldn't have painted a better picture of you myself. []'s You are most welcome! :-) As I've always maintained, *the truth WILL out*! David B. |
#5
|
|||
|
|||
[OT] Annexcafe User2User newsgroup
On 09/11/2016 16:40, David B. wrote:
On 09/11/2016 15:00, Shadow wrote: On Wed, 6 May 2009 08:46:06 +0100, "~BD~" wrote: "Grybeard" wrote in message ... "Reckon he finally figured it out?" ****** That is what 'Grybeard' posted after I had been bannished from YET_ANOTHER_FORUM_THAT_BANISHED_ME_FOR_STALKING . *Is* CUT_STALKING_LINK a safe place for folk to go to get help with their computer problems? I don't know, Bl&^&^%dy De&^%îL. But it was probably MUCH safer after they BANNED you. So *WHY* did you state you had *NEVER* been banned for stalking ? And *WHY* did you CHANGE your nick to post ? []'s In my opinion, the Annexcafe User2User group had been infiltrated by some dishonest folk and I was attempting to expose them. The site pretended to be 'safe' for the users of the group when, of course, it was nothing of the kind. When first I went there, I had never even HEARD of a 'header' and had no idea how the folk there new it was me posting regardless of whatever nym I chose to use. It was a great learning experience though! PS I noticed you recently tried to revive the SEVEN YEAR OLD STALKING thread in a completely unrelated forum. Message-ID: I'm posting to your usual forums, so people can get to know you better. Had you actually READ the thread, you would have realised that what I had tried to describe to Tim Jackson at that time was _identical_ to what I more recently found in the IdentIt.ca web page. I wanted to draw matters to his attention if he was still monitoring the 'alt.computer.security' group. I shall email him shortly, now that Microsoft have at last grasped the nettle. I'm sure everybody will want to help you. I mean, you are after the "bad guys", right ? Good guys *DO* help me ..... and I very much appreciate that help. :-) It's a shame that you do not read at the links I post, but here's a pertinent example in full. I hope this helps folk understand. = Here's some more background, lifted from a Usenet group:- Path: eternal-september.org!mx02.eternal-september.org!.POSTED!not-for-mail From: Paul Newsgroups: alt.windows7.general Subject: windows7 upgrade loop Date: Fri, 11 Sep 2015 05:45:00 -0400 Organization: A noiseless patient Spider Lines: 228 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Fri, 11 Sep 2015 09:43:09 +0000 (UTC) Injection-Info: mx02.eternal-september.org; posting-host="b67457fd2129c9f432d3358443878287"; logging-data="16262"; "; posting-account="U2FsdGVkX190Uc9gb75CicrJx5Z/7E0UjdV4PiQvYuk=" User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802) In-Reply-To: Cancel-Lock: sha1:rFPBp0eHXeN8JV4ylqTxMVj6XKQ= Xref: mx02.eternal-september.org alt.windows7.general:132872 ~BD~ wrote: On 11/09/2015 09:35, Paul wrote: ~BD~ wrote: On 07/09/2015 20:25, Eternal Hope wrote: On 07/09/2015 15:53, ~BD~ wrote: On 05/09/2015 17:06, Eternal Hope wrote: You need to understand something. I'm the person who takes your ballpoint pen to bits to see how it works, then I'll dismantle and reassemble your lawnmower to make it less noisy when you insist on cutting your grass at 8:00pm on a summer Sunday evening. I don't need an excuse to try and figure out how something works (or not as the case may be) Hello I suspect we have a vaguely similar mindset! :-) Once, when in Australia, I repaired a non-functioning Distributor on our Ford Estate car by using a spring from a Biro and a 'sculptured' lead pencil. That was to transfer power from the ignition coil to the rotor arm and thus to the spark plugs! ;-) I've spent much of my working life taking other peoples crappy, uncommented, broken source code to bits and putting it back together so that it works as it should have done (i.e complies with the spec) However, I have NOT worked in the IT/computing field and I've had to learn from other folk, people perhaps much like yourself. May I ask if you have ever explored the website described here? http://answers.microsoft.com/en-us/w...15243dd?auth=1 Do you have the skills to detect if all is as it should be there? I confess some surprise when I was confronted by THIS page! https://www.dropbox.com/s/kq08kp1t6k...t%21.tiff?dl=0 I'd welcome your view(s). David Well now this *is* interesting One apparently benign approach and three warning shots. What is your point. You are more than welcome to look me up on LinkedIn! You'll find me he uk.linkedin.com/in/boaterdave If you really are as 'curious' as you first intimated, may I encourage you to visit here (it's affiliated with the Malwarebytes operation). The facility "Quickly and safely dissect malicious or suspect websites" http://vurldissect.co.uk/?url=3194361 It will probably take around one minute to load! It appears to give Aumha a 'clean sheet'! However, if one uses the same facility to 'investigate' www.Identit.ca one gets a completely different story! For a start, there is apparently no PTR record and there is what (to me) appears an anomaly in the code. I'm concerned because if I scroll down at the 'dissect' information page, I see the following - which doesn't seem to have a rightful place there! Can you explain to me why THIS detail appears at line 278? = /tddiv style=" width: 31px; height: 87x; 2; id="layer3"marquee scrollDelay="1044" align="middle" border="0"a href="http://www.nikeairmaxsite.com/"nike air max sneakers/aa href="http ://www.toplacoste.com/"Lacoste Outlet/aa href="http://www.nikedunksales.com/nikesbdunkhigh-c-7.html"nike dunk high/aa href="http://www.frchristianlouboutin.com/"christian louboutin sale/aa href="http://www.nikedunksales.com/"nike dunk/aa href="http://w ww.nikedunksales.com/nikesbdunkmid-c-13.html"nike dunk mid/aa href="http://www.frchristianlouboutin.com/christian-louboutin-shoes-c-5.html"christian louboutin shoes/aa href="http://www.lebronsky.com/kobebryant-c-21.html"kobe bryant shoes/aa href="http://www.airforce1fashion.com/air-force-1-premium-mid-c-239.html& quot;air force one mid/aa href="http://www.frchristianlouboutin.com/"christian louboutin discount/aa href="http://www.lebronsky.com/kobebryantnikezoomkobev5-c-21_28.html"kobe v/a/marquee/div = It doesn't seem to be related to the subject matter of the website itself. Do you think it might in some way be connected with SPAM? Thanks in advance for any insightful comment! -- A memorial to the nearly 300 colleagues I lost on THAT 9/11 - http://memorial.mmc.com A check of the site ("http://www.identit.ca"), at this instant, shows no such thing. In fact, doing "Save as" "Web page complete" reveals some pretty simple HTML code, as well as one whole CSS style sheet. No Javascript, or bunk you cannot understand. A model of web page design, if you ask me. No unnecessary stuff. And certainly no Chinese running shoe adverts. ******* Are you sure your own browser isn't compromised ? Perhaps DNS poisoning, adware injection of links into page content ? Maybe the analysis site you were using, is itself infected ? I've looked at some pretty awful code recently, like the 2.5MB Javascript file on the Yahoo news page, and by comparison seeing this code is a breath of fresh air. Paul Hi Paul I'm totally out of my depth here, which is WHY I'm seeking help/advice. Using my native Safari browser, I can view this .... (does it help you?) I really do hope that my equipment is not at fault!!! snipped tr height="28" td class="bottommenu-color"/td td class="bottommenu-color" style="padding-" table cellpadding="0" cellspacing="0" border="0" tr td class="bottommenuitemactive"Home/td td class="bottommenudivider" div style="width:17px; height:0px;" spacer/spacer/div /tddiv style="; width: 31px; height: 87x; id="layer3"marquee scrollDelay="1044" align="middle" border="0"a href="http://www.nikeairmaxsite.com/"nike air max sneakers/aa href="http://www.toplacoste.com/"Lacoste Outlet/aa href="http://www.nikedunksales.com/nikesbdunkhigh-c-7.html"nike dunk high/aa href="http://www.frchristianlouboutin.com/"christian louboutin sale/aa href="http://www.nikedunksales.com/"nike dunk/aa href="http://www.nikedunksales.com/nikesbdunkmid-c-13.html"nike dunk mid/aa href="http://www.frchristianlouboutin.com/christian-louboutin-shoes-c-5.html"christian louboutin shoes/aa href="http://www.lebronsky.com/kobebryant-c-21.html"kobe bryant shoes/aa href="http://www.airforce1fashion.com/air-force-1-premium-mid-c-239.html"air force one mid/aa href="http://www.frchristianlouboutin.com/"christian louboutin discount/aa href="http://www.lebronsky.com/kobebryantnikezoomkobev5-c-21_28.html"kobe v/a/marquee/div OK, now I see it. Very clever. It's injected code with no line formatting in it. An attempt at one long line that goes off the side of my screen. That's why I didn't notice it in the editor. I would say a third party put that in there. What's also curious, is it doesn't make a visual element on the web page. You can't see it. And there is also no code to record an "ad impression" (so they're not "billing" a third party for having it there). So the stuff that is there, I can't see anyone profiting directly from this. Not the person showing the ad, or the person who injected it. I couldn't find anything to click. It's supposed to be a marquee, but there isn't such an element at the bottom of the page. The only advantage doing that might have, is in influencing a search engine. To raise the priority of the links in question, so perhaps a search on "Nike" is more likely to reference those links. A kind of "salting" for SEO purposes, intended to raise the priority of the Chinese running shoe adverts, so they're more likely to float to the top in a search on Google. And you can see, the fact that I missed that (didn't see it off the side of my screen), the people who maintain that web page probably don't see it either. Since the marquee cannot be seen as a visual item on the rendered web page, it's pretty hard to detect it. I would guess the person doing the injecting, sees that the web page was "hand edited" and took advantage of that fact (knows it'll go off the side of the screen, so a person editing the HTML won't notice). The only way you'd detect that, is with something like TripWire on the server (you notice that the file checksums changed, even though you haven't edited the code recently). Since you can't click those links, it's not like you will be going to those sites by accident. Paul = Uncovering bad guys isn't easy! ;-) The full thread is he- https://social.technet.microsoft.com...m=winservergen Just thought I'd add my 'now published on line' email I wrote to Dustin Cook some years ago:- = To: Subject: A real apology after all! Date: Sun, 17 Jul 2011 13:33:45 -0400 From: Hi Dustin Seems this address does still function (and I've not been banned by AOL - what more proof could anyone wish for?!!) I can't remember all the things you told me some years ago, but I was left with the feeling that you had had a difficult upbringing and had lost your dad at an early age. Maybe I remember incorrectly, but I think you once also mentioned that you had once (more?) considered taking your own life. I cringed when I read Graham say something about you jumping off a cliff - he couldn't possibly known how poignant that must have been. The nasty posts being dragged up from the past must haunt you now and whoever is responsible for doing that should be shot. I have never tried to hide anything from anyone. I do not live in fear either and certainly don't respond to threats. Everything I have told you on-line about me is the truth - but I confess that I do twist and spin to try to draw out snippets of info. That is how I have built up my suspicions over the years. Peter Foldes lies, as you have seen for yourself. His buddies Robear Dyer and Jim Eshelman http://www.aumha.org/ have also lied - I appreciate that only *I* know that for certain! You've proved your skill beyond all doubt. Please do it again now. Prove to yourself that you can not pin down 'Peter Foldes'. You don't even need to tell me the result. If he's a good guy - great. If he's not - you will find out. You will remember a post about 'Don't mess with the old folk'. I'd quickly explored YouTube and grabbed the clip involving a car from a number of possible contenders. I had completely forgotten that your dad had been killed in a car accident - it was only when you commented so viciously that the horror of what I'd posted hit me - but by then, of course, it was too late. I apologise most sincerely for being so hurtful. It had been meant as a bit of fun, but it went badly wrong. I'm truly sorry, Dustin, and hope you will forgive me. With regard to that Google Street View fiasco ....... I had no intention whatsoever of causing you or your family any harm. Until Aardvark tried to explain to me face to face, I had no comprehension that I was in some way placing you in danger. Previously, quite a long time before, I'd posted a GSV of Dave Eagle's house and absolutely no one suggested that I should not have done so. I even took pictures from different angles so that we could see the tall radio mast he uses a 'Ham' and we chatted about the local youth that used the 'waste' ground behind his property for car races etc. So, even though you haven't asked for it, I DO apologise, as what I did was obviously a cause of anxiety for you. I am sorry, Dustin. Everybody needs somebody! I'll be happy to be your friend. David B. -- It's in Dustin's 'zip' file! |
#6
|
|||
|
|||
[OT] Annexcafe User2User newsgroup
On 22/04/2017 09:15, David B. wrote:
On 09/11/2016 16:40, David B. wrote: On 09/11/2016 15:00, Shadow wrote: On Wed, 6 May 2009 08:46:06 +0100, "~BD~" wrote: "Grybeard" wrote in message ... "Reckon he finally figured it out?" ****** That is what 'Grybeard' posted after I had been bannished from YET_ANOTHER_FORUM_THAT_BANISHED_ME_FOR_STALKING . *Is* CUT_STALKING_LINK a safe place for folk to go to get help with their computer problems? I don't know, Bl&^&^%dy De&^%îL. But it was probably MUCH safer after they BANNED you. So *WHY* did you state you had *NEVER* been banned for stalking ? And *WHY* did you CHANGE your nick to post ? []'s In my opinion, the Annexcafe User2User group had been infiltrated by some dishonest folk and I was attempting to expose them. The site pretended to be 'safe' for the users of the group when, of course, it was nothing of the kind. When first I went there, I had never even HEARD of a 'header' and had no idea how the folk there new it was me posting regardless of whatever nym I chose to use. It was a great learning experience though! PS I noticed you recently tried to revive the SEVEN YEAR OLD STALKING thread in a completely unrelated forum. Message-ID: I'm posting to your usual forums, so people can get to know you better. Had you actually READ the thread, you would have realised that what I had tried to describe to Tim Jackson at that time was _identical_ to what I more recently found in the IdentIt.ca web page. I wanted to draw matters to his attention if he was still monitoring the 'alt.computer.security' group. I shall email him shortly, now that Microsoft have at last grasped the nettle. I'm sure everybody will want to help you. I mean, you are after the "bad guys", right ? Good guys *DO* help me ..... and I very much appreciate that help. :-) It's a shame that you do not read at the links I post, but here's a pertinent example in full. I hope this helps folk understand. = Here's some more background, lifted from a Usenet group:- Path: eternal-september.org!mx02.eternal-september.org!.POSTED!not-for-mail From: Paul Newsgroups: alt.windows7.general Subject: windows7 upgrade loop Date: Fri, 11 Sep 2015 05:45:00 -0400 Organization: A noiseless patient Spider Lines: 228 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Fri, 11 Sep 2015 09:43:09 +0000 (UTC) Injection-Info: mx02.eternal-september.org; posting-host="b67457fd2129c9f432d3358443878287"; logging-data="16262"; "; posting-account="U2FsdGVkX190Uc9gb75CicrJx5Z/7E0UjdV4PiQvYuk=" User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802) In-Reply-To: Cancel-Lock: sha1:rFPBp0eHXeN8JV4ylqTxMVj6XKQ= Xref: mx02.eternal-september.org alt.windows7.general:132872 ~BD~ wrote: On 11/09/2015 09:35, Paul wrote: ~BD~ wrote: On 07/09/2015 20:25, Eternal Hope wrote: On 07/09/2015 15:53, ~BD~ wrote: On 05/09/2015 17:06, Eternal Hope wrote: You need to understand something. I'm the person who takes your ballpoint pen to bits to see how it works, then I'll dismantle and reassemble your lawnmower to make it less noisy when you insist on cutting your grass at 8:00pm on a summer Sunday evening. I don't need an excuse to try and figure out how something works (or not as the case may be) Hello I suspect we have a vaguely similar mindset! :-) Once, when in Australia, I repaired a non-functioning Distributor on our Ford Estate car by using a spring from a Biro and a 'sculptured' lead pencil. That was to transfer power from the ignition coil to the rotor arm and thus to the spark plugs! ;-) I've spent much of my working life taking other peoples crappy, uncommented, broken source code to bits and putting it back together so that it works as it should have done (i.e complies with the spec) However, I have NOT worked in the IT/computing field and I've had to learn from other folk, people perhaps much like yourself. May I ask if you have ever explored the website described here? http://answers.microsoft.com/en-us/w...15243dd?auth=1 Do you have the skills to detect if all is as it should be there? I confess some surprise when I was confronted by THIS page! https://www.dropbox.com/s/kq08kp1t6k...t%21.tiff?dl=0 I'd welcome your view(s). David Well now this *is* interesting One apparently benign approach and three warning shots. What is your point. You are more than welcome to look me up on LinkedIn! You'll find me he uk.linkedin.com/in/boaterdave If you really are as 'curious' as you first intimated, may I encourage you to visit here (it's affiliated with the Malwarebytes operation). The facility "Quickly and safely dissect malicious or suspect websites" http://vurldissect.co.uk/?url=3194361 It will probably take around one minute to load! It appears to give Aumha a 'clean sheet'! However, if one uses the same facility to 'investigate' www.Identit.ca one gets a completely different story! For a start, there is apparently no PTR record and there is what (to me) appears an anomaly in the code. I'm concerned because if I scroll down at the 'dissect' information page, I see the following - which doesn't seem to have a rightful place there! Can you explain to me why THIS detail appears at line 278? = /tddiv style=" width: 31px; height: 87x; 2; id="layer3"marquee scrollDelay="1044" align="middle" border="0"a href="http://www.nikeairmaxsite.com/"nike air max sneakers/aa href="http ://www.toplacoste.com/"Lacoste Outlet/aa href="http://www.nikedunksales.com/nikesbdunkhigh-c-7.html"nike dunk high/aa href="http://www.frchristianlouboutin.com/"christian louboutin sale/aa href="http://www.nikedunksales.com/"nike dunk/aa href="http://w ww.nikedunksales.com/nikesbdunkmid-c-13.html"nike dunk mid/aa href="http://www.frchristianlouboutin.com/christian-louboutin-shoes-c-5.html"christian louboutin shoes/aa href="http://www.lebronsky.com/kobebryant-c-21.html"kobe bryant shoes/aa href="http://www.airforce1fashion.com/air-force-1-premium-mid-c-239.html& quot;air force one mid/aa href="http://www.frchristianlouboutin.com/"christian louboutin discount/aa href="http://www.lebronsky.com/kobebryantnikezoomkobev5-c-21_28.html"kobe v/a/marquee/div = It doesn't seem to be related to the subject matter of the website itself. Do you think it might in some way be connected with SPAM? Thanks in advance for any insightful comment! -- A memorial to the nearly 300 colleagues I lost on THAT 9/11 - http://memorial.mmc.com A check of the site ("http://www.identit.ca"), at this instant, shows no such thing. In fact, doing "Save as" "Web page complete" reveals some pretty simple HTML code, as well as one whole CSS style sheet. No Javascript, or bunk you cannot understand. A model of web page design, if you ask me. No unnecessary stuff. And certainly no Chinese running shoe adverts. ******* Are you sure your own browser isn't compromised ? Perhaps DNS poisoning, adware injection of links into page content ? Maybe the analysis site you were using, is itself infected ? I've looked at some pretty awful code recently, like the 2.5MB Javascript file on the Yahoo news page, and by comparison seeing this code is a breath of fresh air. Paul Hi Paul I'm totally out of my depth here, which is WHY I'm seeking help/advice. Using my native Safari browser, I can view this .... (does it help you?) I really do hope that my equipment is not at fault!!! snipped tr height="28" td class="bottommenu-color"/td td class="bottommenu-color" style="padding-" table cellpadding="0" cellspacing="0" border="0" tr td class="bottommenuitemactive"Home/td td class="bottommenudivider" div style="width:17px; height:0px;" spacer/spacer/div /tddiv style="; width: 31px; height: 87x; id="layer3"marquee scrollDelay="1044" align="middle" border="0"a href="http://www.nikeairmaxsite.com/"nike air max sneakers/aa href="http://www.toplacoste.com/"Lacoste Outlet/aa href="http://www.nikedunksales.com/nikesbdunkhigh-c-7.html"nike dunk high/aa href="http://www.frchristianlouboutin.com/"christian louboutin sale/aa href="http://www.nikedunksales.com/"nike dunk/aa href="http://www.nikedunksales.com/nikesbdunkmid-c-13.html"nike dunk mid/aa href="http://www.frchristianlouboutin.com/christian-louboutin-shoes-c-5.html"christian louboutin shoes/aa href="http://www.lebronsky.com/kobebryant-c-21.html"kobe bryant shoes/aa href="http://www.airforce1fashion.com/air-force-1-premium-mid-c-239.html"air force one mid/aa href="http://www.frchristianlouboutin.com/"christian louboutin discount/aa href="http://www.lebronsky.com/kobebryantnikezoomkobev5-c-21_28.html"kobe v/a/marquee/div OK, now I see it. Very clever. It's injected code with no line formatting in it. An attempt at one long line that goes off the side of my screen. That's why I didn't notice it in the editor. I would say a third party put that in there. What's also curious, is it doesn't make a visual element on the web page. You can't see it. And there is also no code to record an "ad impression" (so they're not "billing" a third party for having it there). So the stuff that is there, I can't see anyone profiting directly from this. Not the person showing the ad, or the person who injected it. I couldn't find anything to click. It's supposed to be a marquee, but there isn't such an element at the bottom of the page. The only advantage doing that might have, is in influencing a search engine. To raise the priority of the links in question, so perhaps a search on "Nike" is more likely to reference those links. A kind of "salting" for SEO purposes, intended to raise the priority of the Chinese running shoe adverts, so they're more likely to float to the top in a search on Google. And you can see, the fact that I missed that (didn't see it off the side of my screen), the people who maintain that web page probably don't see it either. Since the marquee cannot be seen as a visual item on the rendered web page, it's pretty hard to detect it. I would guess the person doing the injecting, sees that the web page was "hand edited" and took advantage of that fact (knows it'll go off the side of the screen, so a person editing the HTML won't notice). The only way you'd detect that, is with something like TripWire on the server (you notice that the file checksums changed, even though you haven't edited the code recently). Since you can't click those links, it's not like you will be going to those sites by accident. Paul = Uncovering bad guys isn't easy! ;-) The full thread is he- https://social.technet.microsoft.com...m=winservergen Just thought I'd add my 'now published on line' email I wrote to Dustin Cook some years ago:- = To: Subject: A real apology after all! Date: Sun, 17 Jul 2011 13:33:45 -0400 From: Hi Dustin Seems this address does still function (and I've not been banned by AOL - what more proof could anyone wish for?!!) I can't remember all the things you told me some years ago, but I was left with the feeling that you had had a difficult upbringing and had lost your dad at an early age. Maybe I remember incorrectly, but I think you once also mentioned that you had once (more?) considered taking your own life. I cringed when I read Graham say something about you jumping off a cliff - he couldn't possibly known how poignant that must have been. The nasty posts being dragged up from the past must haunt you now and whoever is responsible for doing that should be shot. I have never tried to hide anything from anyone. I do not live in fear either and certainly don't respond to threats. Everything I have told you on-line about me is the truth - but I confess that I do twist and spin to try to draw out snippets of info. That is how I have built up my suspicions over the years. Peter Foldes lies, as you have seen for yourself. His buddies Robear Dyer and Jim Eshelman http://www.aumha.org/ have also lied - I appreciate that only *I* know that for certain! You've proved your skill beyond all doubt. Please do it again now. Prove to yourself that you can not pin down 'Peter Foldes'. You don't even need to tell me the result. If he's a good guy - great. If he's not - you will find out. You will remember a post about 'Don't mess with the old folk'. I'd quickly explored YouTube and grabbed the clip involving a car from a number of possible contenders. I had completely forgotten that your dad had been killed in a car accident - it was only when you commented so viciously that the horror of what I'd posted hit me - but by then, of course, it was too late. I apologise most sincerely for being so hurtful. It had been meant as a bit of fun, but it went badly wrong. I'm truly sorry, Dustin, and hope you will forgive me. With regard to that Google Street View fiasco ....... I had no intention whatsoever of causing you or your family any harm. Until Aardvark tried to explain to me face to face, I had no comprehension that I was in some way placing you in danger. Previously, quite a long time before, I'd posted a GSV of Dave Eagle's house and absolutely no one suggested that I should not have done so. I even took pictures from different angles so that we could see the tall radio mast he uses a 'Ham' and we chatted about the local youth that used the 'waste' ground behind his property for car races etc. So, even though you haven't asked for it, I DO apologise, as what I did was obviously a cause of anxiety for you. I am sorry, Dustin. Everybody needs somebody! I'll be happy to be your friend. David B. The thread above ...... https://social.technet.microsoft.com...m=winservergen ....... has been deleted. *WHY*? (FYI, MVPs told lies in the thread!) I did, though, retain a copy of one of my posts in that thread:- https://www.dropbox.com/s/au6zjy3pbj...PG%29.jpg?dl=0 Can YOU understand my concerns yet? -- "The important thing is not to stop questioning." - Albert Einstein |
Thread Tools | |
Display Modes | Rate This Thread |
|
|