BBV site back

Since the other thread was getting long, I feared it would get lost. The site is back, and I have changed all the passwords on all accounts to much *longer* ones than before.

Does anyone know the exploit he used and how I can patch it?

It seems that if he used a brute force attack the way to protect against those is to lock out the account after three tries for 15 minutes which pretty much does the trick.

Any suggestions?


David Allen
Publisher, CEO, Janitor
Plan Nine Publishing
1237 Elon Place
High Point, NC 27263
http://www.plan9.org

I PMed you and Bev about the email I got. Glad u are back.

but he looked to be talking about a package there.

His site Also was talking about other sites he was pissed off at, so if he used a brute force attach on all of them, his software could do three passwords... then go to next site on list and do this round robin until he get's lucky.

I wish you could lock out access to the admin section unless it comes from a specific IP.

As I said on the other thread I could write this off as an sk attack, but I have one nagging question. If it is just luck of the draw that BBV.com was picked, then why go to all the trouble to spoof the email as coming from plan9.org?

David Allen
Publisher, CEO, Janitor
Plan Nine Publishing
1237 Elon Place
High Point, NC 27263
http://www.plan9.org

and saw not reason for BBV to be there

I have wrote a password cracking program and I will give you a hint. Not only do you need long passwords, but SPECIAL characters. Like "~" if your operating system allows it or another one like it.

My crack used the letters a-z plus the numbers 0-9.

I've done that. But a lock out after three tries would stop this thing cold.

David Allen
Publisher, CEO, Janitor
Plan Nine Publishing
1237 Elon Place
High Point, NC 27263
http://www.plan9.org

Standard Unix does not time out after three (or xxx) tries, but there are packages that do a pause after xxxx tries.

Also a good cracker would re-cycle and get a new IP address from time to time. He would not want a static IP to do cracking.

I mean that I would love to set up the software to deny access to the admin module unless it was coming from my IP.

David Allen
Publisher, CEO, Janitor
Plan Nine Publishing
1237 Elon Place
High Point, NC 27263
http://www.plan9.org

it would be easy with a .htaccess file.

:hi:

peace

Haven't seen you in a while!!

Was beginning to worry.

David Allen
www.plan9.org

Diebold Voting Machines
We vote for you, so you don't have to!

if you are using Apache.

server they are running.

David Allen
www.plan9.org

Diebold Voting Machines
We vote for you, so you don't have to!

You just said you don't even know what OS the server is running?I have a few questions.

1.If you are looking into the security and vulnerabilitys of Diebold and admit that your server was hacked a few times then please show me why you are more qualified than John Hopkins or verifiedvoting on this issue?
2.Any system admins knows to keep backups offline(i assume you do yes?).
3.For protected folders there should be a .htaccess and a .htpasswd that is encrypted.That is standard operating procedure.
4.Why not get your own server or host it offshore where you have control over it assuming you know how to administer a unix based system and keep up with exploits and the latest patches from bugtraq or the various errata from just about all linux distros.Besides just about every flavor of *nix puts out alerts on bugs allmost right away.
5.Do you not use logs and programs like tripwire to detect intrusions.Not to mention MD checksums for all binarys on the system.
6.With money comming in from book sales and the selling of Clinton cigars i'm sure there is some left over to have your own server and have people that won't let members have their email addresses comprimised as well.

Hell just about any new unix/bsd system will force users to use not easy to crack passwords.So what is the problem?You admin the site but don't know if it uses NT or not?

Sorry but you guys are good at PR and really do a good job getting the word out but you lack real experts when they were offered like people that are experts in embedded systems and people that worked for DOD but were refused with a simple flip of the finger quote"we have our own experts thank you".

Flame me all you want but if you don't look at the points i brought up frankly you are just messing this up.One example is someone i know that wanted a notarized copy of the files and was told no and ignored and this is someone that knows court protocols and what would stand up in the court of law and has testified as an expert witness.

champion of the run-on sentence. maybe people would listen to you if you had proper grammar.

or didn't have an agenda.

I don't know you from a stray cat or a lamp post.If you have anything to say about the points i raised then just say it.If you are an IT professional i would be glad to hear your input.

Name the agenda since you think you know me.I'm sure others would like to know as well.

It does say alot though that you didn't address only single point i brought up.

but the thing is, i know everything i need to about you.

and i have a message for your cultish grand-poobah: we are not buying what you're selling.

have a nice day.

Good to know that know everything and have all the answers.Why not enlighten us instead of meaninless one liners.

I guess you found out about us selling pre stained blue dresses(we made a fortune off of that).So what you are saying is that you don't want to buy one of thoses dresses?Other than that i'm not interested in anything you wan't to say unless you have experience administering systems.

Oh and there is no grand poobah allthough we do wear water buffalo hats during all meetings at the lodge,ala Flinstones.

i am not interested in anything you want to say unless you show some meager command of the english language. or, more importantly, something other than feebly-worded denunciations, which appears to be your entire thirty some-odd post body of work here at DU.

i am not interested in anything you want to say unless you show some meager command of the english language. or, more importantly, something other than feebly-worded denunciations, which appears to be your entire thirty some-odd post body of work here at DU.

So if you are not interested then why keep responding,words are comming out yet you have nothing to say.If you have a hardon for my grammar or spelling have at it.Oh yes and your all important post count like that is a badge of honor.You are interested otherwise you would not be responding back.If your post count is so important just keep putting out things that don't say anything at all and are totally meaningless.So again are you or are you not some sort of expert in any field at all?Teaching english to school kids does not count.

If you haven't noticed everyone on the dem side wants this whole electronic voting issue resolved BEFORE late 2003.So far all you seem interested in is post counts and dissing other progressive forums.Tsk Tsk.

So come back when you have something of value to add instead of your precious post count.

well for one thing, you might notice that you're now responding to me, instead of continuing your baseless attacks on bev harris (which is the only reason you ever show up here). which means i must be doing something right.

i can search back into the archives and discover, among other things, that your grammar has gotten no better in the last few months. and your silly accusations against bev and her people have not become any more credible. perhaps you're about to tell us about the profiteering treachery of the 'clinton cigars' again?

i would go on about you and grandmaster 'bartcop' and your months of devoted slander, but it's been done before—and at some point i am reminded of the folly of 'casting your pearls before swine.'

smile for the camera.

I posted and you responded then i responded and you kept responding back.Ok i know this is hard for you to follow but everyone else can see it.

Now name one baseless attack just one ok?Sounds simple enough doesn't it?Just go through the archives and post all you want.The only thing you are doing right is correcting my spelling and kudos to you for that.Other than that you are just a fly on the wall that is looking for the next plate of food to throw up in.You know flies really do that if you look at them under a microscope,it's kind of gross knowing they do that.

Oh and anaka i do not know or even care if you really can address anything in my original post as you have shown allready(spill chk ths) that is all you are good for.

Also you may want to look up the definition of slander or libel and read it closely.Show me the devoted slander on my part,i'm an open book everything i said is documented.What you have said isn't worth paying attention to at all.Like i said before Bev is doing a good job bringing focus to the issue to people that have no clue what is going on.But you anaka have nothing to add at all,zilch nada.Now go and smile into your webcam because no one else is looking at you nor do they care not even the grand poobah who ever that may be.

Come and list any slander verbatim now or forever hold your peace.All talk and no substance is all i expect from you who ever you are.

This is not a dare just pointing out things that are factual can you come up with the goods instead of just yapping like a poodle?

Tell you what dig up anything or everything i have said just do it i'm sure alot of other people would like to know.Really you should and i will bring up documented things that were said also that is fair don't you think anaka anjika or whatever you call yourself.

Must be a hassle when you run out of Kool-Aid isn't it.

lookit all the paragraphs, ma!

seriously, given the rule that any repetition equals publicity, you can understand why i don't care to cut and paste your barely decipherable rantings. not to mention that doing so without a tremendous amount of editing for grammar and spelling would leave me feeling, you know, a little dirty. but when you're even now making your snide references to 'kool-aid' (which i find particularly offensive), how hard do i really have to work to accuse you of slander? which is not to imply that you're worth suing or anything.

now kindly run along back to wherever it is that people are willing to endure your insufferable little posts.

this is about getting the word out.

we all must come together to help get this message out that our vital vote is at risk.

no one can blame anyone for being suspicious during these days of massive fraud, lies and abuse.

the PR folks aren't supposed to know EVERYTHING and neither are the TECHIES we are supposed to work as a TEAM thats all.

let's all put away are bruised egos and get bussy pass'n the word ;->

:hi:

peace

Some people just don't get the part where that Roman guys says "We will all hang together, or we all hang separately”

There are reasons they choose to pick on what they perceive to be weaker or lesser people, and it isn’t because they think everybody should be exactly like them.

I can freely admit I am a blithering idiot sometimes, which does not mean that I will stop who or what I am, or choose to do, within reason.

If you let them shut you up, then they have won.

I have never known a CEO of any company, large or small, who knew any technical details beyond how to click a mouse. When I talk to clients they rarely have a clue and I have to talk down to them, but that doesn't mean they're stupid or careless.

from most of the Diebold passwords posted in the memos:
random, at least 13 characters; use punctuation, so the set of
potential characters is large (all ASCI chars).
A password 15 char long, where each char is out of a set
of 50 is pretty hard to crack brute force...
And, yes, locking after 3 attempts would work for
even for much shorter passwords.
-C

For both home and work. It's really the only way to know for sure if it's a good password.

http://www.transdig.com/products/pcp/pcp.cfm

Then I use this

http://www.schneier.com/passsafe.html

to store the passwords, so I only have to memorize my frequently used ones, plus a XX character legnth one that I used the above program to create the encrypted database.

You could do something like a passphrase, like "marry had a little lamb", but intentionally spell a word or two, or substitute numbers for letters, spaces are good, so "merry! had! a! 1itt13! l0mb$" would be acceptable. But real long cryptically generated random passwords are best.

And don't use the same password on different messageboards either, since the admins can get the real password pretty easily by several methods. Plus, if one is compromised, then all your stuff is vulnerable. Common sense really, but everyone slips up on this one for expediency. :)

... and second, your own logs to see if he showed up. Also, be sure to check your email. :evilgrin:

He's in it to prove himself better than anyone else.... But, mostly, he's a typical script kiddie.

Cheers.

http://www.spymodem.com/affiliates/out.php?affname=sh0k3
in case you want to press charges.

welcome back!

say that Joe Conason was asked about Diebold and voting and he responded that the media, congress etc, had to get onto this right away. He said that Salon.com was going to continue to cover this story and that he would as well. I thought this might be some good news on a very bad day for Bev and everyone involved in BBV.

The whole racket involving the companies, Secretaries of State, and machines needs to be investigated by special investigator, just like the White House leak needs to be.

Without that, we can't have free and fair elections.

They need a special investigator, because the problem has seeped into certain government official's territory. But didn't they eliminate the special prosecutor law shortly before Bush got into office?

Also, the Feds really don't want to get involved in state business (unless it suits their purposes). As I've mentioned, the money for HAVA has to be the key--gotta get a senator or congressman to get the GAO involved.

Cheers.

Joe knows who we are?

Where did he say this?


David Allen
www.plan9.org

Diebold Voting Machines
We vote for you, so you don't have to!

he didn't mention BBV by name but was asked about Diebold and he responded that he gets that same question EVERYWHERE he speaks. He reinforced how important it was to have a paper trail.

Edited to add: It might be worthwhile for you or Bev to contact him on this. He said he is going to be writing about this issue.

Cspan2 Booknotes will re-broadcast it at 9:00AM ET to,orrow morning. The questioner referred vaguely to a paper trail and Diebold, and Conason replied about Touchscreens generally as well as Diebold, and referred to a Salon's excellent coverage, which if I recall correctly was pretty completely based on Bev's work. He gets it.

"Paper TRAIL" has no explicit legal definition in this context

Make sure you use the right word PAPER BALLOT!

That is why I characterized the question as vague. Understanding that a "voter verified paper ballot" is necessary is key, but some on the periphery of the issue, like this particular questioner, are less clear. It also indicates, along with Conason's observation that the issue appears everywhere he goes, that the broad outlines are getting out there rather well.

Message removed by moderator. Click here to review the message board rules.

those links are dead. -C

:evilgrin: :thumbsup:

:kick:

:kick:

Message removed by moderator. Click here to review the message board rules.

Although this person is scum. You can't post their personal information on this board. Do you wan't get us in legal trouble?

to me to act on. <g>

David Allen
www.plan9.org

Diebold Voting Machines
We vote for you, so you don't have to!

He is in serious need of therapy. He is doing the computer equivilent of spraying a crowd with a machine gun.
Is he randomly going after websites or does he have a grudge against his victims?

... he's going after PHP-Nuke-based sites. He makes mention that his is the only one that can't be hijacked.

The PHP people know about his exploit and have been working on stopping it.

But, let's call it for what it is. He's left tracks, and I don't think it's going to take the FBI too long to find him. Given his spelling, I don't think he's smart enough to have been reading the changes in the Patriot Act regarding computer crime.... All of his various webhosting servers are known. If he's doing web sites for others remotely, there are going to be ftp logs--a few subpoenas will shake him out.

Lessee, one my favorite movie lines: "For any decent crime, there are fifty ways you can f**k up, and if you can think of twenty-five of `em, you're a genius.... And you ain't no genius."

Cheers.

Another scipt kiddy pinhead bites the ground...

I believe they are running Apache on this system. As much as I would like to have the server in-house at the moment, we don't have the money to do it, so i have to rely on a commercial ISP.

The attack appears to have been a brute force attack on the admin.php module. I am trying to see if I can put in two different counters:

1) A lock out after three failed tries to log in.

2) Blocking access to the admin.php module unless it is coming from my IP address.

I am trying to find out all the info about what versions are running.


David

Diebold AccuVote Ingredients

Taxpayer money.................$5000
Security Flaws....................328
Critical Security Flaws.........26
CEO commitments to
deliver election to GOP........1
Tamper-proof Paper ballots...0
Tamper-friendly digital
ballots................................At least 32MB
Your actual vote..................None of your business.

Then it has nothing to do with what OS you use.

Its still not a point to ignore, you either have a secure system or you don't. One little flaw somewhere can cause you major headaches. Not being in control of that puts you at risk. But money is an issue so you gotta do the best with what you have.

he wont have much control on the server, will he?

Want a secure system, maybe try obscure but well designed OSs like plan9. http://plan9.bell-labs.com/plan9dist/

But then again, you wont have much choice in terms of user applications.

It is always a trade off.

Couldn’t have to do anything with money, could it?

I posted some of what's below on another thread, but it had something to do with Nazi's so maybe others want to dismiss it because of that, I don't know. The problem I have is some say it linked with RENSE which gets bad credibility rating because of stories of Flying saucers on the site.

I am trying to link up the connections with I have got this stuff below so far, but need a some more sources for viability, maybe some one wants to help with the story? I figured I could post it here since their might be a few guru’s on this looking at this thread!!

I found this link to the reporter I heard speak on the radio Saturday, she seems to have done some homework too. I found it through that other link of votescam2002, lots of stuff there too (maybe it’s old news, I don’t know, I am no expert)

http://www.ecotalk.org/VotingSecurity.htm
THE SECRETIVE WORLD OF VOTING MACHINES
privatizing the vote - sabotaging the system - around the world
by Lynn Landes
Over the last 100 years Americans have slowly, but surely, surrendered our public voting process to private corporations and their voting machines... in violation of our constitutional right to fair, open, and observable elections. The price paid has been the legitimacy of our democracy. And countries around the world are following our lead. Today, two Republican dominated corporations, Election Systems and Software (ES&S) and Diebold Voting Systems, control about 80% of the electronic vote count in the U.S., while dozens of both foreign and domestic companies have jumped into the vote counting business. Our national security is at stake. Anyone can own and operate a company that counts Americans' votes - there are no restrictions. Meanwhile, the long history of election upsets due to voting machine "glitches", that overwhelmingly favor Republican candidates, continues to grow. Where is the outrage? Where's the concern? Where are the Democrats? Citizens have a constitutional right to a election process that is transparent and observable. The use of a voting machine prevents that. Voting machines are easy to rig and impossible to monitor. It's a Trojan Horse, a Pandora's Box, an accident waiting to happen... all rolled into one. Poll watchers have nothing to watch. Federal Observers have nothing to observe. And that makes the Voting Rights Act unenforceable. Congress has failed to safeguard our right to vote. Instead, they passed the Help America Vote Act (HAVA) that give billions of dollars to the states to purchase voting machines, while failing to require any mandatory safeguards or standards. Meanwhile, misguided voting rights groups are suing for the right to use the latest most sophisticated computerized voting equipment which are the easiest to rig by the fewest number of technicians. In the last several decades the rich have gotten richer and the poor poorer. This is not a formula for a conservative groundswell. Yet, both conservative Democrats and Republicans have long enjoyed success at the polls. Have elections in America been rigged to shift power to right wing candidates from both parties, despite the public's support of left-wing causes such as universal health care, quality public education, a clean environment, and a living wage? In the secretive world of voting machines... anything is possible.
WHAT TO DO? There are two things I can recommend: 1) advocate for a return to only a paper ballot and local hand-count, see Canada's excellent voting system, and 2) file suit in federal court against the Department of Justice for failing to enforce the Voting Rights Act, see Constitutional & Legal Issues.

Also see:
Landes voting articles
News from other reporters
Links to voting experts
For a good summary, even though it's somewhat dated, read Pandora's Black Box (1996) by Philip M. O’Halloran of Relevance

For more detailed information: notes, links, etc. These webpages are frequently updated.

• Overview
• Constitutional & Legal Issues (this is the most important aspect of voting)
• Ownership & Organization Information / global promotion of voting technology
• Technical Reports - 'voluntary' technical standards, no government oversight, etc. / includes list of Voting Machine Errors
• Voter News Service (VNS) - polling
(snip)

http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=102&topic_id=161235
Bush-Nazi Link Confirmed (J. Buchanan/New Hampshire Gazette)
(snip)
The vanquished are often footnotes



How are they all connected, somebody asks. Follow the money. Here is a nice long one that connects a lot of them also. A new name to add to my list for people to look for is the "Rothschilds"


(snip)
1895 - Rothschilds begin to finance American business. They do so primarily
through the Warburgs of Germany who were partners of Kuhn, Loeb and Company
of New York. Both Warburgs and Kuhn/Loeb would be principals of Federal
Reserve Board. Rothschilds would finance Rockefeller's Standard Oil,
Carnegie Steel, and the Harriman Railroad system.



1896 - McKinley elected president. Marcus Alonzo Hannah from Standard Oil
of Ohio raised 16 Million dollars for campaign, otherwise unheard of until
1960's.

(snip)

(snip)
1922 - Benito Mussolini takes power in Italy, furthers Fascism. Pope Pius
XI takes over. Tries more middle of the road approach to dealing with
Soviet Union, but hopes for collapse of revolution so Vatican can regain
power in Eastern Europe. Federal Narcotics Control Board formed. Military
intelligence targets organizations like the International Workers, (IWW),
World War Veterans, Communist Party, American Federation of Labor, and
others for anti-subversion surveillance and action. Efforts are possibly
influenced by the National Association of Manufacturers, a known fascist
anti-labor organization. W. Avrell Harriman of the firm W.A. Harriman & Co.
meets with Fritz Thyssen, German industrialist to discuss setting up a bank
for Thyssen in America. By Personal agreement between Harriman and Thyssen,
the plan for Union Banking Corp. Was agreed to. Sometime before 1924 a
Thyssen representative, H.J. Kouwehnoven came to the United States for
talks with Harriman. By 1924, Union Banking was a quiet part of W.A.
Harriman & Co., who would be joint owner and manager of Thyssen's banking
business outside of Germany.
(snip)

http://www.indymedia.org/front.php3?article_id=341305&group=webcast
(snip)
. ARNOLD, BUFFET AND THE ROTHSCHILDS IN A SECRET MEETING IN 2002 IN ENGLAND!

XI. ARNOLD'S CAMPAIGN DECIDED IN THE AMERICAN FASHION--ENTIRELY IN SECRET, AT BOHEMIAN GROVE.

XII. DEMOCRATS AND REPUBLICANS IN CONGRESS BOTH WANT TO REMOVE CONSTITUTIONAL LIMITATIONS ON THE FOREIGN BORN FOR THE PRESIDENCY--SETTING UP UNREPENTANT NAZI ARNOLD FOR THE NEXT G.H.W. BUSH PRESIDENCY
(snip)

I listened to another story on the radio Saturday morning on how the ROTHSCHILDS own voting machine manufactures in europe and have also have a lot of money into the few others. Also a few stories about how Arnold boasted about he was going to be the governor of California way before it ever got put in the mill and such. These are just rumors but it would fit the MO of Arnold and the ROTHSCHILDS are real people.

Does anyone have any stuff on ROTHSCHILDS and voting machines?

(snip)
(snip)
And from Tulsa is where I think they picked up the embryo of Enron



I thought I heard something about where some of the double dealers picked up their tactics with natural gas and trading with some natural gas pipeline company

Anyway to answer another question I had I found this stuff

http://www.rense.com/general31/roth.htm
(snip)
Rense.com



Rothschilds Famliy Part Owner
Largest Voting Machine Company
Posted at SF Indymedia.org
11-11-2
The Rothschilds are part owners of voting machines.

These infamous international private bankers are only by chance involved in this?
Just like they were by chance involved in Enron?

http://www.talion.com/voting-machines.html

Charter Oak Partners, an affiliate of Rothschild Realty Inc., which is an affiliate of Rothschild, Inc.

Rothschilds Inc is the same as The Rothschild family bank

Take a look at this court document -
http://www.state.vt.us/psd/6107/6107wlr.pdf

Here is the qoute:

Q. What is your occupation?

A. I am a Senior Managing Director at Rothschild Inc., the United States affiliate of the 200 year old worldwide Rothschild Group.


Want to know more about the Rothschilds?
See their website http://www.nmrothschild.com

About Election Systems & Software
Frequently Asked Questions (FAQ)

ES&S

Q: What does ES&S do?

A: Election Systems & Software, Inc. (ES&S) is the world's largest election management company. Headquartered in Omaha, Nebraska with over 400 employees located in eight regional U.S. offices and agents on five continents, ES&S has supported more than 40,000 elections worldwide for over 30 years. In the 2000 U.S. elections alone, ES&S systems counted over 100 million ballots. ES&S' hardware and software solutions support the entire election process to include voter registration, ballot production, voting, vote tabulation, and results reporting.

Electronic Ballot, Direct Recording Electronic (DRE) Voting Systems - The iVotronic, Votronic® and V-2000 are decentralized touch screen / touch-panel voting systems that count and tabulate electronic ballots at the polling place, as votes are cast.

-------------------------------------------------------------------

They were also behind the whole Enron debacle.
Now they will be in charge of the software that runs the voting machines.
The other owners have similar NWO backgrounds as well.

Some related article links -

How will we survive without Lord Fixit?
http://www.guardian.co.uk/Print/...36,00.html
(snip)

Here is a nice little link with a thousand more attached to it.
http://www.whatreallyhappened.com/votefraud.html
(snip)
ELECTION FRAUD 2002
It's all here, too much to read in one day. I suggest you get a cup of coffee and start out by reading Votescam. Votescam lays out the blueprint that everything else is essentially built apon. Save for future reference and send out to everyone!

"The concept is clear, simple, and it works. Computerized voting gives the power of selection, without fear of discovery, to whomever controls the computer," - James & Kenneth Collier, authors of VoteScam (1992)
"There are no documented cases of electronic vote-rigging occurring anywhere in the country, but only because it's nearly impossible to prove."
"Hand counting is the gold standard against which we check machine counting efficiency." - James Baker
"Those who cast the votes decide nothing, those who count the votes decide everything."
- Joseph Stalin
"I think it is safe to say at this point that the election of 2002 lacks any credibility at this point. Too many "mistakes", too many malfunctions, too many missing documents, too many dirty tricks, all combine to destroy the illusion that the results to be announced have any basis other than in wishful thinking by those in control of the vote counting process. Certainly the sudden abandonment of the VNS exit polls suggests that the actual polling results are so far out of alignment with the desired results that the media predictions had to be shut down."
(snip)