Battle Creek, Michigan Settles Dispute with ORBZ

Peter Sachs, Esq. writes: "According to a press release that now appears on its official website, the City of Battle Creek, Michigan has 'settled"' its dispute with ORBZ.ORG. The City concluded that ORBZ.ORG had no criminal intent to cause the City harm by testing the 'open relay' status its server. In fact, the Assistant to the City Manager said, '...we recognize that [ORBZ.ORG] has done us a service. We are going to be taking a close look at our policies regarding Lotus security updates and how we can avoid the issue in general'"

Comment removed

[account_deleted]

Comment removed based on user account deletion

Absolutely amazing.

[nurightshu]

A government entity thinking clearly and levelly, and actually thanking geeks for trying to help them? Astounding.

Okay, everyone, it's time to pack up and go. Would the last one out of the server room please hit the BRS?

Re:Absolutely amazing.

[Monkelectric]

No, I think this is still scary. They launched an investigation because *someone sent an email that locked up their server*. Not flooded the server, not spammed ... just sent an email.

They should be investigating the marklars at lotus who apparently are not great programmers. No email should *ever* be able to bring down an e-mail server.

Re:Absolutely amazing.

[mi]

They launched an investigation because

It was just an investigation. There is nothing scary about that. The results of an investigation might be scary. In this case they are (or should be) scary to the Lotus people... -mi

Re:Absolutely amazing.

[Lucky+Kevin]

Unfortunately when we could no longer use Orbz we switched to using another database. I wonder how many other people switched and will not switch back. Quite a few I should imagine.

Re:Absolutely amazing.

[caferace]

Would the last one out of the server room please hit the BRS?

Not so fast there Bucko... From the press release: "Spam refers to a computer prank that causes multiple duplicate emails, sometimes several hundred at once, to clog up the recipient's mail server."

Seems to me like they still have a few things to learn...

Re:Absolutely amazing.

[caferace]

It was just an investigation. There is nothing scary about that.

Hmmm. I'll tell you what. Do something, anything, even a bit mildly innocuous and find yourself the subject of an investigation. A search warrant is issued and people enter your home, without your consent. You're interrogated and have to spend big bucks on a lawyer even though legally, you did nothing wrong.

If you don't think that's "scary", you're either one bad-ass mofo or just trolling.

Re:Absolutely amazing.

[yintercept]

It was just an investigation.

Uh, there is no such thing as "just an investigation."

I worked for a government agency. It was absurd because all of the policies would go through these weird legal distortions. If they wanted a simple policy, say changing from a 15 to 20 minute break, they would pass a law, and it would be illegal to take an 15 minute break. They lost the ability for people to communicate with people as people.

ORBZ may have been a bit cavalier in its testing of security holes in servers, but was altruistically trying to perform a service. Instead of trying to communicate, however, the legal system immediately jumps into litigation confrontation and threats. It is really a screwed up system.

Re:Absolutely amazing.

[darkonc]

It's not so much a problem that they launched an investigation. Investigating an action that brought your server down for a day is probably a good thing.

The problem was that their 'investigation' was a bit on the "shoot first and question the cadaver later" nature. Their first step should have been to spend some time figuring out what happened and the nature of the apparent 'attack'. Had they done that, I think that they would have realized that the 'attack' was quite possibly a mistake and/or the result of a problem with the configuration of their box.

In this case, it appears that one of the first things they did was to issue a search warrant. As far as I'm concerned, a search warrant should not be issued lightly. I think that both the police department and the judge who signed the warrant should get a (virtual) public flogginh over their actions under these conditions.

As for analogies, I think that a closer one of someone going around the neighbourhood checking for unlocked doors and informing the owner of the insecure box...
then one day, you find a house where the door is unlocked, and the house is armed.

Re:Absolutely amazing.

[the_rev_matt]

They weren't making laws. They were making rules. Congress makes laws, agencies enforce them.

Re:Absolutely amazing.

Resources like these databases are quite invaluable to spammers.

You want a list of open relays? Grab an entire database of them created for your convenience at somebody else's cost.

You want to spam a group of the most clueless people? Use the abovementioned Open Relays and your messages will be filtered out only by the clueful or those protected by the clueful.

You've now got a whole target market of people to spam, a relay to send your spam through, and filters in place to block your spam from the folks who would know how to complain about it.

Thanks, anti-spam zealots.

And- how come none of you are going after ElcomSoft's throat? That's the company in Russia (remember Dmitry?) that makes a closed-source email address harvesting package for spammers to use. I can't think of anybody who anti-spammers should hate more than 'clueful hackers' who sell tools to the spammers.

Re:Absolutely amazing.

[darkonc]

then one day, you find a house where the door is unlocked, and the house is armed.

Er, um.. that should have been "and the house (door) is alarmed. This actually happened to me once, when I was trying to find my way out of a place where I was doing some late night admin work.. I tried a door that turned out to be an entrance to a neighbor's space. The door was unlocked, but had a chain on it and an alarm (which was set up).

It was kinda half-amusing the conversation I had with the police when they arrived...

• Are you authorized to be in there?
• yes.
• then can you come out and talk to us for a while?
• no.
• why not?
• I don't have a key.
• are you sure you're authorized to be there?
• Yes. I've called the owner, he's on his way. . . . .

Re:Absolutely amazing.

[treat]

They weren't making laws. They were making rules. Congress makes laws, agencies enforce them.

The rules/regulations that agencies make have the force of law, however. That is, you can be imprisoned for not following them, with the full force of the US government behind them.

Battle Creek and Kellogg's

[asackett]

My personal boycott of Kellogg's products continues at least until they repay Ian for his legal expenses incurred as a result of the need to defend against the city's stupidity.

I understand that Kellogg's has nothing to do with the stupidity of the city, but they're the biggest taxpayer/employer in Battle Creek, and that's close enough for me. As an American, collateral damage means nothing to me!

Re:Battle Creek and Kellogg's

What legal expenses? He folded immediately.

Re:Battle Creek and Kellogg's

Have you ever been to Battle Creek? It's so ghetto. I roll down both my drivers-side and passengers-side windows to let the bullets fly through my car without shattering my glass.

Re:Battle Creek and Kellogg's

[hymie3]

Wait, is this a joke? What legal expense? Dude took down his site almost immediately.

He rolled over like a puppy getting patted on the belly precisely *because* he wanted to avoid legal expenses.

Of course, kelloggs does make Smacks. Maybe that's what I'm smelling.

Re:Battle Creek and Kellogg's

[Skapare]

The press release referred to Mr. Gulliver's attorney. Apparently he has an attorney. That attorney should be paid for his services. Mr. Gulliver should not be the one to pay that.

Re:Battle Creek and Kellogg's

[AftanGustur]

Wait, is this a joke? What legal expense?

Read the article, the guy got a lawyer..

Re:Battle Creek and Kellogg's

[pyramid+termite]

I understand that Kellogg's has nothing to do with the stupidity of the city,

HAH!! I grew up in the town! You have NO idea how wrong you are about that. They ran the town so effectively that they blackmailed a surrounding township to merge with the city and then had the city tear down several blocks of downtown for a research center and a high class hotel that wouldn't make visiting VIPs feel like they were in No-Tell Motel Hell. Millions in taxpayer money went to this while the surrounding neighborhoods turned into run down rat infested crack houses. Eventually, Kellogg's laid off so many people that they've lost some of their influence.

but they're the biggest taxpayer/employer in Battle Creek, and that's close enough for me.

Actually, Nippondenso and Battle Creek Health Systems are bigger nowadays. Also, you should know that Post and Ralston Purina have factories there.

As far as a boycott goes, I've been doing that ever since the day I saw how corn flakes were actually made ... And you've no idea what it's like when the sickly sweet smell of Sugar Frosted Flakes or Sugar Pops floats over the city like the sugar hangover from hell. Sour, sweet and totally nauseating.

The Battle Creek Police would be ill equipped to investigate a case like this. They have more trouble than they can handle in that town as it is.

Don't be too tough on BC - hell, they JUST got cable modem service two months ago and the geek population is just about zero as the few who grew up there either moved out or got buried under a football field somewhere by the team ...

Do you know how pathetic the place is? They have an army base named after Gen. Custer. Need I say more?

I love living in Kalamazoo ...

Re:Battle Creek and Kellogg's

Spam refers to a computer prank that causes multiple duplicate emails, sometimes several hundred at once, to clog up the recipient's mail server.

Just where did they learn all this new stuff? Not even I knew this!

Re:Battle Creek and Kellogg's

At least it's an inexensive boycott for me to break. I can afford to buy a few boxes of Kellogg's cereal.

The anti-boycott where I stopped at Circuit City a few summers ago and specifically bought a set top DVD player because of the 'DVD boycott' was expensive.

This here is some good cheap nose thumbing.

Re:Battle Creek and Kellogg's

[bsartist]

As far as a boycott goes, I've been doing that ever since the day I saw how corn flakes were actually made ...

C'mon, you can't just say something like that and leave us hanging... tell us how they're made.

Re:Battle Creek and Kellogg's

[leeward]

Umm.. he says he took his site down because of the threat of jail time. Can't say I blame him.

Re:Battle Creek and Kellogg's

[hymie3]

*You* read the notice on orbz.org. They have a "very nice lawyer working pro bono". Last time I checked, that means he's working for free. So, again, what legal expense?

Re:Battle Creek and Kellogg's

[mgarraha]

the sickly sweet smell of Sugar Frosted Flakes or Sugar Pops floats over the city

If you're going to have industrial pollution, that's the kind to have. My favorite was Froot Loop day.

Re:Battle Creek and Kellogg's

[FuzzyBad-Mofo]

C'mon, you can't just say something like that and leave us hanging... tell us how they're made.

Did you know that Mr Kellow was a big proponent of male circumcision?

In light of this fact, maybe now we know what they do with all those foreskins? :P

Fuzzy

About fucking time...

[Bonker]

"...we recognize that [ORBZ.ORG] has done us a service."

It's about fucking time that someone pulled their heads out of their asses and realized that it wasn't necessary to start filing lawsuits and criminal charges to punish *smart* tech behavior!

Unfortuneately, it may already be too late for ORBZ. Here's hoping that ORBZ comes back up in light of this statement.

Re:About fucking time...

[maggotbrain_777]

Nice that they started off with a lawsuit instead of actually tring to dicuss the matter woth the so called "offending" party. Shut them down

Bad day in IT

[Nethead]

First the boss makes a stink about ORBZ an then they get slashdotted. Glad I don't work there.

Re:Bad day in IT

[_J_]

Under that Michigan law the /. effect could be considered a hack. I could see the case being re-opened with timothy et al being added as accomplices.

anyway....

Re:Bad day in IT

[Blymie]

First the boss makes a stink about ORBZ an then they get slashdotted. Glad I don't work there.

From what I read in the article, and the moronic behaviour these people have exhibited, I would doubt that they even watch their server logs. Or monitor bandwidth. Or even have a sysadmin. Heh.

Re:Bad day in IT

Not have a sysadmin?

Who the fuck changes the toner cartridge on the LJ3 up on third floor if there's no syadadmin/IT janitor?

In the 19th century, all the kids wanted to be river boat pilots. In the early 20th century all the kids wanted to be a railroad engineer.

Now all the kiddies want to be sysadmins.

Hey! Its 'Made You Look Day'

[teamhasnoi]

What the hell? First the thing with Google, now this? What's next? My mom's gonna call me up and tell me I'm adopted? Ha! Just Kidding!

Proudly ontopic, insightful, funny, and interesting for over 30 years!

more info?

[flynt]

Lotus security updates? Avoid the issue in general? What issue?? Any links, relevant information from anyone would be great.

Re:more info?

[Senior+Frac]

ORBZ was scanning for open relays.
One of the known exploits for spammers to use open relays also happens to overlap with an old flaw in Lotus Notes, causing it to go into an infinite loop.
Battlecreek got whammied by ORBZ, unintentionally, and filed criminal charges.

Re:more info?

[Longing]

Yesterday's article about ORBZ shutting down told us about this article, which explained that when ORBZ tested Lotus Domino servers to see if they were open mail relays, the Domino server would get DoSed (enter a mail routing loop consuming 100% CPU). Cheers!

Re:more info?

Having to deal with a Lotus server myself on a daily basis I would like to know a bit more about what hole got them and even what version of Lotus they were running. Small city with small tech funding lends me to believe it was probably still running 4.0, but hey who knows. Just might be 5.0.9 now.

-Tim
www.newtechhigh.org

Re:more info?

[frank_adrian314159]

There was a defect in releases earlier than 5.0.9. When E-mail was received from an address having a certain form, the system would go into a hung state, consuming 100% of the server's CPU cycles. Here is the reference to the details.

The defect was fixed in version 5.0.9 and Lotus has moved on with version 5.0.10 being released soon. Many people as of yet have not upgraded their servers, leaving ORBZ open to similar actions if they stumble accross other Domino servers that are running older software and whose owners might be more litigious.

So ORBZ isn't out of the woods yet.

Re:more info?

Why the hell didn't Battle Creek sue the makers of Lotus Domino?

Re:more info?

[swdunlop]

Why should they? IBM has performed due diligence, provided a security update, and notified all registered users. If Battle Creek happens to drag ass on updating their servers, is it the vendor's fault?

Moreover, they didn't sue anyone. They secured a search warrant, as a reaction to a probe that appeared to be a denial of service attack on their mail service. A bit over the top, but it's an action that more than a few system administrators would love to take in response to a DoS attempt.

Re:more info?

[Skapare]

Then what needs to be done is to recognize the versions of Lotus that are defect, and just don't send any tests to those. Do go ahead and list them as a "spam risk due to incompetent administration" (e.g. because they have not yet been upgraded).

Re:more info?

[Skapare]

Actually, it's now running....
220 battlecreek.org GroupWise Internet Agent 5.5.3.1 Ready (C)1993, 1999 Novell, Inc.

Re:more info?

[arkanes]

I'm curious.. did they actually provide a security update, or was it a "buy the new version" sort of thing? If the second, I'm willing to give admins alot more slack when it comes to have an open system - upgrading to a new verion of something important like a mail server is not cheap, either in money or in time. Especially not at a goverment agency where every dollar has to be approved by 5 different committees.

Re:more info?

[tomsparrow]

Point updates are freely downloadable from the notes site and are covered under existing license, so there was no 'buy the new version' thing.

Of course, there's still the 'new version testing' thing...

Re:more info?

[tcr]

You don't have to upgrade to get around this problem! I'm still running 5.08, but managed to 'patch' myself through a config setting outlined here before yesterday's story appeared on Slashdot.

It's a config setting, and Domino Administrators are (or bloody should be) prepared to tweak these settings.

I don't know if you're aware of this, but every Domino server, by default, installs as an open relay. Unless you lock it down with a setting in the server's configuration document (Router/SMTP - Restrictions and Controls - SMTP Inbound Controls - Inbound relay controls), you are going to have problems anyway.

It's a configuration issue.
Lotus are famous for leaving configurations wide open, and leaving it for the the Administrator to tweak. I admit that they completely missed this issue coming, but fixing it is a 20 second job. I suppose now their problem is letting admins know....

Re:more info?

[frank_adrian314159]

As far as I know (and I may be wrong) it's not a paid upgrade for a sub-minor version.

Re:more info?

You are looking at the wrong domain. Try looking at the MX for ci.battle-creek.mi.us

Re:more info?

[afidel]

Wow Domino sounds a lot like Exchange 5.5. Why is it that the only 2 "enterprise" level messaging platforms both default install like shit? Can neither MS nor IBM figure out how to ship a non broken product that costs 10's of k's ?? I'm not at all suprised that there are so many spam haven open relays when the 2'nd and 3'rd largest email platforms take active measures to become unbroken (I assume sendmail is still #1).

Re:more info?

[ethereal]

They're just doing their part to support Free Software. Heck, by that count, Microsoft is the biggest Free Software supporter around. Code Red and Nimda probably did more for Linux/sendmail or qmail than Red Hat ever has :)

Re:more info?

Believe me, until very recently, each and every Linux distribtuion 'default installed like shit.'

Slackware 3.6 didn't even require you to intialize a Root password, or even prompt you to do so. I have a great story about a friend who surfed the web for several weeks on a Slack box like that, with no root password.

Re:more info?

[afidel]

good point mr Anonymous Coward. I have also lambasted Redhat since 4.2 about this very issue. By continously being beat in the head with the facts they finally did a decent default install with 7.0. Same thing with Exchange, beat MS up enough and they finally changed the defaults for exhange2k. My biggest problem is why do we have to beat them over the head for years and multiple revisions before they "get it"??

Comment removed

[account_deleted]

Comment removed based on user account deletion

Good News, Bad News

[Astral+Jung]

The good news: For once, a government entity came to communicate with someone who wasn't really doing it harm, but actually good, and managed to realize that.

The bad news: They still haven't quite understood the situation yet, based on the article taken from the City of Battle Creek page:

Spam refers to a computer prank that causes multiple duplicate emails, sometimes several hundred at once, to clog up the recipient's mail server.

They are getting better, though.

Re:Good News, Bad News

ORBZ provides a great service...in theory. A service that provides a list of spammers and checks if you could be exploited by spammers -- sounds great. However I will ONLY think about supporting them if they are regulated like a credit-repory agency. If you think about it, they are a type of credit-report agency. They keep a large list of people who have a "bad credit" for sending email and who can be exploited to turn their "credit" bad.
Another gripe I have with ORBZ, is that they spam you themselves. They send out about 10-20 emails to check your system in a VERY short amount of time. When the mail-server I administer first got checked, I received about 20+ emails from one place in a matter of a couple minutes. I thought someone was trying to DoS me. I saw the name "ORBZ" and saw it ended in a Z like something a 31337 2cr1p+ k1ddi3 would use. Then a couple seconds later I remembed what ORBZ was.
Now another gripe about ORBZ and any RBL in general. They don't fucking ask you to "check your locks", they just do. What if you had some fucker come to your house once a month and try to bust in because he wants to make sure a burglar cannot. You'd probably call the police. Lets say they DO find a whole and you didn't ask them. In the real world, that would be breaking and entering, not a public service.
The next problem. I hate fucking SpamCop. Now this isn't exactly ORBZ's problem, I know. But it is a problem with the whole Block the Satanic Spammers Religious Crusade (tm). SpamCop doesn't even check anything. They just leech off of ORBZ and the like. Fuck you I say to them.
I'm an system administrator. I started in college as a part-time job, and now since I graduated two years ago I still am. This is the 3rd sys admin job I've had. When I started at all 3 places, they were using ORBZ or some type of RBL and were STILL FUCKING GETTING SPAM. I stopped using them and our spam rate did increase by about 5%. All 3 companies were approx the same size (under 150 employees (~100, 25, ~175). We were getting about propotionally the same amount of spam. The first place was the worst though, they got around 300 pieces of SPAM a day. The 2nd place was getting around 200 and same with the 3rd. When I was at the first place and removed the RBLs, we jumped to about 250 (co-incendence? probably not). I then blocked 3 IPs that were from overseas but selling USA products and added a couple filters. We droped down to about 20 pieces of SPAM a day. Same goes for the other two places. Most spam was coming from a couple different places which the RBL's weren't blocking. Some decent filters and a couple blocked IP's dropped spam by about 90%.
I hope to start to a spam service myself, just so I can think of clever ways to defeat anti-spam measures. God that would be fun. I can search /. and anti-spam sites to find out what works and what doesn't. :)

Re:Good News, Bad News

[Shimbo]

The bad news: They still haven't quite understood the situation yet, based on the article taken from the City of Battle Creek page:


It seems to have got a bit jumbled on its way through the press office. The direct quotes make more sense. Sure, if I received a piece of mail that crashed my server I might at first assume it was a deliberate DoS. It takes a bit of experience to realise that you have to look deeper.

It's one more sysadmin that's learnt that the hard way.

Better late than never?

[Bronster]

Pity that their first reply was to sue, before even considering the case. It's a pity that ORBZ let itself be SLAPPed out of existance first.

Unfortunately, there really isn't any way to stop this sort of behaviour apart from instuting very harsh penalties for threatening to sue and not following through with the threat or reaching an adequate mediated position with all affected parties.

A$#*holes I say - even if they have recanted now, it's too late to fix the damage. For example the mail-filters plugin for Squirrelmail has had orbz removed - even if it comes back up, people running that code won't be using it.

Re:Better late than never?

[legLess]

Breath into a paper bag for a minute before you hyperventilate. First, this wasn't a SLAPP, it was a court order. It wasn't even a criminal charge yet. More to the point, it was justified. Here's what the press release (which you obviously didn't read) says:

"The purpose of the search warrant was to determine the identity of the person who sent the email that caused our system to fail so we could then determine whether further investigation would be necessary."

Think for a second: you're a government agency, and you notice someone sending bits to your server that make it crash. What's your first response? What's anyone's first response? Find out who did it, and search warrants are very good at that.

Second, this all could have been avoided if Ian Gulliver hadn't freaked when he got the order. If he'd waited a bleeding 24 hours this would have been resolved and ORBZ could have gone on its merry way.

I'm going to resist drawing any parallels between your hysterical and incorrect assessment of the situation and Ian's similar reaction, except to say: pay attention. Life is hard enough without going off half-cocked on incomplete information.

Re:Better late than never?

> Second, this all could have been avoided if Ian Gulliver hadn't freaked when he got the order. If he'd waited a bleeding 24 hours this would have been resolved and ORBZ could have gone on its merry way.

...right up until ORBZ found the next old, broken Lotus mailserver - and the owner of thatserver isn't as understanding as Battle Creek.

That's why ORBZ is staying down - not because of this action, but because of what might happen on the next one.

Re:Better late than never?

exactly--

Ian has wisely decided which battles are worth fighting. He *has* maintained orbz in spite of countless threats of civil suits, but speaking with him even two weeks in advance of this, was never expecting criminal proceedings. Neither Ian nor orbz has the monetary resources for a full-time leagal team [orbz was a free service], and out of respect for those who have offered him pro-bono legal service, he has decided not to be a further liability.

I fully support Ian in his decision. If you think his decision was premature, feel free take over where he left off--all of the code [afaik] for orbz is freely available [accept some late modifications which hadn't been released yet]. His letter basically released into the public domain the databases of information.

Furthermore, he has expressed hope that somebody outside the US would take over. If you're seriously interested, you might want to try contacting him. There are a lot of people who are feeling the absence of orbz [and I just have to mention Rick van Riel as this is /. ...].

Re:Better late than never?

[jbayes]

Think for a second: you're a government agency, and you notice someone sending bits to your server that make it crash. What's your first response?

Well, if they knew enough to know to whom to send a search warrant, then they probably already knew enough to find his website. They could have read the damn site before getting all legal on his ass.

Re:Better late than never?

[flamingcow]

"The purpose of the search warrant was to determine the identity of the person who sent the email that caused our system to fail so we could then determine whether further investigation would be necessary."

The search warrant cited our domain no less than 7 times. Had the detective taken the time to read the website, the situation would have been quite clear to him.

Second, this all could have been avoided if Ian Gulliver hadn't freaked when he got the order. If he'd waited a bleeding 24 hours this would have been resolved and ORBZ could have gone on its merry way.

Having more knowledge here of what went on than you, please trust me. In my opinion, this 'settlement' wouldn't have been nearly as forthcoming if a certain Wired.com article didn't cause major embarassment. I believe that this 'settlement' is much more public relations damage control than an actual realization that a mistake was made.

Re:Better late than never?

[Alsee]

Life is hard enough without going off half-cocked on incomplete information.

Jeez, quit your preaching. Next you're going to be telling us to read the articles before posting.

-

Re:Better late than never?

[SillyMe]

>> Had the detective taken the time to read the website, the situation would have been quite clear to him.

Do you really believe that a detective would understand what open relay detection was? Perhaps I have a low estimation of the technical competence of the police.

Personally I have no problems with the manner the authorities or the city used to handle the case. You did cause a denial of service to the city (in the strictest sense of the definition). You did do it purposely. It probably is a good idea that you shut down, cause if I were on the jury, I would probably convict you.

Re:Better late than never?

[GSloop]

You sir, are a TOTAL MORON!

If we have juries composed of individuals such as yourself, we might as well allow Herr Ashcroft to act as Judge, Jury and Executioner.

How about zipping down to your hospital, and getting a full cranial curettage. It should improve your common sense.

Getting a search warrant, usually requires a very high probability that a crime occured. Since they really didn't know what had happened in the first place, it would seem hard to believe that any probability existed at all.

Cheers!

Re:Better late than never?

[SillyMe]

Wow, have you ever considered a career in trolling?

Here is my reasoning: What ORBZ is doing is equivalent to walking around a parking lot at a shopping mail and checking if people remembered to lock their cars, and then posting friendly reminders if they did not. If you were observed by the police person doing this, I would think that there would be a high probability of you having an interview with them in the back of their squad car. If someone noticed you doing this to their car and reported you to the police (along with the license plate of your car/or enough info to find your house) do you think that they may come calling?

Now pull your head out of your 'network administrators' world and try to view this as what it was -- a well intention stranger causing damage to a system that he really had no rights to touch.

Common sense is a lot less common than you think it is.

Happy, happy, joy, joy...

Re:Better late than never?

[Troy+Roberts]

It certainly is not like checking cars in a parking lot.

Ian sent a syntax valid (check RFC2821) mail header to a mail server. Said mail serve is attached to the internet. What the hell do you think it is for? Let me give you a clue. Recieving mail. The server should not crash/lockup etc. because it recieves valid headers. This is like having a building that callapsed if you knock on the door. You might claim you door was for entering the building, not knocking, but that would not make it my fault the building collapsed.

Re:Better late than never?

Actually, it's more like the guy out checking the car locks slapping a big gooey unremovable sticker on the door of cars that he found unlocked.

And the guy proud of the expensive new paint job on his door gets pissed because now it's fucked up.

Re:Better late than never?

[SillyMe]

From a systems admin perspective I may agree with you. If you take the perspective of the masses, he was being a good samaritan who was also a pain in the ass and caused damages for a group of people.

I realize that at times its hard to remember how the rest of the world views computers and networks but sometimes it is necessary (especially since they would be the jury of peers in any trial).

Re:Better late than never?

[GSloop]

Even better, it's like me connecting to your web server, and your web server crashing because I used Opera, rather than IE. Then you get the police to obtain a search warrant, because my machine caused yours to crash, and you didn't have any better explaination.

Sounds like a case of CYA to me.

If I connect to your machine, that you've publicly connected to the internet, and you're offering services on, and send valid packets to request service, and your machine crashes? Well, too bad. Fix it, or learn to live with a server that doesn't work right.

What else is an SMTP server to do, other than accept mail. If your mail server crashes because it can't understand the mail, then it's the mail servers problem. NOT THE PERSON SENDING THE MAIL! Now, if I hacked my way into your internal network, and then used a non-public SMTP server to send mail, you might have a case.

That's like designing software that doesn't account for all types of input. When someone puts something in that you didn't anticipate, and the software crashes, then you blame the person who entered the data? Sheesh! Talk about passing hte buck.

Perhaps SillyMe out to get smacked by the clue stick.

Cheers!

Re:Better late than never?

[SillyMe]

Perhaps you need the clue stick. Here it is:

THE WORLD DOES NOT UNDERSTAND COMPUTERS. MOST PEOPLE THINK THEY ARE MAGIC. THESE PEOPLE ARE THE ONES THAT SET THE LAWS AND GET TO SIT AS JURIES.

I would agree that sending valid SMTP traffic should not get you in trouble. Unfortunately this is not the case here. ORBZ was deliberately sending SMTP traffic that was not kosher to see what would happen. A person in the real world may call this 'hacking'. The fact that you and I would call it testing for vulnerabilities means nothing. Thats just our perspective.

Re:Better late than never?

[floridaisp]

Let's, just slightly, change your analogy from checking car doors to checking the doors of business establishments, which are normally expecting public access. So when your hypothetical door checker goes around finding out who's open no law is broken because front doors and public access are expected.

Well, if you interface a mail server to the public Internet you should expect occasional probing, illicit as well as legitimate, to occur. If you were on an intranet you could expect exclusivity but not so on the public Internet.

The apparently inept manager who failed to keep their server current and thus avoid the exploit should be held responsible. She apparently ignored this fact and failed to tell the investigating officer that fact. Let's see 'hmm, I'm too lazy to do this upgrade so go arrest this kid in NY'.

These people acted irresponsibly and abused their power. They should have known better.

Re:Better late than never?

Sending email? Was that his *real* intention? I think he sent a probe. Yes, yes, yes, valid email header blah, blah, blah. Was he really trying to get an email message to someone with an account on that machine? Look at his intention and how he translated that to an action. His action was to send a probe... a probe to test vunerability... dangerous. Better ways of doing it? Don't know, not an expert, and neither would any of his jurors be.

Re:Better late than never?

This was mod'ed up?

Is it just me or.....

The Detective had no reason not to believe he was pursuing a hacker when he issued a search warrant.

I always thought judges issued search warrants, and the police acted upon them.

Also on the same page.....

Manager Renews Search for New Police Chief

Are the two events possibly related?

Re:Is it just me or.....

[pyramid+termite]

Manager Renews Search for New Police Chief Are the two events possibly related?

No, Battle Creek's been looking for a new police chief for quite some time - it's a thankless job ...

Comment removed

[account_deleted]

Comment removed based on user account deletion

Also

[NiftyNews]

"The City concluded that ORBZ.ORG had no criminal intent to cause the City harm by testing the 'open relay' status its server.

The City also announced that it really like to be capitalized when referred to. It also notes that the word "of" is still banned when referring to stories about The City.

Re:Also

[zeus_tfc]

Quoth the Tick:

"The City, MY The City!"

Re:Also

[ethereal]

The City of Townsville?

Nope.

[Russ+Nelson]

Nope. Read Ian's message. He said that he wasn't closing ORBZ because of *this* case. He was closing it because of the subsequent cases.
-russ

A better analogy...

[GeekWithGuns]

From the article:

But, if I can draw the analogy that just because everyone should wear a computerized bulletproof vest doesn?t mean that shooting people to find out who isn?t wearing one is the best answer. If Mr. Gulliver chooses to do this, he perhaps shouldn?t be surprised that he will occasionally be confused with the type of individual he is fighting against.

Not quite, here is a better analogy:

ORBZ is giving out crack and instructing you to pass it out to children, to test out you sense of common sense. The bad servers just pass the crack out, the good servers distroy the crack. BC's mail server decided to take the crack.

If handed some crack everybody should know not to give it to children (forward spam), and not to take it (create a mail loop inside the server).

Re:A better analogy...

[Performer+Guy]

Ahh, these are both perfect examples of why reasoning by analogy is the exclusive preserve of imbeciles. ORBZ tested mail servers. He did not distribute crack to children and he did not shoot anyone.

I'm not into reasoning by analogy but if you feel the need in future here are some alternatives you might try, at the very least they betray your disgusting attempts to impugn ORBZ:

ORBZ is squeezing the fruit in the supermarket to see if it's ripe.

Another:

ORBZ is playing a tune to see if they approve of the melody.

Now go scurry under your rock and stop implying that what ORBZ did is anything other than a public service, or worse; equating it to selling coke to kids. These things are not morally equivalent you dolt.

Gee, the city manager agrees with me.

[Russ+Nelson]

I told Ian, time and time again, that he shouldn't be testing innocent servers. Test servers that have sent spam, yes, by all means. But you can't go around invading innocent servers.
-russ

Re:Gee, the city manager agrees with me.

Russ:
get a life. jackass.

Re:Gee, the city manager agrees with me.

[Russ+Nelson]

AC: get an account. jackass.

-russ

p.s. this is typical of the witty repartee which passes for commentary from ORBZ supporters. Honestly, if you wish to convince me that I'm wrong about how anti-spam activists shouldn't be spamming innocent servers in their holy quest to identify open relays, you're going to have to supply more of an argument than "get a life." I already have a life. What I *need* is a way to talk to the Navman iPAQ sleeve from Linux. And I doubt that you're smart enough to help me with that.

Re:Gee, the city manager agrees with me.

[derF024]

ok, how about this;

the scan of the battle creek server by orbz was REQUESTED by a user that was CONTACTED by that server. Battle creek initiated contact with a server that scans all connecting hosts using the orbz service, or an end user recieved spam from that server. this is the only way that any host gets scanned by orbz, and this is the reason that your server was scanned by orbz. _YOU_ initiated contact that led to the scan. now stop being a jackass and go do something more productive.

Re:Gee, the city manager agrees with me.

and you've been told time and time again that
you're a retard and you should shut up, by
multiple people.

i think the orbz people have made it rather
obvious that they don't care what russ nelson
thinks, so maybe you should save your breath
and get a hobby or something.

Re:Gee, the city manager agrees with me.

i think that it is inarguable that "GET RICH QUICK"
and "PUMP YOUR PENIS 100000x BIGGER!" sort
of email is a different sort of creature than
the email probes that orbz sent out to different
servers.

you seem real bitter about the "get a life" thing.
maybe deep down it really hits close to home, eh?

Re:Gee, the city manager agrees with me.

[StenD]

Considering that one of the core principals of spam activists used to be "content doesn't matter", it's quite arguable. Unsolicited bulk email is unsolicited bulk email, whether it is sent to make money, promote a political candidate, solicit donations to a charity, or test if an alleged open relay is, in fact, open.

Re:Gee, the city manager agrees with me.

[Skapare]

Russ, you're still wrong.

There's no reason to believe that a server that has NOT sent any spam is MORE likely to have defects in design, coding, or configuration, when compared to a server that has sent spam. In fact, if a server HAS sent spam, THAT is the server that should not be tested. The server that has sent spam is more likely to be afflicted by at least one of bad design, bad coding, or bad configuration.

There is no reason for any properly designed and managed server to crash and burn as a result of any piece of mail delivery. That some do is not a valid reason to devalue an important tool in the effort against spam. It could be of value if it is possible to identify from the SMTP banner if some server is a defective one, such as an older version of Lotus Notes. If that can be determined, then ORBZ should simply add the server to the list and not send anything there at all (except maybe a notice of why they are being listed). I suggest they be added because I do not want them to be sending my servers any mail because that mail has a risk of being spam, due to an obvious situation of inadequate or incompetent administration of that server.

Re:Gee, the city manager agrees with me.

[asackett]

Was the test of the busticated Battle Creek server initiated for some reason other than an offensive email having been delivered by it?

Re:Gee, the city manager agrees with me.

[Gleef]

StenD writes:

Considering that one of the core principals of spam activists used to be "content doesn't matter", it's quite arguable. Unsolicited bulk email is unsolicited bulk email, whether it is sent to make money, promote a political candidate, solicit donations to a charity,[...]

I'd agree with that

[...]or test if an alleged open relay is, in fact, open.

But not that. An open relay test is neither Unsolicited (AFAIK, ORBZ sends the emails to itself), nor Bulk (AFAIK, ORBZ sends only a few emails to test, and sends them one at a time).

The test email is clearly not authorized to be on the server, but the SMTP protocol was designed to give servers many options for handling misrouted and unauthorized emails. Any SMTP server should expect to get a few mails that aren't supposed to be there, and act accordingly. In this case, a commercial vendor sold SMTP server software for a great deal of money that apparently doesn't know what to do with a simple unauthorized email. Battle Creek should be fuming at their vendor, not at the person who sent the email.

I'm glad to see them calling off the dogs; sadly, I fear that ORBZ is mortally wounded from the bites by now.

Re:Gee, the city manager agrees with me.

[Pussy+Is+Money]

An open relay is not an innocent server.

BTW, I am starting to get a feel for how this whole "power thing" works.

First the government cracks down on civilians trying to weed out obnoxious mail servers. Then a few years later the government concludes that the private sector is not doing enough to curb the abuse of email. Finally the government instates a law outlawing open relays and grants the police the authority to seek and destroy open relays.

It's an unbeatable deal.

Re:Gee, the city manager agrees with me.

[Russ+Nelson]

Nice try, Fred. Unfortunately, Ian put *no* limitations on which servers would be spammed by ORBZ. Your assertion "this is the only way that any host gets scanned by orbz" is simply a lie. Not to mention that you didn't phrase it in the past tense.

By the way, the host which was scanned was one that is listed in the MAPS RSS. That host NEVER contacts anybody under any circumstances except one: because somebody sent email to that server. So even *if* you are correct and that ORBZ tested only because an SMTP client on that host contacted somebody's SMTP server, it could only have been by that person's request. I didn't initiate the contact; they did. They cannot then claim that "[I] initiated contact that led to the scan".

Stopping people from continuing ORBZ abuse is being productive. There are enough fanatics (e.g. you) who think that ORBZ has done no wrong that one of you will likely re-implement it.
-russ

Re:Gee, the city manager agrees with me.

[Russ+Nelson]

AFAIK, ORBZ sends the emails to itself

No. Ian forged addresses intended to trick the SMTP server into forwarding the email. Ian also used a false envelope sender (blah@localhost) which is unusable for returning a bouncing email.
-russ

Re:Gee, the city manager agrees with me.

[Russ+Nelson]

you seem real bitter about the "get a life" thing.
maybe deep down it really hits close to home, eh?

No, actually it's because I really *do* want to figure out how to access the UART on the Navman sleeve. Unfortunately, ARM Linux seems to either be caching that section of RAM (which is shouldn't be, given that that memory was allocated using ioremap), or else it's not pointing the memory at the actual hardware address of the UART.
-russ

Re:Gee, the city manager agrees with me.

[Russ+Nelson]

An open relay is not an innocent server.

Oh? Some feminists say that all men are potential rapists. Some also say that rapists should be castrated. Does it then follow that all men should be castrated? No, of course not, because there is no guilt where there is only potential. And an open relay is only a potential source of abuse.
-russ

Re:Gee, the city manager agrees with me.

First, go patch your Lotus Notes box then let's talk about your iPAQ.

Re:Gee, the city manager agrees with me.

[Pussy+Is+Money]

Do you have a problem sticking to the problem at hand? Why punish people at all? After all even a convicted criminal is only a potential source of abuse.

Re:Gee, the city manager agrees with me.

[afidel]

I think you are missing the destinction between likely and potential. An open relay is a very likely source of abuse, a given man from the general population is a potential but unlikely rapist. Although the two are close in common English usage their legal and logical definitions are not the same. See necessary and sufficient conditions in a logic text for further explanation.

This English lesson was brought to you by letters P and Q.

Re:Gee, the city manager agrees with me.

Yet, strangely enough, *MOST* mail servers successfully bounce those messages back to where they came from.

Re:Gee, the city manager agrees with me.

[Accelerated+Joe]

It's a crime [quaker.org], not a war. If you want a reply, log in.

Russ,

Regarding your signature, perhaps you misunderstand the way the english language is used. You see, it unquestionably IS a war. You seem to be confusing who started the war versus whether or not to call it a war. Hint: If a US force overthrows the government in Afghanistan in open combat, you're dealing with a war!

Maybe you want to ask who started the war? The WAR itself was started by the US, I believe. We're sick and tired of crap ass governments who refuse to control their own territory. It is easier for the public to understand if you just say you're having a war on terrorism. It also allows the president to slosh the war around freely. Who cares? Not me! Governments should punish those who cause violence to others, or at least do something to help prevent it. If a foreign government fails to do this, and thousands of people are dying in America, then it is time to do something.

I was going to give you the benefit of the doubt on all this ORBZ stuff, but you've sabotaged your credibility with me by posting your uninformed rant on quaker.org.

Re:Gee, the city manager agrees with me.

Seeing your sig and reading your post I can't help thinking
1 p imples q and
2 What is the probablilty of Q given P?

Re:Gee, the city manager agrees with me.

A convicted criminal (assuming due process and no injustice) is a proven past abuser. Shouldn't be assumed to be automatically to be a recidivist, but patterns can often be seen.

Actually I was trying, obviously ineffectively, to point out that most problems are only potential until they are realised.
Man jumps of 100' cliff - 90' up he says "OK so far", 80' up he say "OK so far"....
it's the stop that's the problem but being unsupported in mid air is only a potential problem until the sudden stop actually kills you.

An open relay is a potential problem until it is exploited, a closed relay isn't a potential probelm at all as it can't be exploited.

Re:Gee, the city manager agrees with me.

LOL too funny,
thanks I needed that.

Re:Gee, the city manager agrees with me.

[asackett]

Your analogy sucks, Russ.

An open relay is more like a syphilis-infected slut. She may be sleeping now, but when she's awakened, she's going to make someone regret being screwed by her. Asking for an STD test before hopping in the sack with someone is now considered an unfortunate but justifiable state of affairs, not an insult.

Re:Gee, the city manager agrees with me.

So how many mandatory roadblocks administering sobriety tests do you think will be enough to address the drunk driving problem in an orbz-like fashion?

Re:Gee, the city manager agrees with me.

You're running ARM Linux?

Cool. Is it on one of those Chalice C.A.T.S. ATX motherboards?

Re:Gee, the city manager agrees with me.

d00d, i don't care about that. that has nothing to do with what i said. you love to stalk the orbz people. why don't you leave them alone and get a girlfriend or something?

Re:Gee, the city manager agrees with me.

[Russ+Nelson]

It's quite frustrating, you see, because the Pretec GPS CF receiver works just fine. The difference between the two is that the Navman sleeve doesn't have any CIS, so that cardmgr doesn't know anything about the UART. If I could manage to figure out how the pcmcia code is mapping the UART into memory, then I could do the same thing for the Navman's sleeve.

But as you admitted, you're too stupid to help me with this. BTW, I was only pulling sudog's leg about "stalking" Ian. Man oh man did ever go ballistic. But he and I have made up. Now if you were only as mature as him....
-russ

Re:Gee, the city manager agrees with me.

[Russ+Nelson]

No, it's on my iPAQ. Reflash the bootloader, reboot to *run* the bootloader, and upload a Linux filesystem. The bootloader knows to look in the filesystem to find the kernel, and whoosh, you're up and running X. On a handheld.

-russ

Re:Gee, the city manager agrees with me.

[Russ+Nelson]

I can't say your analogy is much better. Pursuing it nonetheless, your smtp server should probe the smtp server on the same machine as the smtp client. I have no problem with that. If somebody wants to send you email, they might reasonably expect you to contact their smtp server with a reply.

This is NOT probing innocent servers.
-russ

Re:Gee, the city manager agrees with me.

[Russ+Nelson]

Innocent until proven guilty. And innocent means that you can't go rifling through their server looking for an address it will accept and relay.

-russ

Re:Gee, the city manager agrees with me.

[Russ+Nelson]

If you don't want to hear my comments, BLOCK ME.

Hey, it's the same "solution" that various and multiple ORBZ-fans have suggested to me. "If you don't want to get scanned, just block the scanning machine on the IP level." This sounds a lot like spammers: If you don't want to get email from us, just block our machine on the IP level."
-russ

Re:Gee, the city manager agrees with me.

[belroth]

As opposed to random breath-testing you mean?

Re:Gee, the city manager agrees with me.

[Pussy+Is+Money]

The question is, are open relays abused by spammers. The answer is yes. We can argue about specifics such as what percentage of open relays is abused by spammers, but until we have that kind of (solid) information, we can infer from experience that, yes, spammers do abuse open relays -- the degree to which this is true being proven simply by the effectiveness of not accepting mail from open relays.

Incompetent Sysadmin

What this boils down to is the city's system administrator saw the system go down, and didn't know how to fix it. It took her 24 hours to get the system back up, and to protect her job she cried wolf to the police, shifting the blame from her incompetence to an evil "hacker".

Note to Battle Creek city managers: hire competent IT professionals, and this won't happen.

Re:Incompetent Sysadmin

[Skapare]

Competent IT professionals cost a lot of money ... unless you import them from India.

Re:Incompetent Sysadmin

[hymie3]

Blockquoth the parent:

What this boils down to is the city's system administrator saw the system go down, and didn't know how to fix it. It took her 24 hours to get the system back up, and to protect her job she cried wolf to the police, shifting the blame from her incompetence to an evil "hacker".

Note to Battle Creek city managers: hire competent IT professionals, and this won't happen

Parent was modded flaimbait, but I agree with it. There really isn't an acceptable excuse for the email server being down for as long as it was. I can just imagine the sysadmin panicking after bouncing the box for the third time and *still* not having the problem "fix itself".

Even a lazy/incompetent Domino admin should know how to clear the mail queue and reboot.

Re:Incompetent Sysadmin

[Lumpy]

they cant... The city of Batle Creek is just like the city of Muskegon.. They hire incompetence. why?? well for first, the TOP pay is $35,000.00 starting pay is $28,000.00 and the Water Filtration plant operators, people who have the lives and health of the entire residents and have the most important job in the entire city get paid a maximum of $41,000.00

Anyone that wants to be able to eat,live will never work for a City gov position. Then you are stuck working inside a ruleset that is made by the biggest pool of retards possible (City management and the City council/mayor.).

I have yet to meet a IT person from a small/medium sized city that isnt a complete moron.,, Granted I only met them here in Michigan, and I am sure that there are some smart ones out there, but they usually dont work for cities... they find jobs with a real pay-scale.

Re:Incompetent Sysadmin

[mgarraha]

Note to Battle Creek city managers: hire competent IT professionals, and this won't happen.

Sensible enough, but when I worked in BC, we had a heck of a time finding people. The few that we found either relocated or commuted more than an hour each way. Apparently it's not an IT talent rich area.

Re:Incompetent Sysadmin

[pyramid+termite]

Sensible enough, but when I worked in BC, we had a heck of a time finding people.

Kalamazoo and Grand Rapids are much more desirable places to live. The school systems in Battle Creek are mediocre at best, and the people, for the most part are depressing drones, and the employers, for the most part, treat them as such. There's little culture to speak of - I don't call the BC Symphony Orchestra great culture, not to mention all those nice little fetuses in jars in the Kingman Museum ... There's something wrong with a town where the hottest spot on Friday night is Green's Tavern ... (country & western bar).

Re:Incompetent Sysadmin

From the Wired article:

Cindy Hale, a systems administrator for the town, said she was the one who had to deal with the crash.

"We had to get with our Cisco expert and get into our firewall and make some changes in there and make some changes to our (Lotus) server to not accept any mail from Orbz," Hale said.

Why would Cisco need to get involved? This is a mail server issue, innit? Sounds like someone doesn't know how to do their job, for sure.

Re:Incompetent Sysadmin

[dcavanaugh]

In government, you have a level of incompentence by design, with low salaries and corresponding skill level. For some low-priority services, it's OK to have disposable people doing a mediocre job. At some level, this doesn't work; something has to give. When I worked in state government (not Michigan), I noticed most of the smaller agencies were Battle Creek style operations, while there were a few with decent size data centers and reasonable staff that occasionally had a clue. The "poor" depend on the "rich" for guidance & services. I worked in a state agency where the entire IT staff was designated "management/exempt" for the purpose of establishing salaries that were outside (above) the offical state job classifications. By world standards, we were OK; by government standards, we were like Starfleet Command.

My point is this: Even municipal government occasionally needs computers that work, and has procedures to make it happen. Either they have some exempt people who have non-traditional titles and salaries >$35000 or they have outsourced services (provided by people who make more than $35000). The no-brainer solution to programmed incompetence is to hire the people you need at market rates and then disguise them as "consultants". The "temporary" consulting contract gets miraculously renewed every year, and you have in essence a real person doing a real job for real money (in an Oliver North/Iran Contra sort of way). This approach actually costs more than the staightforward concept of repairing the broken job classes & salaries, but it completely circumvents the HR dept, and that's usually a good thing.

Private industry does the same thing. In a hot market, they hire consultants at market rates because their salary structure is too low. In tough times, they dump the consultants because they're "expendable". If you think about it, there isn't enough "temporary" IT work to explain the number of people who work as consultants.

To me, the Lotus/Domino guru of Battle Creek is probably performing at a level commensurate with her salary. You get what you pay for.

Re:Incompetent Sysadmin

I know I won't work there for peanuts. The reason this Sys. Admin. may not be properly trained is that they are afraid if they properly train her, then she can move to Detroit for real money. If she is never trained, then she can't leave.

More than one company tried that stuff on me, including my current company (they will train me on R6, but only if I sign an abusive 2 year contract that makes me pay them 10% INTEREST WHEN they lay me off). I got certified anyway long ago and climbed out of a "slave wage" pay level.

Yeah, some lawyer read the millions of letters.

[Romancer]

"avoid the issue..."

yeah, more like "avoid being bitch slapped by the hords of loud bitchy anti-spam leagions of the internet."

Good call Battle Creek, Michigan

Sanity restored.

[Performer+Guy]

This is a very good development. It is refreshing to see people admit their mistake and back down. It is even more refreshing to see them confess that they realize that ORBZ has actually done them a service, the problem was theirs in the first place and they will try and do better in future.

All is forgiven Michigan IMHO.

Re:Sanity restored.

All is forgiven Michigan IMHO.

Not everyone has that view. They still knocked ORBZ offline and managed to lose the net a valuable tool. I hope those competent admins that just put these bozos into thier blocklists keep them there. They earned it. Anyone that destroys an anti-spam resource deserves to be intranetted. A weasel-worded apology doesn't bring it back.

Re:Sanity restored.

I have to ask then:

What is your feeling on the ElcomSoft Advanced Email Extractor tool? To quote from the sales site: Advanced Email Extractor (AEE) is designed to extract e-mail addresses from web-pages on the Internet (using HTTP and HTTPS protocols) and from HTML and text files on local disks.

It's a spammer tool, designed to harvest email addresses from weblogs like Slashdot so that spammers can use them.

It's also from Elcomsoft, the place where our little 'freedom poster boy' Dmitry works.

When the anti-spam people start hammering these fucks for arming the enemy, I will start taking them seriously.

But what about Slashdot's intent

[phr2]

in DDOS'ing (slashdotting) Battle Creek's server? Will Slashdot get prosecuted next?

Re:But what about Slashdot's intent

[Skapare]

No. But they might get a court order to turn over all the account information. Maybe then we can find out who the real Anonymous Coward is :-)

Re:Spam?

[Performer+Guy]

Yea, that would be a mail bomb, but I haven't heard the phrase used in years.

Too bad...

...I note this wasn't blurb'd as being a "must read...".

Guess we can ignore it and wait for the next one.

Martha! Hand me the remote! Damn slashpot punks are goofing and I need to see how that lawsuit the Koreans are pressing against Leno is going...maybe Alan Smithee has some decent news on his show.

Wait until they get /. 'ed...

[buff_pilot]

for a better link...

The email test triggered a weakness in the version of Lotus Domino software used by the City and caused a major slowdown of the City's email network for about a day on February 25, 2002.

The ./test triggered a weakness in the version of Lotus Domino software used by the City and caused a major slowdown of the City's network for about a day on March 22, 2002.

-jim

Shooting people to tests for vests

[Skapare]

From the press release by Michelle Reen, Assistant to the City Manager, Battle Creek, Michigan:

"But, if I can draw the analogy that just because everyone should wear a computerized bulletproof vest doesn't mean that shooting people to find out who isn't wearing one is the best answer. If Mr. Gulliver chooses to do this, he perhaps shouldn't be surprised that he will occasionally be confused with the type of individual he is fighting against."

This analogy is flawed. Here's why:

Shooting people is something where, if a vest is not worn, can be expected to cause serious injury or death. Even if a vest is worn, the outcome can be injury, and death has been known to happen.

A more accurate analogy would be tapping someone on the shoulder to see if they are alive. But you don't expect that one in tens of thousands happens to have a very sore shoulder, and this tapping causes great pain.

My analogy is more correct because the kinds of tests ORBZ does is not one where a reasonable person doing this kind of activity (reasonable in this case meaning someone who understands the SMTP protocol, and related standards like RFC822, TCP, etc) would expect to cause serious problems. At most, this should trigger an alarm in more secure servers, which can then be filtered for this known testing source. ORBZ is not including codes intended to damage or destroy computer systems in these tests just to see if they would be destroyed (as Ms. Reen's analogy would suggest).

It seems to me that the city of Battle Creek perhaps acted a bit hasty in the way they reacted. I'm not saying that they shouldn't have the police involved in the investigation, and I'm not saying they shouldn't pursue acquiring information to further that investigation. However, such an investigation should be tempered by the understanding that defective software, especially that which has not been properly maintained, or properly configured, can, and very frequently does, fail on account of that defect simply as the result of a properly formed standards defined computer or network activity. We all know PC systems (especaily, but not exclusively, Windows) can fail at times even though only normal activity is taking place. Just because an activity can come from outside, from the internet, does not mean that it can only be malicious.

I recommend the City of Battle Creek Michigan, and any other government or business in like circumstances, operate under the following suggestions:

• Whenever something causes a system to fail, include in any investigation of the cause an analysis of why it failed, including the protocols and software codes involved. Don't just hand it over to the police after the first jump to conclusion. Gain an understanding of exactly why the system failed, especially if the failure repeats.
• Whenever a problem is tracked to some source, don't jump into threatening mode on initial contact, unless you have a reason to believe the communication would fail any other way. Serious intent to investigate and followup on real crimes does not mean aggression in legal procedures gains anything. Were this a real internet cracker, there wouldn't have been any useful information from this first step, anyway.
• Place stronger protection between office LANs and city WANs and the internet itself. But do more than just a simple firewall that allows raw TCP streams to pass. Use a strong secure server with proxying where possible. Systems like Lotus Notes are Microsoft Exchange are too likely to be vulnerable, and too mission critical for staff operations, to be expected to also serve as the shield facing the internet. Run an OpenBSD server with something like Postfix to forward mail, and Squid to cache web accesses both in and out.
• Institute new procedures that outline standard timeframes for keeping computer systems up to date, especially with the latest security alerts. All security patches should be installed within 7 days of availability or a report made to the top official regarding why that patch cannot be applied, describing alternative steps to deal with the risk. All other systems should be upgraded to the latest version within 90 days, if free. If not free, an analysis of the benefits (if any) of purchasing such an upgrade should be provided to the person in charge of making system software purchasing decisions, within 90 days.

Also, get the reverse DNS fixed on your mail server.

Re:Shooting people to tests for vests

Your arguments are fellatious.

Re:Shooting people to tests for vests

[Skapare]

Is that something you do with your boyfriend?

Re:Shooting people to tests for vests

[WoodstockJeff]

As the person responsible for email at a small ISP, and a volunteer for our local Emergency Services, the thing I find amazing and disconcerting is that government agency computer departments have some of the worst security you can imagine. And a lot of it is because they won't spend the money to hire competent people... because that can't be "justified".

Recently, my mail server stopped accepting messages from my "boss" at the courthouse, because they'd managed to get listed in SpamCop, ORBZ, and ORDB, with MAPS listing them with "we have spam on file from this site".

When I pointed this out to the IT department, and gave them pointers to where to find at least a partial fix for GroupWise, I was told that they KNEW they were running an open relay for more than 6 months before the RBLs found out, but had no idea where to look to find the "cure". (Getting rid of GroupWise wasn't an option, apparently, even though this is the only way to secure a GroupWise installation... B-)

They still haven't addressed the fact that they run the only non-encrypted wireless networks in town...

Re:Shooting people to tests for vests

[Skapare]

Interesting that the latest banner I get is....
220 battlecreek.org GroupWise Internet Agent 5.5.3.1 Ready (C)1993, 1999 Novell, Inc.

I had a run in that went a slightly different way with a member of the school board for the Spencer Wisconsin school district. I got spam from them. I reported the problem to them, noting also that this was an inappropriate way for tax dollars to be spent. I got this response:

Dear Phil,
We have talented people working hard to keep our system clean. Somehow
it seems that criminals and crackers are better funded than public school
systems. Figure that out. Meanwhile, if you would spend less time
criticizing honest hard working people and more time helping put a stop to
this sort of thing, we'd all be better off.
You sir, are a Prick.

Sincerely,
Jeff Darga
VP-Spencer Board of Education

What I'd like to know is why honest hard working people are incompetent and leave a mail server open to spamming abuses. Of course Mr. Darga doesn't really seem to care.

Re:Shooting people to tests for vests

[darkonc]

When I was first reading that letter, I was expecting it to be a (badly written) lead-in to a request for volunteer support. This could have been a good thing.

The "you are a prick" part caught me off guard. If Mr. Darga needs some help, he is NEVER going to get it with that kind of attitude (even from his co-workers and underlings).

I think that Mr. Darge needs a vacation, a good course in stress management and another course in dealing with the public.

Re:Shooting people to tests for vests

So why didn't you send this information to the local newspaper? Seems to me the voters would love to see what a foul-mouth guy this "Jeff Darga" allegedly is.

Re:Shooting people to tests for vests

[tmuller]

It's idiot comments like "you sir, are a prick" that keep those who know what they are doing from doing there jobs.

If this guy would get a clue, hire someone to put a real mail server up, we'd all be in a better place.

But school districts are underfunded and don't have any staff that know what they are doing (go figure, they are teachers!)

Re:Shooting people to tests for vests

[darkonc]

Underfunded school boards can often get people to do volunteer work for them (hey, it's beneficial to their kids (or it's the kids that are doing the volunteering)). This presumes, of course, that you don't have people like this Darga guy, greeting potential volunteers with a firehose and nightstick.

Re:Shooting people to tests for vests

[darkonc]

So why didn't you send this information to the local newspaper? Seems to me the voters would love to see what a foul-mouth guy this "Jeff Darga" allegedly is.

verbal moderation: +1 interesting.

Re:Shooting people to tests for vests

[the_olo]

> Shooting people is something where, if a vest is
> not worn, can be expected to cause serious
> injury or death. Even if a vest is worn, the
> outcome can be injury, and death has been known
> to happen.
> A more accurate analogy would be tapping someone
> on the shoulder to see if they are alive. But you
> don't expect that one in tens of thousands happens
> to have a very sore shoulder, and this tapping
> causes great pain.

What about if you tap someone on the shoulder and scare them to death?

Re:Shooting people to tests for vests

[hawk]

>I think that Mr. Darge needs a vacation,

Nah. The local paper needs a copy of the letter. It does wonders for political careers when the paper has to note that it cannot include the entire letter sent from a school board member to a citizen because "he wrote things that can't be printed in a family newspaper" . . .

hawk

Re:Shooting people to tests for vests

[Skapare]

Here is the letter I sent, sans the spam itself (typical relayed spam). As you can see, I didn't focus on the spam, and I didn't subject them to my usual "block first, ask questions later" approach (else how would I have gotten his response).

The following is a complaint regarding SPAM from the Spencer
Public Schools.

Spam is bad enough for some company on the internet sends it
out to you. But it can be stopped easily by recording the
location it comes from in a list of places to reject mail from.
Thousands of Internet Service Providers and other companies
are now doing this.

Now spam is coming from the Spencer Public Schools. I don't
think this is what the tax dollars of your community are for.
Yet it is paying for helping some spammer on the internet to
send his junk mail to millions of people. It not only costs
you money, but it also costs other people money.

I have been seeing this kind of thing happen in many many
places throughout the Internet. Mail servers are set up on
the Internet, and they are either set up incorrectly, or they
are set up with bad software. One or the other of these did
happen at Spencer Public Schools. That's how the spam came
through.

When a mail server is set up, if the person who sets it up is
not specifically thinking about making sure others cannot relay
their spam through it, they might as well accept the fact that
it is going to happen. The same thing applies to security.
Can you be sure that your servers (all of them) are really so
secure if the person who sets them up is so careless as to let
spam come through a mail server? Do you know that when they
set up the other servers they thought carefully about all the
security issues when they did it to make sure no one can access
things like confidential records? Have you audited the security
of the Spencer Public Schools computers?

So you're running Windows 2000. That doesn't make it secure.
Obviously it doesn't if a simple thing like using your computer
to send spam throughout the world for some con artist can be
done. Setting up ANY computer requires that the person who
sets it up realizes that it is NOT secure until they do all the
steps necessary to make it secure.

You are sure to get many complaints due to this spam. The first
thing that will happen is someone will quickly go make changes
to the mail server to prevent this one security leak. That may
seem fine at first. But what about all the other security holes?
Will they also be plugged up? Do you even know what they are?
And what about your computer operating procedures and policies?
Did they cover this kind of situation? They obviously failed
to prevent it. But were they even written to prevent it or did
they just not even address the issue at all?

You clearly need to get some competent computer help involved
in making sure your computers are secured. Perhaps you can get
this help from WiscNet. But you definitely need to get that
help, and get it soon. And don't ask one of the students who
might seem to be very bright with computers. They might be
good at cracking into computers or writing nifty programs, but
what you need is a professional analysis of your procedures and
security policy. And you need to get it done before the fall
school term begins. If not, you are almost certain to become
a victim again, and again; if not from spammers, then maybe
even from one of your own students.

As for this spam incident, normally my very first action after
sending a formal complaint is to totally cut off the offenders
network from our network. If I did that here, you'd have to
make a request to me to restore that access by some means other
than through your own mail server. It's usually inconvenient,
but it gets a serious message across to Internet scofflaws.

In this case, I'm not going to do this. I won't be blocking
your network. If the problem repeats, I'll change my mind.
I have over 21,000 networks blocked right now (over 3,000 of
them are in China). And those are the ones where the people
running them just don't care.

Normal spam complains include a copy of the spam that caused the
complaint to be made. So I'm including that below. Each line
of the original is intended with a "|" character at the left
side of each line. Here it is:

Re:Shooting people to tests for vests

[Skapare]

I'm so .... scared!

That's very unlikely to happen in normal circumstances. Perhaps it would have been prudent for ORBZ to suspend testing for a few days after 9/11, as that was an abnormal time.

Re:Shooting people to tests for vests

[clifyt]

Thats funny! I had gotten some crap from their servers in the last few days as well. I've gotten a few dozen emails with the subject "Re: Order" and 'funnily' enough, using other folks images (one of which was changed to a 'THIS IS SPAM' in big red letters across the screen). yeah, I would normally put this in a spam filter, BUT my vendors respond back with headings like this and I hadn't had time to figure out what to filter on.

Looking through the headers, a good chunk of these had gone through the Spenser school :-)

Wadda prick...hell, one of my servers recently had an open relay and the folks at these types of places (Orbz) actually helped me fix it. It pissed me off that I was getting blocked, and it pissed me off that I was getting hate mail, but you know what? It was my fuck up (ok inherited fuck up) and I hate spam as much as the rest. This guy sounds like most of the MCSEs I know...won't even try fixing anything that ain't a M$ Server (and when it is - ain't responsible for anything til a hotpatch is rolled out).

clif

Re:Shooting people to tests for vests

[renehollan]

What about if you tap someone on the shoulder and scare them to death?

This is a very good question. Of course, IANAL (and I'd wish that more L's would offer hypothetical opinions here, not to be construed as legal advice), so don't construe this as legal advice... that said, my understanding is as follows.

There is a principle that you have to accept people as they come. This means that, if you sneak up behind someone, shout "Boo!" and they drop dead of a heart attack, you are responsible for their death. You may or may not be criminally negligent or liable as well.

If the victim was participating in an activity, where sneaking up on people and shouting "Boo!" was expected, you are genererally in the clear, even if they had a weak heart. The organizers of such an activity do have a responsiblility to explain the potential risks though, lest they be found negligent.

But, if unexpectedly, and for no other reason than to frighten, you cause someone to die this way, you are in a heap of trouble. The reasoning is that you had no justification, other than your amusement, for the action, and so must bear the consequences for the results.

In the case of tapping someone on the shoulder to see if they're alive there's good reason for the action: you're looking for survivers of some tragedy (for example). If anything, you are trying to be helpful, and while this sometimes results in unfortunate accidents, helping others is an activity that is generally encouraged. Many jurisdictions have "good samaritan" laws for this reason: if you injure someone in a good-faith effort to help them, you can't be found legally liable (though, I'd limit that to criminal charges only because you are still responsible: "Judge: you paralized them while saving their life -- they're entitled to $1,000,000 compensation if they're willing to die for it (as they otherwise would)").

In this case, ORBZ was performing a social service, albeit taking the "law" into its own hands in policing servers. So the situation is unclear. Their "victims" certainly weren't in dire need of this "assistance". However, was what they were doing reasonable? They were simply sending standards-complient mail to servers that clearly were set up to accept it. An analogy would be sending a letter to someone to see if they send nasty, annoying mail back. Is it your fault if they go into fits of apoplexy instead because they have an epileptic seizure due to the particular shade of blue of the envelope of your letter? When they provide the mailbox?

The clincher, though, is that the mail server software was probably licensed without warranty from Lotus. So, here you have an organization taking on the risk of potentially buggy software and then trying to foist that responsibility on people who accept their invitation (I'd consider an MX publication an invitation) to use it.

I think that prosecution was dropped in this case, not because the city had a change of heart, but because legal council adviced them that they had a weak case. That would explain the flip-flopping tone of their press-release: "we don't have a case against you but you caused us grief because we used buggy code".

Re:Shooting people to tests for vests

[WoodstockJeff]

When I find a school or church organization that is relaying for spammers, I include words like these in the message to whomever:

This time it was just a stock scam; who's to say that the next time won't be a child pornographer? Until you fix this, YOU can't!

I don't remember any such relay that wasn't fixed within a couple of days...

Re:Shooting people to tests for vests

[gnugnugnu]

His closing comment was out of line but so was your mail. Your mail was condescending and unnecessarily verbose. You have to try and put yourself in his shoes and have some empathy.

you could have made your point in about 2 paragraphs without implying that he was incompetent (he should get competent help), without bitching to him about how much you dislike spam, and definately with complaining that he was wasting taxpayers money and blaming him like it was his fault.

*I* _know_ thats not what you meant but he obviously did not and it is very easy to read it that way if you are an overworked underfunded school. There must have been a time when you have fired off an angry email without thinking very long about it.

I suggest you send him a follow up mail apologising for your abruptness, explaining your intent and tell him how to close the open relay to prevent people hijacking thier network to send spam. A gracious offer of help will be far more productive.

What makes you think they are running Windows 2000?
This does not look like win2k
http://spencer.k12.wi.us/TSWeb-Logon/defaul t.htm
Netcraft only tells you what the webserver runs, its not infallible (some webservers lie), and its not necessarily what the mailserver is running and you dont even know if he runs the webserver.
http://uptime.netcraft.com/up/graph/?host=www.sp en cer.k12.wi.us
Maybe the headers in his reply email prove he was using windows 2000 but how could you have known the first time you mailed him?
You assume too much, which is not wise on your first encounter with a stranger. You probably feel like you are doing him a favor, but that mail would make him feel like he is just getting grief.

I dont think he is a bad guy, but you should both shake hands (at least metaphorically) and do what needs to be done. Think about the children!

My karma does not need this. i know this is offtopic but leave my karma alone.

Re:Shooting people to tests for vests

[JLester]

Groupwise has lots of options to disable mail relaying, allow only certain users to relay, use SMTP authentication, etc. All the options that standard mail servers have are there as well as NDS authentication and security.

Jason

Re:Shooting people to tests for vests

[ethereal]

Meanwhile, if you would spend less time criticizing honest hard working people and more time helping put a stop to this sort of thing, we'd all be better off.

That sounds like carte blanche to Code Red their server, and helpfully either patch their server config, or just remove the whole smtp service. The man wants your help, and he doesn't have time to do it himself, does he?

Alternate fun idea: convince local spammers to use this server as their spamhaus, with Jeff Darga's email address as the reply-to. Bonus points if they happen to be pornographic spams. I bet that will get the problem fixed real fast :)

Re:Shooting people to tests for vests

Bad letter. You come off as a BOFH, and I can see why you got the response you did; poor style on both parties' part.

Re:Shooting people to tests for vests

[biffnix]

Wow. Read your original letter, and I must admit - you ARE a prick. Your letter was condescending, self-aggrandizing (what was up with your bragging about the number of mail servers you block - does that get you chicks or something?), and rude.

As the IT Director for the Bishop Union Elementary school district, I'd probably send you a similar response if you sent a bitchy message as yours to Spencer, WI.

The bottome line - you were whiny, you didn't actually help (or offer to help) him, and you were rude. Just precisely how did you *expect* him to react? School administrators have enough work to do without having to deal with annoying strangers.

Sheesh.

Joe Griego
Dir., I.T.
Bishop Union Elementary, and Bishop Joint Union High School Districts
Bishop Elementary
Bishop High

Re:Shooting people to tests for vests

[Troy+Roberts]

I expected him to respond like a professional. He did not.

Re:Shooting people to tests for vests

[Amazing+Quantum+Man]

The following is a complaint regarding SPAM from the Spencer Public Schools.

In addition, by using all caps for the word "spam", you are abusing Hormel's very reasonable and good-natured policy regarding the use of the term "spam" for junk email.

They ask that you use all lowercase for spam. All uppercase is a Hormel tradmark for the meat product.

Re:Shooting people to tests for vests

[biffnix]

Perhaps if your original message was professional, that would have been the case. Something as simple as:

"Hello! Hey, you may not be aware, but your mail server is an open relay, and spammers are using it to forward unwanted email using your resources. If you are aware, and need help fixing the problem, please drop me a line. Thanks."

I assure you that would have been orders of magnitude more effective than the whole you-have-an-open-relay-so-you-suck-and-I-rule vibe I got from the original mail to the poor guy. And accusing him of wasting tax dollars because he didn't know he had an open relay? Come on. He probably wouldn't have responded as a prick if he hadn't been treated as one.

Joe Griego
Bishop Union Elementary School District
Bishop Elementary
Bishop High School

Re:Shooting people to tests for vests

[Skapare]

It was actually running Windows 2000 at the time. I checked through the site back then. This was 9 months ago. They apparently have changed things.

Re:Shooting people to tests for vests

[Skapare]

It is capitalized for emphasis, not for being an acronym (which it isn't). If there was a way to do bold text in plain ascii, I would have used that. I prefer not to send HTML mail.

Re:Shooting people to tests for vests

[Grue]

You are right, the initial letter shouldn't have taken on such a condescending andrude manner.

But the point is, there are a lot of pricks in the world. We should recognize that prickishly responding to pricks will only provoke the proliferation of pricks.

It will be a perpetual prick paradise.

We must stop this annoying arms race. I would have expected more from a professional political prick.

Josh

Re:Shooting people to tests for vests

A simple SMTP connect reveals that the site is running Exchange 5.5 on a Windows 2000 domain controller.

Re:Shooting people to tests for vests

[leeward]

*Bold* text in plain ascii. Maybe not everyone understands it, but that is the correct way.

Re:Shooting people to tests for vests

[geekoid]

Doesn't matter. regardless of the original letter, he should still be professional in his demeanor. It would have been far more professional not to respond, then by calling some one a prick, espcially in an eviroment where this sort of thing gets you sued.
If you had an employee get a nsty letter, would you want them to respond by calling them a prick?

Re:Shooting people to tests for vests

[biffnix]

So basically, it's ok for the letter writer to actually BE a prick, but not to call him one, based on his own idiotic words?

Hey, whatever. I'll just close by saying that if *I* got a letter like that guy wrote, I would have called him a prick, too, and I'm confident that the school board, once they read the letter, wouldn't have had a problem with that.

Regards,

Joe Griego
Bishop Union High School

Re:Holy Fuck!

And I have a penis lodged in my anus. It hurts. A lot. I can't get it out. Suggestions?

Re:Hey! Its 'Made You Look Day'

[J'raxis]

No, next the SSSCA is quietly withdrawn from Congress when its revealed that Senator Hollings was just an animatronic robot planted by Disney Corp.

R-V-D

[YourMissionForToday]

Since no one has mentioned this yet, I'd just like to point out that Battle Creek, Michigan is the home of the whole F'n show, Mr. 420 himself, Rob Van Dam!

Wrong analogy?

[deepestblue]

"But, if I can draw the analogy that just because everyone should wear a computerized bulletproof vest doesn't mean that shooting people to find out who isn't wearing one is the best answer. ..."

Oh, no, you can't. People who don't wear bulletproof vests (unlike badly configured mail-servers) harm only themselves, not others.

Re:Wrong analogy?

That's not entirely true. If you were not wearing a a bullet proof vest and I was standing behind you, the bullet could very well go through you and hit me because of your incompetence!

Thank you City of Battle Creek

Thank you City of Battle Creek. The damage is done.

Now, do the right thing and pick up the project and pay for it. It is over, dead, gone, killed off. Now, will you fix it, or just apologize?

where some responsibility belongs...

[CathedralRulz]

On the user, not the software vendor. IBM goes out of it's way (as does MSTF and.... I can't think of any other business app companies) to let you know if/when there needs to be an update for security. Like this wonderful page: Lotus Security.

Re:where some responsibility belongs...

[WoodstockJeff]

Not to minimize the responsibility of the administrator of the Battle Creek networks, but...

If you want to know about Microsoft security problems, you have to know how to find their security updates web page, and subscribe to their newsletter. It took me a considerable amount of time to find it last year, after I decided we needed a little quicker notification of things like CODE RED than reading about it on the CNN Headline News crawl. And then I get to weed through the security alerts for products I don't own/operate/control, because there wasn't a way to limit which things I got.

I guess what still irritates me about that mail list is that I don't hear about things until Microsoft thinks they've got a fix for whatever ails their product... even if it takes two weeks after a vulnerability is reported. Or, more correctly, until Microsoft issues a patch that "addresses the issue". It doesn't necessarily FIX the problem, but it does "address" it. B-)

Re:where some responsibility belongs...

It's pretty damn hidden.

Who would think that www.microsoft.com/security would be where to look for security information.

It's damned counter-intuitive!

Re:where some responsibility belongs...

[WoodstockJeff]

Finding the security database wasn't the problem. Finding out where to SUBSCRIBE to their email updates to that database was a bit more obscure.

I didn't want to have to scan the database daily to see what (if anything) had changed in the past 24 hours.

Re:Hey! Its 'Made You Look Day'

[hymie3]

Disney's animatronics are much more convincing than Senator Hollings. You'd think that Disney's Imagineers could give him pointers on how to appear more life-like....

Service checking vs. collateral damage

[frenztech]

One of the main issues here is whether ORBZ should be punished for checking a domain for SPAMing with authorization from that domain. There are several pros/cons for doing it this way:

PROS:
-SPAMing domain administrators aren't likely to respond to an email asking if they can be
-Incompetent administrators who will refuse and/or just not know what the check is so not want it to be done.
-Some administrators will simply delete it by mistake, not ever finding out they have an open relay.
-Also more reasons which I haven't thought of because I'm dead tired.

CONS:
-Lotus Domino and other servers with problems might either crash, or report false positives. This is a big problem for companies, but...they should really upgrade anyway.
-Probably some that I haven't thought of here too.

I think the positives far outweigh the
We were using their service for about 12,000 customers, and it worked quite well. Ah well.

---

It's my personal opinion that if someone sends one of these emails and it crashes your server, yes, it is your fault. Better to find out now, when you can fix it, before you lose more productivity later on when it is combined with all of the other
Maybe it will act as a reality check for all those managements out there who think security isn't a big issue. It is.

Latest News Story - Battle Creek Enquirer

[Lokinator]

http://www.battlecreekenquirer.com/news/stories/20 020322/localnews/1871053.html

Oh, my. These folks need Tech Help in just the worst way - won't someone write them with a set of correct definitions?

What's the Chance?

[guamman]

Given this most recent development. What is the chance that other local governments will follow suit and not only stop prosecution but actually ask for help in matters such as these? A smart investor would get ORBZ back on its feet and use them as a security firm that specializes in government systems. Using this whole ordeal as credentials would be the best solution.

Testing, testing.

This is a test of the slashdot postbot. wInDoWs pwns!!!

Posted with post.pl

ORBZ bears some responsibility

[terryfunk]

Just my 3 centavos but...
Orbz.org and other blackhole orgs bears some of the responsibility. They immediately blackhole an open relay without giving them a grace period to fix it or work with orbz and others to getit fixed.

I appreciate the service they provide but being a blackhole block site, you SHOULD be prepared for lawsuits or you shouldnt provide the service and be in that business, That is just how things work in our sue happy society... so get over it and quit whining.

Unfotunately, until the feds make it illegal to spam, it isnt going to stop anyway and in fact will get worse in the coming years, with or without blackhole lists. It is like trying to put toothpaste back in the tube, spam is fucking here to stay and get worse than it is now.

Lotus Notes is a piece of crap mail server anyway and VERY expensive to upgrade and patch.

Re:ORBZ bears some responsibility

[GlassUser]

I would be all for that, except that spammers are not required to wait for any grace period.

Re:ORBZ bears some responsibility

[Frank+Garvin]

terryfunk,

please cease and desist from typing in the future.

Lotus is NOT a piece of crap mail server, IT RUNS ON LINUX, was LDAP compliant before it was oh-so-trendy to be LDAP-compliant, has had PKI built in it from wayyyy back when ( ask Charlie@lotus ), and the upgrades and patches are FREE

Only major version changes like R4 to R5 to RNext will cost a company some money.

Pardon me?

I take a guess here, but the e-mail address that caused the crash surely was well-formed and according to internet standards, no? Then how could somebody think about litigation? If the city builds an instable house on shaky grounds and somebody slams the door, causing the house to fall apart, they cannot litigate either, right?

And their analogy "...just because everyone should wear a computerized bulletproof vest doesn't mean that shooting people to find out who isn't wearing one..." isn't exactly striking either...

Do other mail servers have similar flaws?

[billstewart]

I've been thinking about the spam problem and how to discourage attacks from open relays. Are there mail systems that don't do loop detection, or aren't good at detecting if mail is really addressed to their machine? For instance, what do the popular mailers do if they get mail for spambait.example.com and dns resolves the name to 127.0.0.1 or 127.0.0.2 or 255.255.255.255? Do they decide it's for them, or do they think it's for somebody else and send it back to themselves? Or if you set your DNS to tell spam-relay-1.com.kr that spambait.example.com's IP address is the address of spam-relay-2.com.kr and vice versa - will they end up in an endless mail loop the next time somebody sends mail to harvestme@spambait.example.com, or will they decide (at least after one or two iterations) that they've seen the message twice so they'll drop it or try to send bouncemail to the original (presumably fake) spammer's address?

Of course, even if you can't get the spammers in a strict loop, telling relay1 to that your machine's ip address is that of relay 2, relay2 that it's relay3, relay3 that it's relay4, ..., should at least leave the Korean Spam Relays talk to each other and slowing down the number of messages they can send to real people.

Prosecution - the Gov't Game

[_Sprocket_]

Its nice to see a government body finaly get a general idea of reality. But this press release is littered with examples of continued ignorance. One specific nugget reminds me of my time working for NASA.

The Detective had no reason not to believe he was pursuing a hacker when he issued a search warrant.

...

...we have also sent a message to hackers that we will pursue online activity that we feel may be maliciously intended.

The various parts of the US Government tend to be oblivious to Information Security issues. But they do know prosecution. And that they persue with gusto.

We were constantly told that there was no budget to support infosec activity. But when the inevitable compromise was discovered, in came the big investigation. Infosec meetings included management's gleefull discussion of FBI involvement, followed by an FBI agent's discussion of "lessons learned" (rarely touching on real issues and always tech-light) and what equipment had been taken as evidence. Of course, the lab loosing the IT resource rarely had the budget to replace the missing hardware. Everyone paid.

Of course, a bit of money up front to secure the environment from the beginning would probably avoid the whole investigation and enable the lab to continue using its hard-faught-for resources.

Back to Battle Creek. Sudden revisions on updating their infrastructure. Lots of grave concern over people running around doing damage to them, indestinguishable from all those Evil hackers. And prosecution talk.

Looks like the City of Battle Creek will be paying the high cost of ignoring infosec too.

Re:A day too late?

Couldn't someone take ORBZ system and implement it somewhere else, where US law cannot cause them to stop working? Like somewhere in Europe for example...
They should investigate this

Technology Police

[fruey]

The interesting thing about all this is that hackers and geeks will always be ahead of the game, and the best police in the business won't be up with the technology.

Why? Because good hackers and good netizens ain't going to join the police :)

Simon

I hope people read this and understand...

Here's a quote from the city's attorney's:

"But, if I can draw the analogy that just because everyone should wear a computerized bulletproof vest doesn't mean that shooting people to find out who isn't wearing one is the best answer. If Mr. Gulliver chooses to do this, he perhaps shouldn't be surprised that he will occasionally be confused with the type of individual he is fighting against."

Exactly.

Re: Participate Godd*mnit

[maggotbrain_777]

Look, With every articale like this, we have a chance to respond to the ignorant morans who choose to perpetuate this sort of nonsense.
Write them, an inform them of the idiacy that they perpetuate. I think we can make a difference, if we embarrass them, enough

Re:Or is it...

[Pussy+Is+Money]

No, the fact that they used the word "duplicate" shows that they do not, in fact, "get it".

Score one for common sense, for a change.

[phillymjs]

Must be something in the air in Battle Creek. I don't know what Kellogg's is belching out of their smokestacks these days, but I wish the RIAA and MPAA assholes would get a whiff of it.

~Philly

Re:Score one for common sense, for a change.

[sharkey]

...I wish the RIAA and MPAA assholes would get a whiff of it.

Better yet, send them to the Kellogg Sanitarium. Getting 5 gallon oatmeal enemas daily might give them an inkling of how their customers will feel if $MEDIA_WHORE laws are passed.

Re:Score one for common sense, for a change.

Hmmm, does that meet your daily fiber requirements if it's administered in that fashion? Inquiring colons want to know!

Re:Score one for common sense, for a change.

That would really confuse the workers at the Defense Logistics Agency office that now occupies the sanitarium!

From now on, the city manager will have to...

[BlueUnderwear]

...stay very current on his Lotus Notes patches. Indeed, from now on, whenever news of a Lotus Notes security hole pops up on Securityfocus or elsewhere, guess who the script kiddies will try it out against first?

Re:Spam?

[LinuxHam]

I always thought a mail bomb was doing something like forging a request for the control file (or something huge) from NNTP servers. You post it to a newsgroup, and all the (now considered misconfigured) servers that receive your article would mail megabytes upon megabytes to the forged email address. The victim would get 100MB of mail a day for about a week. Now THAT was a mail bomb!! :)

This is more of a "crash the server exploit", or as many have already said, "DoS attack".

No "unannounced" tests?

[mgkimsal2]

In turn, however, we have asked him to reconsider his policy of making unannounced tests on servers.

But if sending a mail to a server could cause it to crash, how else could you contact someone to get permission to test? Phone calling?

So..

Hopefully ORBZ will stay shut down, right?

Nope, you missed it

[hawk]

"The City" is known to mean San Francisco by all educated persons. The *real* question is why SF is involved in this. Was it infiltrating Battle Creek? Having dealt with California agencies while practicing law in Nevada, and being aware of their imperial pretensions, I want to know (and so should the residents of Battle Creek!).

:)

hawk, watching for californians under his bed . . .

Re:Nope, you missed it

No, that's The Fag City.

Not to be confused with 'Fag City' which is the title on the cool Pete Wagner t-shirt that was a takeoff of the 'Mad City' tshirt from Madison, Wisconsin. Pete's FagCity shirt was for Minneapolis, and featured the IDS tower with a big glans on top.

The City is the Square Mile

of the City of London... none of this johnny-come-lately new towns with no banking industry to speak of.

How about...

[RoadWarriorX]

giving access to source code so I can implement my own personal ORBZ server??

Re:How about...

[WoodstockJeff]

You don't need ORBZ's source code, but it would help a lot.

You can visit www.five-ten-sg.com and download their zone file periodically, and tweak it for a local DNS server. Or just use their RBDNS directly, although I consider it just a BIT more agressive than I want full-time. Even SpamCop hits require exceptions for some of my clients.

The important part of an ORBZ-like system is the automated testing which automatically updates the DNS, without need for human intervention.

Re:How about...

Hey,

I cant figure out you people why are you making everything so
complicated? Yeah, I agree with the state that they should announce
before testing email server. And yeah, the system obviously work, but
not for the specific mail the ORBZ sent. And that the services should be
given grace periods, yeah, maybe not all countries that are very well
known not to do anything to stop spam, such as red china.

Then, why the heck would I care about open relays that would never
ever send me anything? I just added code to my mailserver, that first
checks a list if this specific mailserver is added in deny, or pass list
and then is checked. If not an check is made if its an open relay. And if
its an open relay, its BLOCKED, and a mail is sent to the postmaster
of that mailserver. And a mail is also send to person that was blocked
for a webform to send me the email. That is just in case the email
was blocked in error. After that I would add email as passable even if
its from a open relay.

You could also use a spamdetect, to get rid of webform. But its not
worth it.

Greetings
The Anonymous
-- No way such bleeding edge ideas should be distributed under
real pseudonyms, I am the Anonymous!

Re:A day too late?

[gordie]

Why bother when there are other blackhole services to use like MAPS http://www.mail-abuse.org or ORDB.org http://www.ordb.org ?

What an embarrassment!

[dcavanaugh]

First, the writer [of the press release] describes spam as a "computer prank" instead of unsolicited commercial e-mail. The comment proves they don't know what spam is! Then we have the unmentioned IT person who somehow traced back the activity to ORBZ without realizing their Lotus server was a sitting duck for a DOS attack (intentional or not).

Let me guess (based on pure speculation):

• Lotus sever set up by the "consultant du jour", who handles support on a pay-as-you-go basis
  
• City calls for support, consultant quickly scans the log & points finger to ORBZ
  
• City mgmt. goes bezerk; legal dept. goes to DEFCON 1; unleashes nastygrams vs. ORBZ
  
• ORBZ explains cluelessness involved in having unpatched Lotus server; makes consultant look like idiot
  
• City finds new consultant; recommends upgrade to Linux+Sendmail+Amavis+Sophos
  

There are always exceptions, but the average municipality is not stealing the top minds from NASA to run their IT operations. Every once in a while, I peruse IT job listings. When I see a huge list of unrelated requirements combined with a pitiful salary, it's usually (a) municipal gov't, (b) school systems (same thing), or (c) retail. Before I get flamed by an army of municipal IT workers, I will clarify this sweeping generality: Municipalities hire too few people, they overcommit their resources, and the salaries encourage turnover. Surely, any reasonably qualified sysadmin (certified or not) would have detected & fixed the Lotus vulnerability (even if after-the-fact). The press release tells a story that makes it look like they have no dedicated IT staff whatsoever. I could be wrong on this, but if they spent less on lawyers and more on IT, this problem would have been prevented or quickly resolved.

According to Netcraft, the website at ci.battle-creek.mi.us is running "Microsoft-IIS/5.0 on Windows 2000." The prosecution rests. This Battle Creek operation must have been a real bundle of joy when they discovered the "Code Red" worm.

Why Should He Risk All to do *US* a Favor?

[FreeUser]

Second, this all could have been avoided if Ian Gulliver hadn't freaked when he got the order. If he'd waited a bleeding 24 hours this would have been resolved and ORBZ could have gone on its merry way.

It's very easy to be an armchair general from the peanut gallary, especially since you have nothing at risk.

This was a (relatively rare) instance of a government excersizing some common sense. There was no guarantee that this would be the outcome.

Imagine if it had gone the other way (they pressed charges) and he had continued operating as before. Going in front of a judge and being forced to admint that "yes, I engaged in the same activity for which I was being prosecuted after having been served notice," is the kind of thing that results in penalties that tend toward the harsh, rather than linient, if convicted.

ORBZ was a service being provided for our benefit, for the "greater good" if you will (yes, I know how alien that phrase sounds in our Money Ueber Alles culture, but there do still exist people who spend their energy trying to better all of humankind, rather than merely themselves. They may be endangered, but they aren't extinct just yet). It is not at all reasonable to expect someone to risk fines, seizure of equipment, and possibly even jail time simply so they can go on doing everyone else a favor.

The government body in question may be contrite now, but the damage is done, and they are, ultimately, the cause of that damage. Whitewashing their responsiblity now behind the argument that "that's just how investigations are done" does nothing to alleviate their responsiblity, though it does underscore just how aggressive, flawed, and Orwellian many of our "standard investigative procedures" have become. Not that we needed any more examples, we seem to have been getting hit in the face with that fact every day lately.

Re:Why Should He Risk All to do *US* a Favor?

[orotas]

I'am sorry but calling a search warrant Orwellian is just a bit over the top. A search warrant is not notice of being prosecuted, it doesn't subject a the person being served with it top anything other than being searched. If he had continued to operated he wouldn't have been risking anything. If they have actually charged him with something, or the investigation had gone for an extended period then I would say he was risking something, but to say he was risking everything because of a search warrant is a bit much.

Re:A day too late?

[haystd]

We used ordb.org and while it did block a significant amount of spam, it also seemed to block a considerable number of our clients (we service healthcare companies and I won't speculate about what this says about their IS/IT groups). The last straw was when it added a major ISP's email server (which probably did need fixing but we nonetheless couldn't afford the downtime). Of late, I've quit using blacklists in favor of simply blocking offending netblocks which has actually yielded better results with less grief. This works because most of the offending netblocks are not something that we'd be expecting legitimate email from.

Why wait?

[teambpsi]

Using services are orbz is opt in, not mandatory.

I for one could care less about an open relay getting a grace period to fix their problem.

It was only when a bunch of them were blacklisted did it get their attention to fix the problem.

Have you ever tried getting a response from a "postmaster" account?

The fact is until their users are impacted, it won't matter.

Now that ORBZ is offline, we have notice a SIGNIFICANT increase in the amount of crap flowing into our systems.

Re:Why wait?

I have not gotten a single piece of spam.

Page listing 800 numbers of SPAMMERS

[doublem]

My one and only printed Slashdot story was an item at Slashback: 640K, Pioneer, Payback that tells about a site that already has a list of the 800 numbers used by SPAMMERS.

Can we get the database? Lets go P2P !

[teambpsi]

Does anyone know if its possible to get the last snapshot of the reverse DNS database IAN had?

I think if ORBZ was run on a patching basis we could choose to upgrade our databases on a daily basis.

Or better yet, use a P2P protocol among build a distributed network so that we don't have to suffer with the "READY-FIRE!-AIM" mentality of the technologically challenged ;)

Spam originally meant "buffer overflow"

[yerricde]

No, the fact that they used the word "duplicate" shows that they do not, in fact, "get it".

The definition of "spam" in the Jargon File lists duplication as the primary criterion under senses 3 and 4. Junk E-mail (UBE) enters the picture only in sense 5.

Funny: The first listed sense of "spam" refers to a buffer overflow.

Re:Spam originally meant "buffer overflow"

Very few of us pay much attention to the 'official' Jargon File now that ESR has taken it over and made it into a political platform.

Ten years ago it was different. Now it's a big wad of Raymondisms.

Does anybody have a suggested alternative location where a non-Raymond jargon file can be located?

SpamCop has its own list

[yerricde]

SpamCop doesn't even check anything. They just leech off of ORBZ and the like.

Wrong answer. SpamCop maintains its own RBL based on reported spam pasted into its web form. It also allows users to check or un-check popular RBLs such as ORDB.

-- Damian Yerrick, tepples@spamcop.net, a satisfied customer

Great!

[macdaddy]

I'm glad to hear this, even if Ian doesn't bring back ORBZ. Kudos to the Battle Creek people for recognizing the truth and doing the right thing.

That's what you get ...

[pyramid+termite]

... for driving by Colors on the Corner on Friday night at 2:30

One Good Turn Deservers Another

[thelizman]

Now that Battle Creek has admitted culpability, and confirmed that the cause of their problem is a defective e-mail server, it's time for ORBZ to sue the fuck out of them - for fun and profit.

Can you say Boycott?

[Maroof]

Okay, so there are thousands of ticked off sysadmins out there, simple solution: If thousands of sys admins blocked battle-creek.mi.us and any/all other business's in that area (kellogs), wouldn't it suck to be them? What if IAN didn't just randomly 'test their server'?, what if someone reported spam being sent from that server? - then let's say IAN's service was testing the server to see if it should be blocked upon someone's request? Who in their right mind uses anything but linux to handle email anyway? Lotus Domino? - come on.

Re:Can you say Boycott?

Who in their right mind uses anything but linux to handle email anyway?

Bzzzt! Zealot alert!

(besides, Domino has been ported to Linux)

Spam fighting = drive-by shooting???! Morons!

[SysKoll]

I was outraged at the uncalled-for comparison contained in this half-baked press release. I sent Michelle Reen (author of the press release) an email. Here is an excerpt:

I am very glad to see that the City Manager recognizes Mr. Gulliver's positive role. It is a discredit to Lotus Corp that their Domino server exhibits the bug that caused you to think Orbz.org was harming your server, and it is entirely their fault.

But then, you offer a totally misleadling and uselessly aggressive analogy: "if I can draw the analogy that just because everyone should wear a computerized bulletproof vest doesn?t mean that shooting people to find out who isn?t wearing one is the best answer." Well, I am sorry, but you just cannot draw this far-fetched analogy. This is akin to present spam fighting -- a valuable cause -- to drive-by shooting, a misrepresentation that could be classified as libel.

Here is a more considerate analogy: Orbz.org periodically broadcast a public warning over its PA louspeakers, and your server had a fit thinking it was insulted.

The Internet is currently a community. Volunteers such as Orbz.org are doing their best to keep this community safe and clean, by fighting con artists and spammers. If misguided, overreacting organizations keep blasting volunteer efforts, then Internet users such as your organization will have to pay large sums to private companies in order to obtain similar services. I am sure such an outcome would outrage your taxpayers.

I hope her clue meter will soon go into positive numbers. Because she obviously lacks even the most basic Internet survival instinct.

Of course, a quick way to drive the point home would be to make sure her email address, gjstrand@ci.battle-creek.mi.us, gets spammed to death. Then maybe she'd start to appreciate spamfighters such as Orbz. Anyone wants to put this address in some newsgroup? How about alt.bestiality.hamsters-and-townhall-clerks?

Naaah, don't do that, that would be evil...

-- SysKoll

orbz.battle-creek.mi.us

[McFly777]

I keep reading the comments here as one of two messages:

battle-creek is sorry, everything is ok now

with the reply

ORBZ still will not come back

Perhaps if BattleCreek is really sorry they should host the new ORBZ server!

Won't miss ORBZ

[HazelMotes]

Can't say I'm sorry to see any of the Fundamentalist nutbar 'spamcops' shutdown or fade away. At least in a police state you get to hate 'the man.' Here you worship him.

Is ORBZ actually back now?

[TheBishop]

I took note today (March 22) that my sendmail is once again rejecting mail based on inputs.orbz.org. There's no www.orbz.org though, is orbz back up?

Re: search warrants

[King_TJ]

I disagree! A search warrant most certainly *is* a big deal. Primarily, it's "carte blanche" for authorities to invade your privacy, for the purpose of trying to collect evidence against you for a legal case.

Most often, it also includes seizures (supposedly necessary because the authorities can't fully determine the purpose/value of the "suspicious items" they turn up during the search without taking them to their labs and experts). That means ORBZ would lose use of their computer equipment until the investigation was completed. (And don't think they're always quick about it. They can, and usually do, hold onto seized items for years - meaning they'll be of little to no value by the time you get them back, even if they find you completely innocent!)

Thus the problem:

[Otto]

Think for a second: you're a government agency, and you notice someone sending bits to your server that make it crash. What's your first response? What's anyone's first response? Find out who did it, and search warrants are very good at that.

Think for a second: You're anybody on the face of the planet who is actually sane and rational. Your first response in the same situation: Block the bits, figure out why those bits crashed your shit, and then fix the fucking problem.

If your box explodes, then you are at fault. Period. Unless you are running M$ products. ;-)

After reading your initial email....

[PrimalChrome]

....I'd have to agree.

You _are_ a prick.

Re:After reading your initial email....

I agree - you are a not a prick, you're a self-righteous putz...

Don't get me wrong - I hate, despise, and revile spam as much as the next Sysadmin... but I don't forward it with 2 page diatribes on how their system is shit, their people are morons, and they're wasting money...

Just send them the spam, say "you've got a spammer abusing your system", and leave it at that... 2nd time around, block the network and don't even tell them... They'll figure things out soon enough...

First response?

Think for a second: you're a government agency, and you notice someone sending bits to your server that make it crash. What's your first response? What's anyone's first response? Find out who did it, and search warrants are very good at that.

My first response is to firewall them off. My second response is to email abuse@domain and ask them what's going on.

I tend not to use explosives to open stubborn pickle jars either.

Re:Antiboycotting Kellogg's

[asackett]

At least it's an inexensive boycott for me to break. I can afford to buy a few boxes of Kellogg's cereal.

Please do, and enjoy those delicious genetically modified products every morning until your colon grows eyeballs. Then you'll be able to comb your hair without need of a mirror. :D

Some servers are rejecting mail because of ORBZ!!!

[matresstester]

This could be a problem, my servers have never been on the ORBZ list, and today I saw some rejects (both of my servers) based on ORBZ:

This is the Postfix program at host nm2.networkmotion.net.

I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.

For further assistance, please send mail to

If you do so, please include this problem report. You can
delete your own text from the message returned below.

---------
The Postfix program

: host smtp.cogeco.ca[216.221.81.25] said: 554 Service
unavailable; [xxx.xxx.Xxx.xx] blocked using inputs.orbz.org

---------

This is problem isolated or is that just me?

This could be a big problem, I don't know how many servers will need to be reconfigured if this is caused by orbz being down..

I hope the fine folks at COGECO figure this one out, cause I'm trying to email my client :)

Re:Some servers are rejecting mail because of ORBZ

[jjohnson]

I'm seeing mail from my server bounced as well, even though my mail server isn't visible to the Internet. The message reads:

550 5.0.0 Mail from xxx.xxx.xxx.xxx refused by blackhole site inputs.orbz.org The message that caused this notification was:

Re:Some servers are rejecting mail because of ORBZ

[WoodstockJeff]

6 months after orbS shut down, a local mail server that we redirect message to for a client started to refuse mail from us, based upon our being black-listed in relays.orbs.org. That particular RBDNS had been off-line for 3 or 4 months prior to the shutdown, so it was rather comical, really.

Turned out that the SYSADMIN had configured the server to bounce IPs that didn't resolve through relays.orbs.org, rather than bounce those that DID resolve. The result was that all of internet was blocked as an open relay, since orbS.org was no longer responding to queries...

ORBZ shutdown fall out

[matresstester]

Yeah, I wonder how many installs of mail servers out there uses orbz.org and is misconfigured out there.

There are 2 problems here -
1. When the e-mails get bounced, the sometime stay as "deferred" so it'll try and try again.

2. The session takes longer because it's trying to get to orbz.org and waiting for timeout.

I haven't seen too many people complaining about this, so I'm still wondering if it's my problem.

spamcop

[LennyDotCom]

spamcop.net is a very usefull spam fighting tool

other ways to fight spam

[LennyDotCom]

you can find some othe rways to fight spam here

http://www.lenny.com/spam/

cost spammers real money

[LennyDotCom]

you can cost spammers real money by going to goto.com
and do a search for bulk email ech link you click will cost spam companies several dollars

Re:Antiboycotting Kellogg's

[Big+Diluth]

Oh, now your just making me hungry!

The Domino admin bears a lot of responsibility

What do you mean its expensive to upgrade and patch? Most of the time, the incremental upgrade installers do 95% of the work for you, if you are running on Windows NT/2000. I've heard from Domino/Exchange experts that going to R4 to R5 is no bigger challenge than upgrading any version of Exchange. Domino R4 to R5 is a headache, but upgrading from Domino R5.0.8 to R5.0.9a was as easy as anything on our Win 2000 server.

The Domino admin didn't have much of an excuse for not upgrading to Domino 5.0.9 unless she modified the NAB and other standard templates AND the incremental upgrades failed OR she was running a Domino server on an AS/400, AIX, Linux or Solaris platforms.

Pitiful salaries.

Dcavanaugh said:

>

When I see a huge list of unrelated requirements combined with a pitiful salary, it's usually (a) municipal gov't, (b) school systems (same thing), or (c) retail.
>

You're not proved wrong I bet,
at least not just yet!

Burma Shave