The Polygraph Place

Thanks for stopping by our bulletin board.
Please take just a moment to register so you can post your own questions
and reply to topics. It is free and takes only a minute to register. Just click on the register link


  Polygraph Place Bulletin Board
  Professional Issues - Private Forum for Examiners ONLY
  security leak?

Post New Topic  Post A Reply
profile | register | preferences | faq | search

next newest topic | next oldest topic
Author Topic:   security leak?
rnelson
Member
posted 11-14-2005 07:35 PM     Click Here to See the Profile for rnelson   Click Here to Email rnelson     Edit/Delete Message
Here are a couple of IPs - can you tell if any authorized forum users are from these locations.

I think there might be a security problem.

After posting to this forum the login and pwd to the CM index on my site, my secure directory had several page requests from IP addresses in the Netherlands (Amsterdam).

So far, all I can tell is that there were page requests.

Someone else tried to ftp my site, which does not allow anonymous ftp - and the posted login is not ftp authorized.

I'm unable to determine yet if those requests are failed.

It could be some examiner is travelling. Or, it could be that someone is attempting a ftp directory list (which would be unsuccessful without an authorized login. Or, an authorized user of this forum. may have forwarded the login to a person in the Netherlands.

Ralph indicated through email that he is initially unaware of any authorized user in that area.

So, if anyone wants to access the confirmed CM index on my site just email me and convince me of your credentials, and I'll send you the new login.

Here are two IPs if anyone knows how to check them it would help.


82.94.251.206

82.156.33.125 - resolves to c529c217d.cable.wanadoo.nl


r

IP: Logged

sackett
Moderator
posted 11-14-2005 08:22 PM     Click Here to See the Profile for sackett   Click Here to Email sackett     Edit/Delete Message
Ray,

I can't answer your question, but I can tell you that georgie is a VERY smart boy and has a command of the electronic web and internet that would embarrassment any of us practitioners and more so than any programmer. How do you think he traverses the IP address as he does and identifies and traces posters on his site to expose them as polygraph examiners (or interrelated to each other) and therefore exposes them as non-credible on his site...? He is a smart boy!

While I can not speak to the security Ralph has on this site (which I would assume is pretty darn good), it would not surprise me if george had a back door into it (or through another), just to see what we talk about and what we're up to...

Remember, he has an idea about what we do, but anything he can use to improve his web site in CM detection would be priceless to him for credibility sake...

Be carefull, all!

Jim

IP: Logged

Barry C
Member
posted 11-14-2005 09:09 PM     Click Here to See the Profile for Barry C   Click Here to Email Barry C     Edit/Delete Message
They are both from the Netherlands, which you're probably aware, but I'll keep digging.

IP: Logged

rnelson
Member
posted 11-14-2005 11:22 PM     Click Here to See the Profile for rnelson   Click Here to Email rnelson     Edit/Delete Message
Sackett,

I agree GM appears to be smart and resourceful.

So far I can tell 52 page requests from NL, and 3 page downloads. It may be difficult to detmine which pages, it might only be stuff from the unsecured area of the site.

No one has contacted me to advise that any legitimate examiner from the Netherlands has any authorized entry with this forum.

So there seem to be two concern. what is that person doing, and how did he learn of the secured area? There are no links or references to it outside this forum.

r

IP: Logged

rnelson
Member
posted 11-14-2005 11:33 PM     Click Here to See the Profile for rnelson   Click Here to Email rnelson     Edit/Delete Message
Sackett,

I agree GM appears to be smart and resourceful.

However finding IPs isn't difficult.
http://www.geobytes.com/

So far I can tell 52 page requests from NL, and 3 page downloads. It may be difficult to detmine which pages, it might only be stuff from the unsecured area of the site.

No one has contacted me to advise that any legitimate examiner from the Netherlands has any authorized entry with this forum.

So I have two concerns. What is that person doing, and how did he learn of the secured area? There are no links or references to it outside this forum.

Micro$oft Front Page Extensions is the same directory security that this site uses - its very common, and seems to be pretty good.

I don't know of a

r

IP: Logged

rnelson
Member
posted 11-14-2005 11:34 PM     Click Here to See the Profile for rnelson   Click Here to Email rnelson     Edit/Delete Message
Sackett,

I agree GM appears to be smart and resourceful.

However finding IPs isn't difficult.
http://www.geobytes.com/

So far I can tell 52 page requests from NL, and 3 page downloads. It may be difficult to detmine which pages, it might only be stuff from the unsecured area of the site.

No one has contacted me to advise that any legitimate examiner from the Netherlands has any authorized entry with this forum.

So I have two concerns. What is that person doing, and how did he learn of the secured area? There are no links or references to it outside this forum.

Micro$oft Front Page Extensions is the same directory security that this site uses - its very common, and seems to be pretty good.

Without anonymous access, people shouldn't be able to generate ftp directory lists.

r

IP: Logged

Ned
Member
posted 11-15-2005 01:26 AM     Click Here to See the Profile for Ned     Edit/Delete Message
Ray,

I sent you an email regarding your post. I was not sure how to post the graphic here.

Ned

IP: Logged

rnelson
Member
posted 11-15-2005 08:47 AM     Click Here to See the Profile for rnelson   Click Here to Email rnelson     Edit/Delete Message
Thanks Ned,

The little tag on the left of the (rediculously small) editing window indicates that Ralph does not allow [img] code in this forum.

I've posted it to the secured area of my site.
http://www.raymondnelson.us/c/82.156.33.125.jpg

Google searching IPs - whodathunkit.

So far I've determined that one of the IPs

- 82.156.33.125 -

belongs to a block of IPs owned by the RIPE network which assigns IPs to customers in the Netherlands. It resolves to Amsterdam (but my IP resolves to Aurora - and I'm 30 miles from there). It is probably a dynamic IP.

Your search reveals that the IP appears to have been assigned to a user from the anti site at one time.

That does it for me. It was most likely georgie-boy.

There were 25 page requests on Saturday and 27 on Sunday - 2 pages were served on Saturday, and 1 on Sunday. My domain host assures me that the Front Page Extensions is considered fairly secure - but it is M$oft.

Its possible those served pages were the default redirect to the index or some other unsecured pages.

I don't think anyone could ftp directory list my secured directory very easily. So, he'd be limited to page views of the unsecured area.

My site doesn't appear on Google, and that's fine with me. But its not that hard to find it.

I check the anti site about weekly - somtimes more. I've never posted, and georgie (and most others require registration to post). However, georgie is thorough, and straightforward, about his ability to log IPs. I don't know if he reviews IPs of non-registered users, but if he did he'd see a few of ours regularly. It wouldn't be hard to guess who the examiners are.

The material on my site, is not revolutionary - mostly just shameless self-promotion - and I've presented much of the material in trainings to therapists, POs, caseworkers, judges, attorneys (and today a victim's advocacy conference.)

Does anyone know about IE's page caching features? Is there a way to be notified in advance about changes to offline content? I don't think Firefox does this.

It seems like I heard about this feature, and if I'm correct it would alert the user or download a new page whenever changes are made to a site. I've made a few changes lately.

A while back georgie hadn't disabled anonymous ftp to his site... I found only the usual boring personal photos along with the material for the site.

r

IP: Logged

Barry C
Member
posted 11-15-2005 08:58 AM     Click Here to See the Profile for Barry C   Click Here to Email Barry C     Edit/Delete Message
It seems to be the same.

82.94.251.206

Blacklist Status: Clear - Last blocked 2005-06-07 (history)
Cached Whois: Cached today
Whois History: 64 records stored
Oldest: 2005-01-20
Newest: 2005-11-15
Record Type: IP Address
IP Location: Netherlands - Noord-holland - Amsterdam - Colonah
Reverse IP: No websites hosted using this IP address
Reverse DNS: not set

--------------------------------------------------------------------------------
% Information related to '82.94.251.192 - 82.94.251.207'

inetnum: 82.94.251.192 - 82.94.251.207
netname: colonah6
descr: NAH6 BV
country: NL
admin-c: RG2248-RIPE
tech-c: RG2248-RIPE
tech-c: XS42-RIPE
status: ASSIGNED PA
mnt-by: XS4ALL-MNT
source: RIPE # Filtered

role: XS4ALL Internet NOC
address: XS4ALL Internet BV
address: Postbus 1848
address: 1000BV Amsterdam
address: The Netherlands
phone: +31 20 3987654
fax-no: +31 20 3987604
abuse-mailbox:
admin-c: CB127
tech-c: CB127
tech-c: OD45
tech-c: EB76-RIPE
tech-c: RZ2757-RIPE
tech-c: KAI11-RIPE
nic-hdl: XS42-RIPE
mnt-by: XS4ALL-MNT
source: RIPE # Filtered

person: R Gonggrijp
address: NAH6 BV
address: Linnaeusparkweg 98
address: 1098 EJ Amsterdam
address: The Netherlands
phone: +31 20 6638558
fax-no: +31 20 6638511
nic-hdl: RG2248-RIPE
source: RIPE # Filtered

% Information related to '82.92.0.0/14AS3265'

route: 82.92.0.0/14
descr: XS4ALL networking
origin: AS3265
mnt-by: XS4ALL-MNT
source: RIPE # Filtered

IP: Logged

detector
Administrator
posted 11-15-2005 04:13 PM     Click Here to See the Profile for detector   Click Here to Email detector     Edit/Delete Message
Hi Gang,

There is virtually no way for George to access this part of the forum unless someone gave it to him...and the truth is...that could happen.

My standard for allowing someone here was pretty much that they could convince me they were a practicing polygraph examiner with some piece of info I could verify. I did not discriminate on if they were a FOG or not, so it is possible that some examiner in here believes in what he is doing and is willing to share his login.

The only way I can think of to curtail this...and even that is not an absolute guarantee...would be to start with a few hand picked people who I personally know and then only allow people in through invites to examiners they 'personally' know. We could rebuild the membership here that way. In fact I could start it as an entirely different forum area.

I open to your suggestions, but of course realize the solutions need to be low or no cost...after all this is a free service.

------------------
Ralph Hilliard
PolygraphPlace Owner & Operator
http://www.polygraphplace.com


IP: Logged

rnelson
Member
posted 11-15-2005 10:38 PM     Click Here to See the Profile for rnelson   Click Here to Email rnelson     Edit/Delete Message
Ralph,

Thanks for the info.

I wouldn't suggest doing anything yet. I'm reasonably convinced that GM or some FOG was snooping my site, with 52 page requests and 3 fulfilled page serves. Its not yet clear whether those pages were from the secured area.

Its concerning to me that these requests occurred right after I put up the secured area.

However, I've been advised it is possible that someone could be notified automatically of site changes.
http://www.changedetection.com/monitor.html
http://www.timelyweb.com/

I think what might make sense is to start an introduction thread, in which forum users can introduce themselves. Then you, the forum owner, or moderators, could verify the credentials of others. Or perhaps the profiles section could be used or reviewed to do a quick review of credentials and then follow up on others.

That doesn't solve the problem of a leak to some FOG, so for now I won't post the login to the CM images.

Since I changed the login, there have been no page requests from NL yesterday or today - though I'm not sure if that's a weekday/weekend thing or what.

r

IP: Logged

Barry C
Member
posted 11-16-2005 08:45 PM     Click Here to See the Profile for Barry C   Click Here to Email Barry C     Edit/Delete Message
I decided to read the CM chapter of George's Lie Behind the Lie Detector (updated in March of this year), and it is very clear he is getting at least some of his info from somebody involved in the field. He talks about a reliable source telling him DoDPI secretly had changed to the ASTM / Utah scoring criteria. Who else but an examiner would know that? Since that info is wrong, it appears his source is not a government employee.

He also talks considerably about counter-countermeasures, most of which we talk about here. For example, time barring the neutrals and introducing neutrals as "controls" are some things he says to be aware we're doing.

I don't have the book handy right now, but download a copy and tell me I'm wrong, but I don't think I am.

IP: Logged

Capstun
Member
posted 11-17-2005 09:35 AM     Click Here to See the Profile for Capstun   Click Here to Email Capstun     Edit/Delete Message
His right hand man, Dr. Drew Richardson, is a former FBI Polygrapher, researcher and Supervisory Special Agent in charge of their Forensic Sciences Unit. As I understand it, he was disgraced at the FBI for trying to testify against the agency in a case involving polygraph. He is now with Brain Fingerprinting Laboratories and working diligently to get brain fingerprinting to replace the polygraph. He, along with the National Academy of Sciences, is the ammo for George's claim that the polygraph has no scientific validity.

[This message has been edited by Capstun (edited 11-17-2005).]

IP: Logged

Barry C
Member
posted 11-17-2005 08:32 PM     Click Here to See the Profile for Barry C   Click Here to Email Barry C     Edit/Delete Message
I know all about Drew, but given that, he is not the likely the guy with any new, inside info. There's got to be somebody else.

IP: Logged

LouRovner
Administrator
posted 11-18-2005 09:29 AM     Click Here to See the Profile for LouRovner   Click Here to Email LouRovner     Edit/Delete Message
FYI,

Drew Richardson never actually gave any polygraph exams for the FBI. That's a myth he's trying to keep alive.

Lou

------------------
Louis Rovner, Ph.D.
Rovner & Associates
LouRovner@sbcglobal.net


IP: Logged

J.B. McCloughan
Member
posted 11-18-2005 01:02 PM     Click Here to See the Profile for J.B. McCloughan   Click Here to Email J.B. McCloughan     Edit/Delete Message
Lou,

I have personally spoken with Drew Richardson on more than one occasion and he advised me that he had in fact conducted a "handful" of field test for the FBI, some of which were screening exams.

I think the only myth is a play on words that George is using, "Dr. Richardson also worked in the FBI's polygraph research unit and conducted a modest number of polygraph examinations in criminal investigations." This does not actually give you a number but one might infer that he has run a modest number in comparison to an average polygraph examiner’s caseload (e.g. 100-300 exams annually).

Getting back to the subject at hand, I think we should have someone look into whether George violated a State and/or Federal law and, if so, can we get an investigation started. George has a right to his opinion and can legally air his freedom of speech, but I believe that in this instance he has gone beyond legal rights and violated law. This is one applicable law in Michigan http://www.legislature.mi.gov/mileg.asp?page=getObject&objName=mcl-752-797&highlight=computer . Colorado- Colorado Statutes : TITLE 18 CRIMINAL CODE : ARTICLE 9 OFFENSES AGAINST PUBLIC PEACE, ORDER, AND DECENCY : PART 3 OFFENSES INVOLVING COMMUNICATIONS : 18-9-303. Wiretapping prohibited - penalty. http://198.187.128.12/colorado/lpext.dll?f=templates&fn=fs-main.htm

IP: Logged

polyops
Member
posted 11-19-2005 12:37 AM     Click Here to See the Profile for polyops     Edit/Delete Message
Ray,

You wrote that your site isn't listed in Google, but it turns out actually is. Do a search and you'll see. So it is possible that Georgie or some FOG found it that way.

------------------
John 8:32


IP: Logged

rnelson
Member
posted 11-19-2005 01:17 AM     Click Here to See the Profile for rnelson   Click Here to Email rnelson     Edit/Delete Message
OK,

After numerous private emails, and after reviewing numerous access logs, and learning more than I should have to know about computers and the Internet, I'm reasonably convinced that no serious security breach has occurred. There has been no page requests from the Netherlands since this past weekend. As I indicated previously, only three page requests appear to have been filled, though numerous requests were received. I'm a little unclear about this, but I think that the number of requests may be a reflection of the graphic items on the pages requested. I made a minor change to my index page over the weekend. As I indicated previously, automatic notification services would have allerted anyone interested, and they would have then requested the changed page/s. It was the timing of the the NL requests that got my attention, but I hadn't considered the index changes.

My 'pologies for the panic-button experience, but I'm sure you can imagine my concern at posting polygraph data demonstrating detected countermeasures and then learning that George had may have somehow accessed the data. So far, George seems to believe that we cannot reliably detect countermeasures, and I would hate to educate him about the fact that two of those cases (111105 and 040305) have confessed to reading his book and website extensively.

So, for now I'll re-authorize access to the Countermeasure data using the previous login

user: polybabble
password: exam

As for the ASTM criteria. See the footnote on page 146 of George's book.

Additionally, note on page 150, that he still thinks anal sphincter contractions cannot be detected even though data 090905 on my secured site clearly shows we can. Georgie also thinks that other techniques can't be detected - lets let him think so.

r

11-19-05 edit:

I neglected to include a link to the index of confirmed countermeasure cases. I'll put up some more cases when I have time.
http://www.raymondnelson.us/c/c_index.html

r


[This message has been edited by rnelson (edited 11-19-2005).]

IP: Logged

CHSBOY
Member
posted 11-20-2005 12:36 PM     Click Here to See the Profile for CHSBOY     Edit/Delete Message
I hope the initial analysis that appears to make it unlikely that George has penetrated this site is correct. However, Barry mentions a point I've been looking at for some time. That is, that George does seem to publish material relatively soon after it's discussed or disclosed. For example, his Feb 04 posting that examiners were known to be using time-bars on irrelevant questions and some describe the IRQs as 'control' or comparison questions. Interestingly that followed by two weeks a class conducted for a number of examiners wherein these topics were specifically discussed. How about the announcement about DoDPI changing or reducing the pneumo criteria? It appeared to look just like the TDA lecture conducted at the APA in Orlando by a DoPDI rep about 6 months prior.

Also, a good friend, who presented at the APA in Orlando also mentioned to me about a 'strange' critque he received following his CM presentation. He knows of my interest in this regard and he sent me the comments which appeared to be negative regarding the subject matter...calling the presentation "more polygraph voodoo."

The 'leaks', if they are that, may not be from an examiner but a friend or acquaintance of an examiner who asks questions or inquires about technical issues. One poster on George's site, Fair Chance, intrigues me. This person is clearly a member of the FBI with friends who are polygraphers and whjo appears to be in at least mid-level management. Of course, that is if his postings are true.

We'll have to see but we do need to keep our eyes and ears open. We need to be very certain who we let into these fora, especially the presentations at large gatherings like the APA or AAPP.

IP: Logged

All times are PT (US)

next newest topic | next oldest topic

Administrative Options: Close Topic | Archive/Move | Delete Topic
Post New Topic  Post A Reply
Hop to:

Contact Us | The Polygraph Place

copyright 1999-2003. WordNet Solutions. All Rights Reserved

Powered by: Ultimate Bulletin Board, Version 5.39c
© Infopop Corporation (formerly Madrona Park, Inc.), 1998 - 1999.