Become a fan of Slashdot on Facebook


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
The Internet

Forbes Takes on AntiOnline 92

infojack writes to us with the the word that Forbes is running a story on AntiOnline. It's a op-ed piece by Adam Penenberg, talking about the creds of John Vranesevich and some of the PacketStorm flap. What I found most interesting was the outright recognition of how the media operates with "experts", and reporters use of the same people over and over.
This discussion has been archived. No new comments can be posted.

Forbes Takes on AntiOnline

Comments Filter:
  • by Anonymous Coward
    ...but the "white hats" generally WANT the press...

    Not necessarily, there a lot of white hats that don't wish to attract corporate attention to themselves because the Companies they work for have security departments who thiink being called a hacker is grounds for termination! Also they tend to be tired of the script kiddies demanding that they give them information (don't kill them cause they won't learn nothing ;-). And lastly they're tired of new guns trying to make a name for themselves by attacking the old guns.

  • by Anonymous Coward
    1) He had no bail hearing, because at a very biased prelim where the FBI lied to the judge about what a dangerous person he was, the judge told Mitnick's lawyer that he wasn't giving Mitnick bail so don't bother with the hearing. The right to consideration of bail is GUARANTEED in the CONSTITUTION. Thus, this was a clear violation of Mitnick's rights. .

    2) The only reasons Mitnick's attorney had to ask for the dates to be pushed back is that the prosecutors and FBI kept doing underhanded things to keep Mitnick on the edge and surprise his lawyers. Like when the FBI swore that the damage Mitnick caused was in the hundred million dollar range (which was the cost of development of the software he copied, not the damage done, since he left all that he found as-is and just copied a few things).

    3) The prosecutor coerced Mitnick into signing several documents, such as agreeing that the damage he caused was in excess of 10 million dollars, at the threat of being put in the worst part of a maximum security prison for the rest of the several years he was awaiting adjudication.

    4) While talking to his lawyer on a phone in max security prison about his mistreatment, a murderer who was impatient about using the phone himself kicked the shit out of Kevin, causing half of his face to be permanently paralyzed.

    No one deserves this. The government fucked him over real thoroughly, trampling all his rights. This is a major government screwup, a Ruby Ridge type screwup, a Waco type screwup. The government doesn't care about the rights of the (perhaps unfairly) accused anymore. But Kevin was punished without so much as a fair hearing, much less a trial. He deserves better than your ignorant bitching. FOAD.
  • The times I've visited AntiOnline (and that not often, but still), it has struck me as being much more of an information clearing house than a source for original content, which Forbes seems to be insinuating. Visiting today, it really still is.

    Except that Vranesevich positions himself and his website as a site for original data and info. If you, who by the content of your comment, aren't familiar with antionline see if as a clearinghouse rather than a collection of original and uniquely developed bits of data, that doesn't say much for JP's ability as a "Security expert" or the usefulness of his website, now does it?

    Any attack on AntiOnline should be made regarding AntiOnline's quality of reporting. Has AntiOnline (rather than Vranesevich) been incorrect? Has it disseminated false information? Have the scoops, such that they are, been important?

    Vranesevich is antionline. And if you can believe the things about JP and antionline that have been documented on, the answers to those questions are emphatic yes, yes, and only important in that JP and antionline's so-called scoops seem to have been generated originally by JP and antionline for the benefit of JP and antionline seeming to get a "scoop."

    Instead, Forbes has taken the easy way out: slam AntiOnline by insisting that Vranesevich has insufficient "street cred" and that he's litigious.

    Among "those on the street who know" JP and antionline have no street cred already. Forbes isn't saying anything new, and he is litigious -- witness his attacks on and Packetstorm for trying to portray him in a less-than-flattering-but-more-accurate light than he does himself on his own site.

    My opinion is that there is not much that can be said about JP and antionline that is too harsh.
  • I certainly laughed at some of the stuff I saw in that article, but if you replace some of the occurrences of the word "hacker" with, say, "script kiddie" or "packet kiddie," things actually aren't so far from the truth.

    Most "hackers" the media tries to report on really are nothing but adolescent/high school/college dropout types that pick up a few tips over IRC. Most of them can't code, and DO have exceptional difficulty getting their latest exploit of the week to compile on various operating systems. I'll occasionally see people like this on IRC asking each other how they get rid of really trivial compile errors.

    Like you, I disagree totally with the generalizations you mention, though most of your "respected" members of the "hacker" and security industry do happen to have degrees, Real Jobs, that sort of thing, but that hardly means people that *have* dropped out or haven't pursued formal education are "bad" or stupid in the least.
  • by marcus ( 1916 )
    > ...he'll get even shriller and more annoying.

    "Even shriller" ?!?!? That hurts my eyes! ;-)

  • Knight-Ridder is the owner of my newspaper's major competition. Thankfully for us, since they took over the management, the content has suffered that even a small-market, large-geographic range newspaper like the one I work for can look good beside it.

    My newspaper is owned by a corporation that owns a grand total of 8 newspapers in Kansas. The Inquirer's a good paper; you guys get the Pulitzers (perhaps because editors set up the release of great stories to concide with awards time.) My paper hasn't won a Pulitzer in 30 years.

    And you probably get paid a lot more than I do. But I hope someone at your paper has a different attitude about news. We always give ample opportunity and space to question experts.

  • ...which is to refer to themselves by aliases. Those guys have never been quoted using their "real" names, even when they testified before Congress.

    If they're not willing to meet me halfway (and given that their road is a lot tougher travel than mine) I wouldn't want to talk to them anyway. It'd take too long, and I'd have to pry like a mofo, making them uncomfortable and the rest of the story weaker.

    That's another tradeoff that reporters have to make. I sympathize with the intelligent hackers who are making a difference, but I can only coddle them so much.

    They're the ones who have to bear the cross of working in an in-bred industry, run by the robber barons of our age. My job is to comfort the afflicted and afflict the comfortable, but I can only do so much of both.

    The really big story would be about hackers breaking free of this foolishness and being up front and honest about who they are and what they do. But no one could write about it until it happens.

  • As a newspaper reporter for a small daily, comments like this that refer to "the media" as this lumbering homogenous mass of information dissemination make me ill. Clearly some "media literacy" is called for.

    Further, why should most agents of "the media" even CARE about JP or Antionline? The only reason anyone cares about The Drudge Report is because he had some juicy tidbits about a certain White House attorney before anyone else (though it took a Newsweek reporter several weeks of hard-nose dredging to get some credible sources.)

    What does JP have? A lot of libelous crap that no otherwise informed person would believe, sprinkled with obvious facts you can get anywhere.

    As another poster rightly put it, JP can be called a "journalist" inasmuch as Rush Limbaugh can appear on "Meet the Press" (and he has.)

    The term has become about as maligned as "hacker." While many hackers can't be expected to care about such malignment, I can understand. Journalists don't generally care about you either. :o>

    And as the header to this story pointed out, Forbes did not "report" on JP, an editor wrote an OPINION piece showcasing a few provable facts. It even begins with "It's a sad fact."

    Real reporters don't start their stories like that. Real reporters tell you what they've been able to find out, and let YOU decide if it's "sad."

  • Is there a site keeping track of everyone who has been threatened with a suit? Now that people are finally recognizing what was going on, it might be informative to see how many threats were really issued.

    Perhaps people would even be willing to post copies there.

  • I beg to differ, they never checked his reputation. It appears that they just assumed he had a good one since he was being quoted elsewhere.
  • Want pics of CPM 'leaving' defcon? cpm_booted1.jpg cpm_booted2.jpg cpm_booted3.jpg cpm_booted4.jpg cpm_booted5.jpg
  • Want pics of CPM 'leaving' defcon?


  • And nobody took pics when he was "ejected" from defcon ??

    Why pay for drugs when you can get Linux for free ?
  • I'm sure he will just ignore it. its not like it was a secret before.. and his *cough* lemmings *cough* followers are oblivious to his stupidity no matter how loud its yelled at them.
  • ********************
    Joe: How can I learn to suck cock as well as JP?

    Bub: I don't think anyone can learn to suck cock as well as jp.

    There you have it. =)

    He probably purports this to be AI, or some other advanced juju.

  • >>Please don't take quotes out of context. I'm including a little more of the original post for comparison:

    I understand that what I quoted was a part of a larger statement, BUT it was the only part that was relevant to the issue that I was raising.

    >>Of course, I happen to believe that Steve Forbes' politics are based on a sick cult of personality that follows extremely wealthy people around in a nation which values free market economics above all else.

    This exactly what I mean. This is just as inane as when people on the right (the same side I'm on) criticize the president's policies because of his personal flaws (he has many) instead of pointing out the flaws in his decisions. It's not fair, it's not right and in the end it only makes you look worst than the one who ou are slamming.

  • >>Steve Forbes is a trust-funded, socially conservative wingnut

    Wingnut? Why because he thinks that we know better how to spend our money than the federal government does?

    Since when is it a sin to have a rich father? His merits as a businessman are what matter, he has shown that he has the ability to make money.

    I too have problems with him, but if you must attack him (or anyone else) please base those attacks on reality and real issues. Please elevate it to more than "I don't believe what he believes so he's an asshole".

  • I'll probally be moderated for this, but neither of those posts deserved those ratings. Maybe i'll get lucky and the meta-moderation page will give me these posts.
  • Look how dumb this is:

    (this link is referenced by a broken pi icon from
    the main page)

    Uh, connection attempts are like logged by syslogd, you dont need to trick someone in to thinking you logged it, you really did CM!
  • Better yet, see if you can get hold of one of CM's "happy hacker documents" You will laugh then shake your head as she tries to explain DNS, TCP/IP etc...Its full of incorrect statements and off-the wall ideas. Very sad that alot of people actually take her writings as truth. I like the part where she is probing a machine and attempts to hide the domain by hashing it out with XXX's but then 1 page later hashes out the other half fully revealing the hostname and OS version..

  • Please don't take quotes out of context. I'm including a little more of the original post for comparison:
    Instead, Forbes [magazine] has taken the easy way out: slam AntiOnline by insisting that Vranesevich has insufficient "street cred" and that he's litigious.
    No doubt Forbes would shy away from the same argument, applied to themselves: since Steve Forbes is a trust-funded, socially conservative wingnut, Forbes Magazine is obviously a rag.

    The author was suggesting that trying to discredit a publication by making personal attacks on the author is inappropriate. The "wingnut" example was used to underscore the hypocracy of that position.

    Of course, I happen to believe that Steve Forbes' politics are based on a sick cult of personality that follows extremely wealthy people around in a nation which values free market economics above all else. But those are just political views, and they aren't relevant to the issue of the quality of his magazine. Which was exactly Twit's point.

  • Well, it seems like there's a bit of a backlash, given the declaration over at, and the resurrection of packetstorm. However, if it's JP that's the target, can someone also take down Carolyn Meanie?
    Goodbye antionline, if you weren't so self opinionated, you might have been useful to the community as a whole, not an asshole.
  • IIRC, she abused the press pass (read: didn't get a valid one yet attended press meetings and such at DC7), was warned twice and bodily removed on the third. There are many pictures linked from [].
  • it's me, and i typed un my username:pass, and it showed up in the preview, but not in the post!! Who knows why? Damn perl jockeys!!
  • those who really know what's going on, probably don't have the time/desire to talk with the media to make sure they know whats accurate. Those who have the skill to do nothing else but talk with the media about any/everything are labeled as "leading analysts" and get quoted all the time. It's like when the OJ trial became this big media event, lawyers with some skill made money lay\wyering, and those without skill, made money as "legal experts" analyzing every detail of the trial. Their motto is : If you can't do it, talk about it.
  • More precisely, you can find a picture here []. You change the 1 in the url with a number from 2 to 5 if you want to see more pics, because I'm too lazy to put up five links here.

  • I'm not sure, but I think I remember reading somewhere in a DefCon report that, prior to getting booted, she walked around for a while with an "0wn3d" (sp. ? - I'm no good at elite spelling) sign taped to her back by some guy.

  • I guess this just goes to show that everyone, especially the media, can't trust someone just because of reputation.


    -Sendmail for NT. A bad solution for a deeper problem.
  • A good friend of mine, Swift Griggs, was one of the guys that had Carolyn Meinel booted from DefCon. What was funny was when I asked him to attend AMLC '99-when he showed up he saw her immediately and went over and started arguing with her. Someone came and grabbed me to go break it up-Swift was cool about it, and while we were walking off I asked him if she started messing with him-he just said "No, I just walked in and started f$*king with her". The main argument, as far as I can tell, was over the CTF event at DefCon-not neccessarily the event itself, but an article that she had posted on antionline about it. In my opinion, the girl is missing some screws.
  • by Coda ( 22101 )
    You know, all this time I've been waiting for a clear, level-headed article on AntiOnline. The "media" has relied on him far too long, and it doesn't take a genius to see that he's full of shit.

    I *hope* this is the first step of the downfall of AntiOnline. It probably won't be, since evil organizations tend to bounce back like herpes, but you gotta hope...

    It will be interesting to see JP's reaction to this article. Does he sue? Does he cry? Does he pack his bags? Does he ignore it?

    As other people have said, for a biased but informative account of JP's hijinks, go to
  • Here's some rather bad photos I found of CM getting 86'd at DefCon 7.


    pic1 []
    pic2 []
    pic3 []
    pic4 []
    pic5 []

    There are from []
  • I'm not sure, but I think I remember reading somewhere in a DefCon report that, prior to getting booted, she walked around for a while with an "0wn3d" (sp. ? - I'm no good at elite spelling) sign taped to her back by some guy.

    Actually, that's been done every year since defcon V (We've made it a tradition). First, it was "Thanks Carolyn for Monitor Port Hacking. -SysFail" (See her happy hacker series for what "Monitor Port Hacking" is), DC VI was a simple sticker we made from duct tape (It really does hold the universe together) but I forget what we wrote, and then this year we had vinyl stickers that sayed "0wn3d" that we stuck to her. Yes, it was the same group of us each year, and every year we take credit for the previous year's and she still doesn't remember us. She really must be smoking crack. Anyway, coincidentally, it was a friend of mine who was interviewing her about "winning" the capture the flag contest (By cheating, no less) when she was kicked out.

    It started when, just as the contest was ending, someone challenged her box on the rules. She had a Redhat box up with what she called enhancements. The compiler was broken, libraries were screwed up (You couldn't even run "w"), and what made her box illegal was the fact you couldn't do any remote maintence on the box. No ssh or even telnet. She wasn't kicked out because her box wasn't compliant, she got kicked out because the guy who complained about her box got rather loud, and they started arguing, and both got kicked out. Although they were just looking for a reason to get rid of Carolyn, I'm sure.
  • It's refreshing to see some truth in reporting.

    I can only applaud Adam Penenburg because words have failed me. For once someone has had the guts, in a big media publication, to tell the truth about "JP"; he's not what he claims, he's a poser, a fake, and an unreliable source. He is shunned by the real 'hacking'/'cracking' (whichever you prefer) communities. has documents which, at length, detail his many falsifications, lies, abuses, and other attacks. Proof of his paying people to fabricate his 'scoops.' Proof of his gross abuses of venture capital and other funding. I'm certain something he's doing is illegal, it's only a question of when somebody can afford a lawyer and the time to take him on in court before he is exposed for the fraud that he is.

    I truly hope John reads this. I hope he threatens lawsuits and the whole deal. Because then he'll have given slashdot a scoop of their own, and just be exposing himself for the vindictive little child that he is.

    -RISCy Business | Rabid unix guy, networking guru
  • Though it has taken some time, finally the mainstream media has noticed that JP has done nothing but spout FUD and innuendo. Now that someone has taken has taken notice of the lapses in JP's "elite skills", maybe the truth about him will finally come to light.

  • While it is true the people over at attrition don't exactly care for CM, it is hard to find anything in their evidence against her to be wrong (I looked into everything that they have posted and haven't found anything yet.). Cult Hero and crew would be severely embarrassed if they had put up false information since that is their greatest complaint against CM & JP. They, unlike the two, are more than happy to change anything that anyone finds wrong with their site and thank the people who help correct them. EK
  • I definately agree. Working for a news (I don't report it, I just make sure they can.) organization myself I get to see the process that a story goes through all of the time. If a reporter can only get a hold of a single source then that is what they normally go with. When you have the editor breathing down your neck screaming for your story and threatening your job, you tend to get at least something out the door. If it is wrong, that is what they invented retractions for. I will admit that I would much rather see the story go out right the first time, but the underground scene isn't the easiest to break into. It is harder when you say you are a reporter. It tends to scare people away. The folks over at HackerNewsNetwork [www.hacker...mtargetnew] and Net-Security.Org [] are doing a great job working from the inside out and have been doing their best to inform the media as a whole. They are acting as a go between for the media and the people that the media want to talk to. That way the "hacker" doesn't have to reveal themselves directly, but can still get their story out.
  • Carolyn Meinel, a woman who *thinks* she knows a lot about network security, etc., but has consistently revealed herself to be a complete and utter fraud. Her "happy hacker" series contains mainly information that is for droolers, basically. The people at attrition [] *hate* her, and after reading her happy hacker garbage, I do, too. Reading her stuff is good for a laugh, but a textbook on security it does not make. If you go to, you can read some excerpts from some email exchanges between her and people from attrition, and she truly reveals herself to be a complete charlatan.
  • I confess...I once was subscribed to the HH digest, coincidentally during the period when everybody was flaming Jericho, led by Meinal herself. At the time it was made out that Jericho was some evil rotten person. I'm glad I dumped HH before I got brainwashed.
  • Good to see somebody in the media who is rather cluefull and is getting the story straight.
  • A while ago I used to really enjoy reading antionline when JP was still running it all out of his parents house, but they he started getting petty and vindictive so I just stopped going to the site. Does anyone know, Does he still live at home?
  • Basically the title says it all. I think that what hes doing is providing a disservice to our community; living and breathing on peoples fear of "hackers" so to speak. The truth is that most hackers would not waste their time with the media. Secondly the media would be bored with what a hacker had to say if it wasn't something about a bank being broken into or system security being exploited at a major fortune 500 company.

    I think that what needs to be done is for him to be simply shown as the fraud he is everywhere possible. I'd truly like to see him sue anyone. I visited for the first time a couple months ago. I see nothing; its not the source of anything and I don't see what you guys find interesting about it. All the information that he provides is available publicly and his archive of stuff is simply an archive of files around. Hes no expert, and hes talking at conferences which pisses me off. Real security experts have a hard time building their credentials and studying systems for years. Patches, fixes etc. It truly saddens me to see something like this. I will make it a point to check his credentials and inform you of what I find out. Thanks for listening
  • by joq ( 63625 )
    Well it may not be new news but its nice to see someone "publicly reputable" take on JP and his ill-literate crew of halfwits.

    JP was a little script kiddie who got booted from college for Denials of Service. A sellout who pimped AOL cluebies into believing he had knowledge. Most of his articles are full of slander and are twisted enough to make a pretzel jealous with envy.

    As for his staff, well Brad of AntiOnline has taken interest in harrasment for my site which is rather funny since he claims he's going to sue me then beat me...
    Then again someone at MicroSoft threatened us with the same thing for What a joke

    Someone needs to spank that little hick named JP and give him the parental attention he's looking for.

    AntiOffline []

    MacroShaft []
  • There is an interesting press release [] on the AntiOnline site about a lecture JP is giving on how to be a "digital detective".

    "There's a reason why malicious hackers around the world hate Vranesevich, now here's your chance to learn how to make them hate you too."

    Sounds like fun. More details about his workshop can be found here [].

    The whole affair sounds as useful as Dr. Nick Riviera from The Simpsons lecturing would-be physicians.

  • If I remember correctly, this isn't the first time JP's been called out. Both he and CPM have slowly been making names for themselves as lameasses in the field.

    Anyone looking for a background to JP, CPM, and AntiOnline in general should check out Attrition.Org. Look under FIN - there is the remenents of Jericho's documentation regarding liabal and erratta coming from these people. At the very least, it's an amusing read.
  • I have to agree with your posting. I used to read some of the articles and letter jp posted on antionline, and i thought they were horrible. He has made antionline into the JP show. I hardly ever skim over their site now, (when its not down). The site would be alot better if he didnt try to push his opinions on everything.
  • Carolyn P. Meinel, the administrator of the Happy Hacker network, is a liar. She spread rumors about many friends of mine and got me K-Lined from an IRC server. You can read some of the evidence against her at Schematic.Org []. As many know, she was also forcibly removed from last year's DefCon Hacker's Convention. AntiOnline, rot in hell.
  • Forbes would be doing everyone a service by publicly discrediting Meinel as well. A quick glance at shows more of the problems Meinel seems to have in getting facts straight. Meinel writes how the "Loan Rangers" [sic] have hacked numerous sites (Nasdaq, CSPAN, etc.), completely missing that the group is "United Lone Gunmen". Don't know how she could mess that up as ULG do not seem to be too shy about publicizing their name. -saramago
  • arrgh...
    you're right!

  • I have followed this Freaking Circus from the start. and all i can say is that it seems to me that for one you have a 50 + plus wannabe claiming to be "the happy hacker" funny i read some of attritions excerpts then went to the book store and looked them up and they were for real!! not quoting going from memory there was one that made me just roll something like to change router tables use the dos router command (Riiight smoke another rock). well that says it all to me.. that is basic information that anyone ever touching a network would know.. the "box fang" at defcon. another joke. CM didnt even set up the machine it was one of the administrators that host the "hacker wargames" again if she knew what she was doing why have someone else do it. she jumped on the anti online bandwagon becuase that was the only port in her storm of bashings safety in numbers. she has said her self that hackers hate her. well I have news for her. the Security community CAN'T STAND HER! she is a fake and a fraud using other peoples work and claiming it her own. as for AntiOnline all i can say is they only thing that i can see of any worth is his news guy he gets some good stories but again 90% are from other sites. there are a lot of good security resources out there. each one beneficial in its own way. but the happy hacker is a waste of time and bunch of worthless ramblings from a wanabe that lacks the drive and dedication of a true professioanl to learn what she writes before she writes it. and Boo to SA for even considering her as a reputable source. I bet half the 10 year olds on the net have more knowledge then she does. peace

  • The following mail was posted to the PSS Support mail list created back when Ken first ran into problems. It is interesting to note that JP mailed this to PSS, and *apparently* not to Forbes. I was also told by fairly reliable sources that Carolyn Meinel called Adam Penenberg and threatened to "ruin his career" over the last piece. Anyway, this was sent anonymously to many people, including the PSS list, myself, and at least one /. regular. The hypocrisy in this mail is unbelievable.



    When Kroll-O'Gara acquired PacketStorm, it was my belief,and hope, that they would manage it in a professional, and corporate manner.

    Now, low and behold, I visit the site today, only to find the type of slanderous remarks that one would expect from a site run by a young teenage hacker, not be a large corporation.

    Packet Storm.
    The World's Largest Internet Security Resource.

    Check out this excellent article by Penenburg
    in Forbes Magazine on the real story behind JP,
    AntiOnline and PSS. Also read the thread

    Just so that I have the record straight in my own mind, is it going to be Kroll-O'Gara's intention to attempt to defame myself or my company in the months to come? Because if it is, I would like to know in advance, so I have the opportunity to
    prepare myself.

    I hope that the current administration of PacketStorm will behave in a more mature manner in the future, and not in one which appears to be designed to cause conflict between our two

    Yours In CyberSpace,

    John Vranesevich
    Founder, AntiOnline
  • >4) While talking to his lawyer on a phone in max >security prison about his mistreatment, a >murderer who was impatient about using the phone >himself kicked the shit out of Kevin, causing >half of his face to be permanently paralyzed. I think you are confusing Bernie S with Mitnick. Kevin received no such beating while in the LA MDC. As for the original comments, many of the delays were requested by Don Randolph (Mitnick's lawyer) as a result of the prosecution witholding evidence from them. Brian
  • The writing has been on the wall about GayPee for a very time within the hacker Culture. Thats old news here...The only ones that does'nt get it... at least until the main stream media. And I say "Main Stream Media" not "Underground Media"...Main Stream media is just starting to learn where to look for the truth. It's been a trail & error thing for them because they have always been on the "Outside Looking In".
  • Posted by Mike@ABC:

    I read HNN every day. Wouldn't miss it for the world.
  • He wasn't ejected from defcon. Hell, he wasn't even *at* defcon this year. However, Carolyn did end up getting booted out of defcon, and there are certainly pictures. Maybe even some involving the back of my head, considering I was sitting right up at the closest table when it happened.
  • " according to Koch, called the Bombay Atomic Research Center the
    "B'Hadvah Atomic Research Center." When Koch corrected him, JP
    admitted it must have been India."

    Actually, it's called the Bhabha Atomic Research Centre. (after Homi Bhabha, nuclear physicist).
    So phonetically JP was closer to the mark than Koch, though
    of course he got the country wrong.
  • Where is the line where someone becomes a public figure? From the sounds of it JP is trying to get all the press attention he can as long as it's good. Sounds to me like he's a public figure then. Shouldn't he be unable to sue, just like politicians and Hollywood figures who have to deal with tabloids, since that's the price you pay for being in the public spotlight?


  • I can understand how difficult it is to find experts if you're not familiar with the field, especially in hacking. However, I think it is safer not to purport someone as an 'expert' if you're really not sure. The motivation of the press in this case is clearly to make an attractive story first, and to worry about the accuracy second (if possible).

    While the press may not know who the experts are, I think some application of common sense and experience can derive the truth for the most part. The press cerrtainly could have done a better job investigating JPs credentials. His story simply doesn't compute. Futhermore, if you talk to virtually any sysadmin or ex-hacker(whitehat) familiar with the art that is worth his salt, they'll tell you JP is a joke.

    I, for one, happen to have known JP since his early days on undernet (IRC) in #cha0s and #hack*. About two years ago I spoke with Javes Glave of wired magazine on IRC, I gave the run down (my opinion) on both Analyzer (the stupid israeli hacker) and JP. Whie I can't argue that he lied per se, he should have known better. He published JP as if it were the gospel, and published only snippets of my comments which served to give his story a little spice.

    JP has nothing in the way of technical skills, any examination of will reveal this. At most one could argue that he is 'connected' to the hacker scene. In reality, JP is just a media conduit for the latest script kiddy who _wishes_ a little media play. The problem is that JP doesn't just relay; he distorts everything in a self-serving fashion.
  • Bub:

    Hey kw, I am Bub.

    Feel free to ask me anything related to computer security, privacy, information warfare, or hackers. I'll do my best to answer your questions.

    Please keep in mind that I am learning new things about security all the time, so check back often. If you think your company may be interested in helping teach me, see our affiliates page. Or, if you'd like to add me to your website, visit this page.


    Is John Vranesevich a security expert?


    John Vranesevich is the founder and General Partner of AntiOnline.

    He left the University of Pittsburgh after his freshman year to devote his full energies to AntiOnline. He considers himself an "information security enthusiast" who likes to help educate others about the importance of security, privacy, and responsiblity as it relates to computers and the internet. John has been quoted thousands of times on a variety of topics including by such organizations as: The New York Times, The CBS Evening News, The British Broadcasting Corporation, The Washington Post, The Boston Herald, National Public Radio, Wired News, and the San Francisco Chronicle.

    He can be reached by sending an e-mail to


    What is an information security enthusiast?


    Just like with any other system, router's aren't bullet-proof. Take a look at AntiCode's Router Archive for examples of exploits which have effected these devices.


    Bub, what is security?


    Just like with any other system, router's aren't bullet-proof. Take a look at AntiCode's Router Archive for examples of exploits which have effected these devices.


    Are hackers inherently evil?


    Social Engineering isn't as romantic as it sounds. It basically involves the hacker lying to a user, in order for them to obtain information, in many cases, your password. AntiOnline's Figh-Back! section has more information about social engineering, and even gives a sample conversation between a hacker and a victim user.


    Are your answers more accurate and enlightening than those provided by a magic eight ball?



    Ken Williams
  • It's about time that someone with a company big enough to back him, finally sticks it to Antionline. My only hope is that JP pulls some crap with AOL sometime, so that I can prod our landsharks to do their hungry circle dance of death around him.

    Course, now that he's finally been publicly discredited, like all good net kooks, he'll get even shriller and more annoying.
  • While it is desperately important that JP be branded for the disreputable scoundrel he tends to be in the mainstream media, what should really worry us about this article is an admission of something I've suspected for years: journalistic sources start out horribly biased then proliferate through a lovely grapevine of other newspapers. That is: 'CNN has just learned of a Washington Post Article covering a story in TIME Magazine that quotes a line from the New York Times in an article by a journalist whose source was interviewed while rooting around in a dumpster.' Immediately the word 'expert' loses all credibility so the lingering question becomes, 'Who do I trust?' Ideally the community would self-police and release publicly accessible docs to the press so that the lone-gunman mercenary tactics of AntiOnline would lose credibility quicker, but the internet community is such a cacophony of opposing voices that most journalists are quick to give up on their old research methods and give ol' JP a call. Do this more than once and you've created a monster.
    So what's the answer? Switch to a new 'expert,' and watch them go down in flames? This goes beyond JP's megalomaniacal campaign since 'experts' get quoted all the time in the news. Experts who dictate the laws government will pass on violence in movies/games/TV and the like.
  • I think that you're missing the point. The person is not the project; even if I am a big meanie, that doesn't necessarily make me an incompetent programmer. The article that you seem to approve of is following that line of illogic rather than citing the specific charges against AntiOnline that have been referred to.

    Personally, I can't testify whether the charges are valid or not - I'm not a security expert, more of a security dabbler. I do know that they were nowhere to be found in the Forbes article.

    Consider that this kind of attack has been made before, to great outrage from the /. crowd. Who can forget the past characterizations of Linus Torvalds as a pimply-faced college kid? And you, as a responsible professional, would never use an OS programmed by a horde of pimply-faced college kids, would you?

    When you let journalists get away with this kind of shoddy reporting, you're just encouraging laziness and intellectual dishonesty. When it goes along, even without the applause it's been getting on /., it will go on and bite you in the ass. How long do you think it'll be before Forbes tackles something important? They're not going to stick to relatively safe subjects forever, you know.

  • For those of you unaware of the dispute that has been constantly going on between attrition and antionline, it serves as a prime example how how JayPee attempts to deal with those that go against him. Threat of lawsuit after lawsuit, attempts to destroy any credibility, and constant slander are all commonplace with him. His website is no longer used as a "security portal", as he likes to call it, but as a tool to promote himself and nothing else. JayPee took advantage of the fact that the media is almost completely ignorant when it comes to cracking and website defacements. He realized that they would latch on to anyone that claimed to be an "expert" in this field. Want to know what antionline is really about? Go to and READ. They do one hell of a job creating logical, rational arguements and proving their point. Anyways, over & out.
  • It doesn't just apply to hackers. There is misinformation all around.

    Usually the people who are looking to sources just want the spotlight and will say anyhting ot get it.

    The best sources are usually too involved with their field to be noticed/bothered. They have to be tracked down through phone calls and friends of friends, etc. And with that, the person tracked down may not even want to talk. It can be easier to just settle with the first available.

    Journalism, like society is getting lazy, and looking for the quick and easy. If there is someone standing at the front door when you leave to go looking then that person probably gets quoted. The ever increasing demands for more and faster of whatever helps drive this.

  • Can someone post some links about the "Happy Hacker"? Who is she and how did she get bodily ejected? What's the scoop?
  • by Anonymous Coward on Wednesday September 29, 1999 @06:55AM (#1650547)
    I've just had a major mental orgasm. I have had this rational, not irrational mind you, *rational*, hatred of Vranesevich for so long that I've been waiting for a mainstream outlet to expose him. This isn't a flame, it's just that when people behave as badly, arrogantly, rudely, and ignorantly as JP and that troll Carolyn, and yet get *venerated* by the media and even some IT people for it, it makes you question your sense of reality, morality, and the whole of Western Civilization. This is a major relief, that finally this point of view is shared by people outside of 2600 and Slashdot...

    For instance, Packetstorm was always a better, more informative place than the JP Fan Club that is AntiOnline, yet Packetstorm got booted for smearing JP and Carolyn no more harshly than AntiOnline smears Packetstorm, Kevin Mitnick, Slashdot (remember when they were denying refers from Slashdot, because "The site you have just come from is a haven for hackers"), and everyone worth respecting in the geek/hacker/tech community. Now, I'm no hacker, I wouldn't know the difference between a Perl script and a pearl onion, but I'm savvy enough to know that JP is a condescending b-tch and that I'll take Slashdot over his a-- any day.

    Not to mention what he's said about Kevin Mitnick. I don't care if Kevin were Stalin, you don't put people behind bars without trial or even a fair prelim hearing for years and years, this is America and if AntiOnline were at all respectable they'd be pointing that out instead of trying to capitalize on Kevin's unconstitutional misfortune. JP should be ashamed of himself. Instead of siding with the Constitution, AntiOnline and its cyber-jackbooted-thugs have obviously sided with Big Brother and the FBI Domestic Police State Unit.

    AntiOnline's JP and Carolyn are the same sort of semi-illiterates who'd outlaw reverse engineering to protect the profits of the status-quo--just look at all the "tech news" on their website, it's obviously geared towards not-so-computer-literate corporate suits, for the purposes of JP's own aggrandizement. I know little about the fundamental internal processes involved in computing, and my Linux-Mandrake 6.0 CD is still sitting here (til I get a 2nd drive) uninstalled because I'd rather have my four.five gigs of pr0n. Yet even I feel the articles at AntiOnline are below my own level of literacy. Despite its claims, then, AntiOnline is not at all about computer security--Packetstorm is, Slashdot sometimes is, even 2600 is more so than AntiOnline. So if it's not about computer security, the only conclusion I can come up with is that it's about JP sucking up to corporate suits, period. Just my 2 cents.

    --Taylor, whose login was eaten by the Slashmonster
  • by J. FoxGlov ( 2910 ) on Wednesday September 29, 1999 @07:32AM (#1650548) Homepage
    This is all stuff I assume you know already. I'm just being indignant because I can.

    Sure, "black hat" crackers aren't going to want to be found, but the "white hats" generally WANT the press (though if you make a mistake, they make you regret it.)

    It's hard to gain their trust, but it should be. A lot of the time with hacker sources, the easier it is to talk to them, the less credible they are. Case in point: John P.

    If you ever doubt the ability of a hacker, just look for his or her work. "Show me the code" shouldn't just be the cry of an open-source consumer. If you can't read code (like me), get a good working relationship with a non-flaky programmer (like I have.)

    Anyone in the l0pht, in particular mudge, I would consider credible. You send them an e-mail, they reply. is surprisingly on the level, as is Simple Nomad of

    In addition, many large IT firms or IT departments of large corporations employ hackers. If all else fails, take up a hobby of reading some oddball Usenet group. Surprisingly enough, many hackers are also authors of goony prose.

  • by zempf ( 4454 ) <> on Wednesday September 29, 1999 @06:09AM (#1650549) Homepage
    Although it's a (relatively) biased view, you can check out [], specifically this [] for info on attrition's thoughts on JP & antionline. As far as the happy hacker [] series goes, check here. [] Over at attrition they really don't like JP & Carolyn Meinel, though, so take what you read with a grain of salt :)

    -mike kania
  • by Sloppy ( 14984 ) on Wednesday September 29, 1999 @10:34AM (#1650550) Homepage Journal

    The sad thing is that no one knows everything about every topic, and sometimes we just take the short-cut of believing what we're told, if it's far from our expertise.

    That used to work just about fine. I read Scientific American (and still do) and find parts of it fascinating, especially when they're talking about stuff I don't understand. ;-) But when they run garbage about stuff that I do know about, it really makes me wonder what other garbage is in there on topics that I don't know about.

    Bad reporting doesn't just do a disservice to the readers; it also damage the credibility of the publication. Some Scientific American editor should have checked up on Meinel and then dragged her article to the shredder icon. It's disillusioning to see a beloved magazine that I grew up with, suddenly tainted in my eyes. I can't fscking believe Meniel's been in the same publication as Hofstadter... *sigh*

    Have a Sloppy day!
  • by Black Parrot ( 19622 ) on Wednesday September 29, 1999 @08:48AM (#1650551)
    Yeah, I remember that lame article. I know nothing about security, but I was ticked and really had trouble restraining myself from flaming my favoite rag over the stereotypes and subtext of her article. At least this thread has clued me in on why it was so lame.

    The stereotypes that I remember:
    • Good guys go to school at night and get a degree.
    • Bad guys are self taught, and can't be bothered with things like degrees.
    • And by the way, those self-taught people can't compile the programs that they download.
    • And besides, downloadable programs are for crackers; good guys buy their software.

    The subtext:
    • Legitimate computer users use NT; other stuff is for crackers.
    • The only exception is the Mac, but even that is relegated to the lowly role of a security monitoring station -- it's merely an attachment to the 'real' network.

    Honestly, I took it for more MS Astroturf(TM) at the time.

  • by puppet ( 27092 ) on Wednesday September 29, 1999 @06:50AM (#1650552) Homepage
    I used to have run-ins on IRC with "JP" when he ran with the Cha0s, Inc "hacker" group. That was when he was still in high-school, committing daily ping-flood attacks and generally being obnoxious. When he went to college and got his dormatory ethernet connection and put up his first "security" web site I just laughed. But I never expected anyone to take him seriously.

    You should think of him and his web site as one big social engineering hack on the media. That's all it is.
  • by twit ( 60210 ) on Wednesday September 29, 1999 @06:09AM (#1650553) Homepage
    The times I've visited AntiOnline [] (and that not often, but still), it has struck me as being much more of an information clearing house than a source for original content, which Forbes seems to be insinuating. Visiting today, it really still is. Which isn't a bad thing, either (look at /.)

    Any reader of Brill's Content will note that most journalists aren't formally or practically educated in the fields which they cover. Whether this should be so is grounds for another post, of course, but I'd think that Vranesevich, as operator/publisher/editor of AntiOnline would qualify as a journalist. Not a great one, either, but still.

    Any attack on AntiOnline should be made regarding AntiOnline's quality of reporting. Has AntiOnline (rather than Vranesevich) been incorrect? Has it disseminated false information? Have the scoops, such that they are, been important? And so on, and so forth. Instead, Forbes has taken the easy way out: slam AntiOnline by insisting that Vranesevich has insufficient "street cred" and that he's litigious.

    No doubt Forbes would shy away from the same argument, applied to themselves: since Steve Forbes is a trust-funded, socially conservative wingnut, Forbes Magazine is obviously a rag.

    Well, it is a rag, but that's not why.

  • by Skyshadow ( 508 ) on Wednesday September 29, 1999 @06:32AM (#1650554) Homepage
    Hey, you gotta be fair. Usually, a reputation is all you have to go on as a member of the media.

    Really, you've got to take what people tell you and try to disseminate it into an article about a field you're usually not an expert in. It's not as easy as it looks, but when the editor says "hop" you'd better already know how high.

    Contrary to popular /.'er belief, the media (even Jesse Berst) isn't out to distort facts or intentionally get things wrong. It's just a matter of not getting good enough quality information from sources.

    If someone can talk to the media and make themselves understood (and seem to know of whence they speak), they're a good source until proven otherwise.

    That said, I'm glad that egomaniac JP is getting his at long last -- that Packet Storm thing POed me something royal.


  • by Paul Crowley ( 837 ) on Wednesday September 29, 1999 @07:24AM (#1650555) Homepage Journal
    Do a Google search on Adam Penenburg []; find his email address [mailto] and write to him to congratulate him on this article, before going on to read some of his other stuff, including an enlightenting mea culpa [] on being taken in by bogus hackers himself, echoing Mike@ABC's comments: writing accurate hacker stories is hard. Sadly, staying credulous makes your stories sound better ("hackers hold up banks with crypto") and no-one seems to notice the difference. Thanks for trying to stay honest.
  • by D-Fly ( 7665 ) on Wednesday September 29, 1999 @06:09AM (#1650556) Homepage Journal
    It's surprising how long it took for the print media to catch on to the fact that Antionline is full of it.

    Once Vranisevich got himself quoted in the New York Times, all the rest of us media people saw him every time we ran a Nexis-Lexis (newspaper database) search on a tech issue. Since the New York Times is the PAPER OF RECORD, and never gets anything wrong, Vranisevich was now a Trusted Source.

    But as anyone who reads their weekly Circuits section knows, the Times is no expert on tech issues. They get things wrong all the time--mostly little details that don't seem so important unless you are a rarefied expert in the field, but they do get them wrong.

    And they, and the Washington Post, and a few others, really misjudged little Jon Vranisevich.

    What is odd is that so few tech reporters seem to really follow the online scene closely. Antionline has been dismissed as a fraud by the hacker/security community at large at least since last year (lots of others thought he was full of it before that, I am sure, and yet the mainstream press kept quoting him.

    Forbes has probably done us all a huge service here. Even if the NYT/WashPost/WSJ don't pay attention to Attrition/L0pht/Slashdot enough (yet), they do read Forbes.
  • by D-Fly ( 7665 ) on Wednesday September 29, 1999 @08:51AM (#1650557) Homepage Journal
    As a newspaper reporter for a huge regional newspaper (Philadelphia Inquirer) [] that is a subsidiary of a gigantic mega-corporation (Knight Ridder) [], I respectfully submit that the media can often be characterized as a lumbering homogenous mass of information dissemination.

    Because unfortunately, most of the stories your paper runs from outside the local area are probably from one source (the AP collective). And because, like it or not, if the NYT or the WSJ or the Washington Post prints it, most reporters think something is true. And because if a newspaper prints it, the TeeVee drones dutifully put it on the air, minus 99 percent of the content and analysis. And because most of the media [] (probably including yours) is owned by gigantic evil mega-corporations obsessed with increasing shareholder value at the expense of their viewers'/readers' minds.

    More importantly, though, your average local reporter knows a little about a lot, but a lot about only a little, of what she or he covers. That means we rely on experts, and I think too often, we anoint experts without really knowing too much about how much they actually know.

    And I think using the Nexis-Lexis database to find experts is just about the WORST thing a reporter can do. Because that leads to the kinds of vicious spirals that turn idiots like Vranesevich into spokesmen for things they know little or nothing about. We should spend a little extra time and find our own experts by researching the field we report on, talking to the relevant players, and figuring out who they respect.

    This is an interesting discussion, so don't be offended by my self righteous tone. I sometimes rely on these anointed experts too, but I wish I didn't.

    [ps-this was already posted once, but somehow ended up in a completely different article]

  • by platypus ( 18156 ) on Wednesday September 29, 1999 @06:31AM (#1650558) Homepage
    Believe the people from attrition or don't belive them. But here's a text [] from fyodor, the creator of nmap. He reacts to the publishing of a Carolyn Meinel article in SCIENTIFIC AMERICAN. My god!!!
    It's a shame that they didn't react, 2 months later one could read the article in the foreign "brother" newspapers of scientific american. I wrote an angry letter to them, but they insisted mrs. meinel had a good reputation in security circles.
    I wonder why I have NEVER seen ANY information of her or her affiliates on bugtrag/ntbugtaq/* . Argh, perhaps I'm just to idealistic to think there have to be some journalists who bother to get any information, but this makes me really angry.
  • by gavinhall ( 33 ) on Wednesday September 29, 1999 @06:52AM (#1650559)
    Posted by Mike@ABC:

    Before I start, a bit of a mea culpa: I used JP on my site, even did a profile on him back in March or April of '98. And back then, quite frankly, he wasn't a bad source. He had some good stuff, decent contacts, and was still interested in reporting on the hacker scene.

    Then, early this year, he re-launched his site and adopted a new editorial policy. And I stopped calling him -- not because of his opinions, because he can do his site however he wants -- but in covering hacking, I need sources that will help me contact and understand the hacking community, not bash it. I want to leave the value judgements to the readers. Thus, I want to have actual hackers as sources, as well as real-world big-time security experts on the other side. Without slamming him one way or another, it's safe to say that JP is neither.

    Covering hackers is hard. With a few exceptions, most hackers don't want to be found, and those willing to talk to media usually want a slew of protections. And of course, we in the media have to try to determine whether these folks are bonafide hackers, or just guys who hang out on IRC and play with downloads from last year's B.O. release. It's a tough call, and there are many of us who dropped the ball at one point or another.

    As for this column, this was probably the safest way to cover the questions surrounding JP, PacketStorm, and the other controversies. Many journalists have looked into this at one time or another, but there just aren't enough people willing to go on the record to make it a straight news story. But a columnist, as someone writing an opinion piece, has a little more leeway. He must still write factually, but can put forth theories more readily that someone writing straight news stories. I'm glad someone was able to figure out how to report this.

    And I wouldn't worry too much about the lawsuits. One could easily argue that by speaking to the media -- indeed, by seeking out news coverage -- JP has made himself into somewhat of a public figure when it comes to the hacking community. If someone slammed JP because of his personal life, then that would be grounds for a suit. But since he's putting himself out there as the expert, questioning that expertise in a public forum is more than appropriate. Of course, I'm not a lawyer...!

    That's it. Hope the perspective helps. As usual, this is my opinion, not that of, ABC, Infoseek, Disney, the Mouse, etc., et. al.

I'm always looking for a new idea that will be more productive than its cost. -- David Rockefeller