Slashdot Mirror
Internet Based Attacks in a Physical World
scubacuda writes "In light of the /. backlash against Spam King, Alan Ralsky, (in which /.ers published his info online--including an overhead shot of his house--and signed him up for junk) Simon Beyers, Aviel Rubin, and David Kormann have written a report entitled Defending Against an Internetbased Attack on the Physical World. Bruce Schneier notes that there's no easy defence against such an attack, largely because companies want to make it easy for consumers to get their promotional information:'Subscribing someone to magazines and signing them up for embarrassing catalogs is an old trick, but it has limitations because it's physically difficult to do it on a large scale. But this attack exploits the automation properties of the Internet, the Web availability of catalog request forms, and the paper world of the post office and catalog mailings. All the pieces (that) are required for the attack to work.' But as Rubin and his colleagues point out, there's a real danger in this ploy, one that few people have likely thought about. 'A scenario could be imagined where an attacker would do this to delay the arrival of an important letter, to wreak havoc on the postal system for political reasons, or even worse, to serve as a diversion for a terrorist act, such as the mailing of a contaminated letter.'"
---- The Open Source Record Label : : LOCARECORDS.COM
If you don't want to be attacked on a large scale from the Internet, don't piss off Slashdot readers!
It should be a no-brainer by now, and we have shown the effectiveness!
or even worse, to serve as a diversion for a terrorist act, such as the mailing of a contaminated letter.'"
I've recently had a tumult with the local tax-office, so input like this is more than welcome, I'll be comming back to slasdot for more of this later when I know how my tax application turns out for this year.
now, is a way for the internet to deliver a flaming bag of dog poo to the doorstep of your favourite enemy and life will be complete.
"A scenario could be imagined where an attacker would do this to delay the arrival of an important letter...."
I don't know about you but I haven't trusted an important letter the the USPS for many years. Tax returns etc. go Certified or Fedex only. The USPS is just not reliable any more when the mail item is important.
Subscribing someone to magazines and signing them up for embarrassing catalogs is an old trick, but it has limitations because it's physically difficult to do it on a large scale.
Heh, I gotta rember this excuse. "No, I didn't sign up for these dirty magazienes. It is some internet conspiracy..."
That, and why is he complaigning?
If I have nothing to hide, don't search me
to serve as a diversion for a terrorist act, such as the mailing of a contaminated letter.
This is NOT terrorism, it IS a crime!
Posting anthrax in a letter is just a waste. Throw it in to a tunnel in the subway, that would get you some real contamination.
This article doesn't really add anything new IMHO.
There is one sure way to keep yourself free of such an attack, which also helps to protect you against more common attacks such as burglary, car theft and mugging.
Keep a low profile.
It sounds blase but it is one of the simplest and most effective defenses.
In this case, the target has set himself up for attack, and IMHO deserved it.
For more common attacks, you can avoid notice by not flaunting stealable possessions, avoiding dangerous areas where possible, and not provoking other members of the public.
All of the above apply well to target in question.
Just my £0.02
"Those who cast the votes decide nothing; those who count the votes decide everything." (attrib. Joseph Stalin)
to serve as a diversion for a terrorist act, such as the mailing of a contaminated letter.
OK people, chopchop - which one of you send anthrax to our friend Alan? come on now play fair...
Tryint to get people to subscribe to Slashdot and making them read embarrassing dupes is an old trick. These attacks exploit the lazy properties of the editors as well as their unprofessionalism. All the pieces (that) are required for this attack to work. There's a real danger in this ploy, one that few people have likely thought about: "A scenario could be imagined where a story could be posted to Slashdot, and then the same story could be posted again a couple weeks later, to wreak havoc on the Internet for political reasons, or even worse, to serve as a diversion for a terrorist act, such as the posting of a goatse link."
In Soviet Rush, today's Tom Sawyer gets high on you.
"But as Rubin and his colleagues point out, there's a real danger in this ploy, one that few people have likely thought about. 'A scenario could be imagined where an attacker would do this to delay the arrival of an important letter, to wreak havoc on the postal system for political reasons, or even worse, to serve as a diversion for a terrorist act, such as the mailing of a contaminated letter."
You know, aparently *nobody* thinks up terrorist acts until the newsmedia lets them know everything they need to know to pull one off.
Basically, the individual is swamped with requests s/he has to answer, and using up larges amount of resources (lawyer fees).
Very similar to a DOS attack where a server has to answer loads of requests, eating away in its resources (CPU/netwerk traffic).
Oh! Wait!
Here i smell terrorism fighting again!It'll be in the news soon: spam retailation prohibited because if you don't like spam you're helping terrorists!
I'm not a brake. I'm an accelerator. Just a slow one...
DUPE ALERT MOTHERFUCKERS
All credibility was lost with this scare tactic:
"to serve as a diversion for a terrorist act"
"Let's hope anti-spam, anti-marketing guerrillas can keep their perspective and priorities in order."
When the spam and other ass-orted gorillas get their perspectives in order - then let's talk of anti-spam guerrillas.
"A scenario could be imagined where an attacker would do this to delay the arrival of an important letter, to wreak havoc on the postal system for political reasons, or even worse, to serve as a diversion for a terrorist act, such as the mailing of a contaminated letter,"
Pure FUD and crap. How many times has spam stopped important mail? How many times anti-spam filters have deleted the 'wrong' mails? Apparently spammers have exclusive abuse rights on the 'system' while lesser users don't! Intriguing.
If you keep throwing chairs, one day you'll break windows....
I always liked the idea of placing a classified ad for a mint 1978 Camero for $750 (b/c you're getting a divorce yadda yadda) and then listing your bud's phone number as the contact info. Best to use Auto Trader or the like because the ads run longer than newspapers and can't be cancelled in a day. Never done it, but sure have been tempted on occasion...
take for example the post office -- you'd think that one of their aims would be to promote less junk mail for all of us. But that's not how it works in a society where the bottom line is how much money you can rake in. And god forbid the government take an "anti-business" stance.
So what is their pricing scheme? It costs 37c to mail a single letter, but if you're a physical spammer, you can get huge bulk discounts, effectively making it more attractive to spam. I say, why not make junk mail *more* expensive?
Will email, if charged per-piece, be any different?
...imagine beowulf... oh, nothing...
'A scenario could be imagined where an attacker Sending Spam would do this to delay the arrival of an important letter, to wreak havoc on the Internet Infrastructure for Selfish Profit reasons, or even worse, to serve as a diversion for a Virus, such as the mailing of a Trojan.'"
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
New BMWs have windows as their main computer.
If they are connected to Internet via wireless connection, and are hacked...
For example you can turn off engine, block doors and lock windows. Slow death...
'A scenario could be imagined where an attacker would do this to delay the arrival of an important letter...'
What about the important e-mail that is delayed/deleted when we run SPAM filters on our e-mail?
"If I were punished for every pun I shed, there would not be left a puny shed of my punnish head." - Samuel Johnson
This one guy I know were loosing over someone in Quake3, and came to the other guys door to beat him up.
I can only imagine his frustration.
Note to self: get smarter troll to guard door.
I think that when a large number of people are willing to spend their time physically DoS attacking someone then maybe that person deserves it. I don't think that if an individual just had a grudge against the spam king that person would have been able to really do much damage, but obviously enough people felt the same way.
I see it kind of like picketing, one person doesn't really do that much harm, but if enough people are pissed off....
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
In light of the /. editors backlash against /. readers (in which /. editors published duplicate of every possible story) Slashdotters Fort Knox and ekrout have written a report entitled Defending Against an Multiple Slashdottings. Fort Knox notes that there's no easy defence against such attacks, largely because Slashdot editors are much too lazy to check for similar stories, and search.pl sucks: 'It's gotten to the point where it's easier to search slashdot with google's site:slashdot.org feature. But the editors don't even do that!' But as ekrout and his colleagues point out, there's a real danger in this ploy, one that few people have likely thought about. 'A scenario could be imagined where an attacker would do this to delay the arrival of important site visitors, such as those who would actually purchase something'
...as well as deathtreats, flaming dog-do on your front door and drive-by TPing of your home; don't spam or otherwise piss off a lot of geeks.
Or, if you live in Norway (and I recon several other places offer this as well), tell the postal service that you don't want the junkmail... It still won't stop the rest of the nasties, but your postbox won't fill up as you stomp out the burning poo.
Everything in the world is controlled by a small, evil group to which, unfortunately, no one you know belongs.
or even worse, to serve as a diversion for a terrorist act, such as the mailing of a contaminated letter.'
God damn. This just makes me want to punch him in the face. Why the fuck does everyone always have to bring terrorism into everything? Ever since 9/11 we have had idiots, making comments like this about EVERYTHING. I am so sick of it.
This guy's statement require ridiculous stretches of the imagination of one to even think of a way it might benefit a terrorist. I mean, seriously, use some common sense here. If you're trying to send someone a letter full of anthrax, you want it to actually get there.
Yes, terrorists could use cars too. Maybe we should ban cars! That way a terrorist can't get his hands on a car and start running people over. Just imagine how many people he could kill by driving down a busy sidewalk! We better hurry!
Then we'll have to ban chair-lifts too. Imagine how many people would be injured or killed if someone cut the cable! We can't have that, now can we?
Ya know, they used fertilizer to make that there Oklahoma City bomb. We better get rid of fertilizer too.
But wait! That still leaves arson! We better make matches a restricted item. Can't have a terrorist going around burning down houses, no can we?
This kind of moronic reasoning makes me want to get this guy alone and "exploit the automation properties" of a few choice power tools.
See! Power tools can be used for evil! Better get rid of those too. Never mind that the benefit they provide to society far outweighs the cost. Never mind that this is supposed to be a "free" society. Won't someone please think of the terrorists?
Life is too short to proofread.
Support your local post office! Business junk mail helps subsidize the government's insatiable need for tax revenues. Less taxes for you. The end product of a mailstorm is lots of paper for your local recycle centers. Everybody benefits.
Apparently, he started getting calls from several states away from irate bikers who were pissed at HIM when he told them he wasn't selling one (he never owned a motorcycle).
science is a religion
What a load of self serving crap. Which of course is completely shocking coming from such a community oriented guy such as a Spammer.
When I read this, I expected it to be about something a bit more substantial, such as using the internet to have someones electricity turned off, or altering a sattelite tragectory to include someones house in its path; or maybe even taking over Dr Evil's Moon Laser to burn nasty messages in someones lawn.
But really, taking out the postal service with a series of mass mailings? What kind of fool thinks that an attack that works on one person will scale large enough to take out the post office, or hinder any sort of criminal investigation?
You are in a maze of twisted little posts, all alike.
Frankly, I'm surprised that Slashdot didn't come to me, internationally known cybersecurity activist Seth Finklestein, for advice on the matter. I have been abused like a tattered rag doll by Slashdot's own editor, Michael Sims.
Ever since Michael Sims' message "The Censorware Project is Closed," I have been kept awake at night by persistent phone calls and very loud e-mails sent by Michael. Mr. Sims has called me, my wife, my five internationally acclaimed children, and even my wife with vague threats against me.
I did absolutely nothing wrong at any point in my life. I am a shining beacon in a godless, hateful world. Please help me. I'm a victim.
I'm not Seth Finkelstein. I still speak the truth.
How would that be implemented in a secure and reliable way? In the MUA or in the MTA? How would mailing lists be treated? How would you get everyone to use it (and not start using e-mail by ftp, http, or some other tunnel)? Would there be a threshold that you had to pass before the charge was applied? Where to place that threshold and would it be in bytes or in number of e-mails?
It's 11pm, do you know what your deamons are up to?
The last damn thing I'd do if I wanted to send any message is to initiate a DOS attack that could block delivery of that message.
Spam and Periodicals actually use more efficent methods to deliver mail, those fancy bar codes make their mail easily routable, your scriblings on the envelope require human eyes to sort to the correct address, human's cost money...and postal workers are some of the most expensive, the added inefficency of union workers and gov't workers makes for very little work.
09f911029d74e35bd84156c5635688c0
What some people are forgeting is that spam is delivered free, so the people that end up paying are the people with the mail servers.
This is not like a DoS for the US postal service, because the US postal service gets paid for their efforts.
Physical mail, even junk mail, must be paid for by the sender. The postal service would love it if more junkmail and letters were sent. That way they get more buisness. I think I even remember hearing that that is why there aren't more physical spam laws, because it would put the postal service out of buisness.
This whole mess (spam, snail-mail attacks, etc etc etc) is just one more reason to salivate over the day when a legal and user-friendly online indentification system is in place (e.g. ping id or some further derivation). This will drastically reduce spam as well as making it very difficult to sign other people up for things. It will also kick start the next .com boom (as individuals and businesses worldwide will be able to easily form binding agreements instantly across the globe).
GPG isn't enough. Don't wait for passport. Get your company/family/self started on federated ID today.
Howard Dean for president
In a co-ordinated effort, anti-spam activists dug up Ralsky's home address, his telephone number, even pictures of his extravagant home, and the information was posted online.
Coordinated my ass. I know that there were calls in the discussion to do some of this stuff, but someone I know very well decided to do that as soon as this person (who shall remain nameless) read the article where this arrogant ass bragged about making a fortune by disregarding all sense of decency.
Fuck him, and fuck this author. People will act and react to certain behaviors. They're called "informal sanctions" in anthropological terms.
Ralsky got a taste of his own medicine based upon the fact that a lot of people were very pissed off at his actions, and there was no "co-ordination"(sic) necessary. Calling it coordinated lessens the impact of the largely spontaneous reaction.
Newsflash: the evil spammers are fighting back and hitting slashdot where it hurts, by submitting stories to the slashdot site that have already been posted and discussed.
...and probably again a few days after that, if a new newspaper article is written about it).
These stories are known in the slashdot community as "dupes", and the practice (now becoming well-celebrated in the spammer community) is called "duping the nerds".
Stay tuned for more details in the next posted article, (and again next week,
There are only 10 types of people: those who understand decimal, those who don't, and, uh, 8 other types I forget.
The best way to defend from internet attack also works in the real world. Its called "Don't make large groups of people angry."
This seems like complaining that the internet allows collaboration of large numbers of like minded people. Yeah, thats the point. The failure of this article is to understand that it is not organized. Thats like saying that all the death threats the Dixie Chicks got all came from one organized structure.
Hundreds of thousands of people are not going to conspire to commit a single crime (Anthrax letter example). That's ridiculous.
To suggest that just because a large number of people are equally angry and respond in a similar way (through mailing etc), that the response is organized is stupid. People who want control set up straw man organization because they can't compete against 100,000 individuals. How many times have we heard "Those protests are completely organized by organization XYZ, they have buses that bring people in". Or in labor problems: "Its XYZ union that is causing the strike, most of the workers don't care" By using the tactic of combining the perception of voice down to a single entity, detractors can be more persuasive in gaining mindshare.
Spam exists purely because the time spent by the spammer is of less value than the reward he gets. We don't need to completely eradicate spammers, just slow then down until it's no longer worth the effort and they quit. Try mposing limits on the amount of email that can be sent per ISP user. If it's set high emough then it'll very rarely bother a legitimate user, but make it stop it being cost effective for spamming. Say 500 emails per 7 days from one user on an SMTP or 1000 from a mailserver running on an ADSL. If you're having to send 1 million mails then signing up for/hijacking 2000 accounts is going to slow you down a bit. This would hopefully stop spamming from 'friendly' services.
Rogue ISPs are trickier to deal with, perhaps the throttling could be used? e.g. AOL trusts MSN, therefore anything originating from MSN would be allowed straight through. AOL is slightly more warey of rogueisp.cn so throttles the acceptance of messages from them to say 50,000 a day before it starts bouncing them. If rogueisp.cn behaves then everything will work perfectly, if they allow their network to hammer AOL then AOL will start chucking the emails back at rogueisp.cn clogging up their system. A perceived problem with this is that legitimate email gets bounced - tough. Rogueisp.cn gets to explain to their customers why "AOL has returned this message because of flood of crap sanctioned by your ISP" is attached to the message that's just been returned unsent. RogueISP can now decide to enforce sendmail throttling as mentioned at the top, or lose its customers.
Tweak the quotas so the better an ISP behaves, the higher it's quota goes and vica-versa and we can polarise connected ISPs, and it's then not to hard just to blanket ban the bad guys.
Imagine though, that instead of signing up just any plain individual with an ego problem, that you signed up a business for all of this junkmail.
Think about a company sabotaging its upstart competitor by saturating their mailbox with junk. The competitor starts missing bills, notices from vendors, etc.
Or even worse, imagine someone who has been screwed by the phone company one too many times decides to mailing list bomb their bill payment center. The costs of processing payments shoots up while mail peons have to separate the payments from the junk.
Congresspeople start getting cut off from their constituency.
etc...
And the worst part is that this is so hard to undo. Even if you take the effort to unsubscribe from every single mailing list you're on, it would take the attacker mere seconds to re-add you to all of them.
This is probably one of the most devastating non-violent denial of service attacks you can utilize today.
Moral of the story: don't piss people off.
As was pointed out by another poster, pre-sorted mailings actually consume much less USPS resources than private mailings. Often the sending company actually delivers the mailing to the regional post office of their destination. Additionaly, the bulk mailers actually (in effect) subsidise private use of the post office. In other words, without junk mail you're be paiying considerably more for a stamp as mail-people would be walking around delivering one or two peices of paid mail to each household instead of 1 or 2 pieces of private mail and 4 or 5 pieces of paid bulk mailings.
These people look deep into my soul and assign me a number based on the order I joined.
"A scenario could be imagined..."
Yes. Many scenarios could be imagined. I can imagine a scenario where people will push other people over 4' high handrails. I can imagine a scenario where allowing people to use automobiles will allow them to crash into each other. I can imagine a scenario where allowing farmers to use fertilizer will make it easier for terrorists to create explosives. I can imagine a scenario where allowing people to have pocket knives will lead to stabbings.
I can also all too easily imagine a scenario where legislators get all worked up and frothy about imagined scenarios and start whacking us with ever more ridiculous legislation. "I can imagine..." is no excuse for knee-jerk inappropriate action. These day, however, that seems too much to hope for; so I get a little concerned when I see yet more hand waving "look at me!" attention getting bullshit like this.
It would be very simple for a company to defend against being used in a scripted mail DOS attack.
With a bit of imagination the authentication could be turned into a compatition...
Merge an online directory lookup with your junk mail script. Now junk mail bomb a single zip code. Sounds to me like it scales.... I doubt the whole USPS, but for one or two post offices? Easy!
From the headline, I thought this article was going to be about that shooting at Case Western. The apparent motive was that the victim left a nasty message on the shooter's guest book: Biswanath Halder vs. Shawn Miller, et al.
-- Don't Tase me, bro!
Letters that are that important should be sent by registered mail.
to wreak havoc on the postal system for political reasons,
Provided the US government isn't subsidizing junk mail (if they are, they should stop), every piece of junk mail that is sent makes the USPS a small profit. Well, then let them "wreak" away.
or even worse, to serve as a diversion for a terrorist act, such as the mailing of a contaminated letter.'
I somehow have a hard time seeing how this is a serious risk, over and above the general risk of "contaminated letters".
Remember that security consultants and "experts", like politicians, have a tendency to create unnecessary fear in order to hype up their own importance.
I hate to sounds callouse, but anything it takes to shut down the spammers, short of death or injury, is an acceptable cost in the long run.
The problem of spam has not received any reasonable consideration by The Powers That Be in the Political engine until it starts to cause real, tangible, measureable harm.
Given the theme here you bet Im posting as AC.
If you geeks are so clever, how come you are indulging in such fatuous behaviour and generally behaving like "the mob" in a Hammer Horror film.
Oddly you never trust the media yet (FUD is the trendy word at the moment), when this comes out, its read the article, or not(!) (don't check secondary sources or anything) and wade in.
Reminds me of a wave of Paedophilia related mini-riots we had in the UK stirred up by the papers, where a Paedeatrician was attacked (although I find it darkly amusing that the mob thought someone would advertise their illegal proclivities via a brass name plate attached to their house, and claim to have a number of higher degrees in it, but i degress here).
God help you when someone maliciously points the finger at you as a "spamking" for a laugh... all you who posted above with your emails and webaddresses better bear in mind it would be rather easy (about as hard as my typing this post
now).
"Don't piss off nerds" you cry. Just goes to show the circles you move in. Or what, you'll send the guy a Radio Shack catalogue? Phone him up in the middle of the night and tell him your GPA? Scarey. Better that than piss any other sector of society off; they'll come round and beat the shit out of you. Better hope this spam guy doesn't remember how to give wedgies or you're in for some serious pain.
Basically, you make yourselves look like stupid knuckleheaded thugs and at the same time rather puny. A rare feat indeed.
Flamebait? I'd like to think I'm commenting about the hotheads already ignited.
resistance against cheese-eating surrender monkey imperialism
If it's an Irishman, then it depends which way the wind is blowing - at the moment, it'd be terrorism, but in the good old days when Noraid had the ear of the presidency, it was freedom fighting.
oh brave new world, that has such people in it!
I don't think this invalidates their conclusions, but there is one "fact" that is not actually true. The Star article states:
Sure, Google says that it found "about 259,000" search results. However, paging through the results themselves reveals that it only found 839. Including the omitted, very similar pages, there are still only 997.I think that the web has a huge number of automated forms that could be used for this kind of attack, but you would have to do a little more digging for them than the article implies.
Weren't there a couple of "mail dumping" incidents a couple of years ago?
IIRC, they found one postal worker with a whole basement/attic/whatever filled with undelivered mail, and other worker was found to be dumping it under an overpass or something.
The residents had complained for years about poor mail service, lost mail, etc and when they finally found out what was going on it looked like the whole postal zone was a fscking disaster (bad management, etc etc etc).
Overall, this seems like a rare exception. I've never had a bill not get paid or not gotten something due to the post office.
In fact, I've had more problems with UPS trashing packages.
A sending list.
Instead of buying a CD with a million email addresses, you buy a CD with the location of 100,000 catalgue/political/newsletter mailing list signup forms and a program to fill them out with your victim's information.
paintball
Face any form of technology can probably be exploited for terorist purposes. Plan on how to counter it but don't knee jerk any more idiotic laws.
An evil person can use anything for evil. Outlaw everything!
Professional Politicians are not the solution, they ARE the problem.
What about all the important email that gets buried under a deluge of electronic spam? Aunt Martha's prize winning cookie recipe, for example, might get lost among the hot naked teens emails. At least with email we can try to put a filter on it. But what is the government's policy about XXX regular mail coming to a 10 year old? Does that child really need his penis enlarged? An email from a teacher or college professor could easily be buried.
Someone should write a white paper detailing ways to get Slashdot to post dupes, and how it could potentially be used to do malicious things, like delaying the posting of real news.
Manipulate the moderator system! Mod someone as "overrated" today.
Even scriblings on an envelope can be automatically read these days. Only about 1-5% which the machine can't manage get sent to humans for decyphering. Which means that hand-scribbling should only be marginally more expensive than the bar codes.
I had the privilege of seeing one of those machines in action here in Aachen Germany. They sort so fast, you can't follow the letters with your eyes! Pretty cool stuff.
One way to prevent a scripted catalog-signup attack would be to centralize the processing of the signup forms. If all signup requests were routed through a single source, that source could easily detect a spike in signups. At that time, a confirmation phone call or letter could be sent to the recipient to determine whether they actually want all the junk, much in the same way that email list signups often generate an email that requests confirmation.
Of course, there are privacy concerns, centralization vulnerability concerns, and the issue of getting people to use the system. There is a collective action problem because normal members of the public don't have much of a reason (or way) to pay for this, and the catalog companies don't have much incentive to pay for it either since it's probably cheaper to send the occasional unwanted catalog than it is to restructure and pay more for their signup system.
-Mason
I find it hard to see how he is going to find a person to take to court in the physical attack. When you sign up for some thing they don't take many details. But the internet keeps records and so it could be easier to trace.
This is a message to all the infidels and to America... you should know that we can destroy you. Those great men entrenched faith in the hearts of the believers.
Americans : Ever been away on vacation only to find your mailbox stuffed full of mail? Likely one or two important letters was in that big heaping wad of damp and compressed paper and coupons and shit.
So now you must sit and spend an hour or more sorting through this mess, time wasted on a menial dumb stupid sorting task for which you receive no pay. Is this fair? Is this freedom? From what? It feels like slavery to a dumb system.
At least in some enlightened European countries you can magically block bulk mail delivery using nothing more than a free sticker applied to your mailbox, which the postal service is then obligated to respect. Why don't USPS offer this?
Peel, apply, press, presto! No more bulk mail!
Yes, I know old Elanor is dead, but others still talk to her and I just want to make my point to them. I would have mailed Santa Clause at North Pole, but that's where the nukes will go off in event of accedental firing. To take care of that, I'm emailing a nice computer called Wopper about a few games.
Back to my evil plans, such as a distributed timed arson attack using nothing more than an old truck, soda pop bottles, gasoline and a few hundred stollen watches. Oh wait, that plan could be implemented and does not have any place in the nuke/anthrax/killer ant fantasy presented above. I'll be quiet now before some moron gets ideas about the destructive uses of simple tools. No, I know that anyone with a modicrum of research and desire will continue making and executing such plans, I just don't want some moron thinking that I might and messing with me in unAmerican unconstitutional ways.
Friends don't help friends install M$ junk.
The STMP protocol should be extended; the receiver can require the sender to factor a large prime number before the message will be accepted. A few seconds CPU time per legitimate message is no biggie, but...
...is "Don't Spam."
Ralsky has no one to blame but himself. If he didn't make a career out of abusing other people's private property, none of the crap that's happening to him would ever have happened.
No matter if it's 'right' or 'wrong' to take someone's personal info and feed it to catalog houses, it still comes back to one simple idea; You Reap What You Sow, or 'Do Unto Others,' etc. Ralsky has been heaping abuse on other people's in-boxes, servers, etc. for years, and now he's reaping the fruits of his labors. If they're inedible, it's his own fault.
Bruce Lane, KC7GR,
Blue Feather Technologies
Anthrax doesn't kill people. People kill people. The solution? Ban people! Let's nip terrorism right in the bud! The majority of terrorists are people, not so much dogs, or robots (until maybe Judgement Day). I'm going to get a people detector installed in my house, with an automated gun turret! Hasta la vista, people!
Escape Pod Films: Sketch Comedy and Web Series
Is that like Pluto's Kiss? Or am I thinking of .hack?
I admit there is some validity to all this. But, I think the USians are becoming a little TOO paranoid at this point. Sure we got hit with 9/11, but I this is just a bit much. What is it about Americans these days running around scared of everything? I'm an American and I can tell you that this country is losing it's mind with fear:
-Fear that someone in a bigger vehicle will kill your family. So what do you do? You go out and buy an even bigger vehicle than you had before? WTF?! You need to find out what's REALLY at the root of your fears and look it in the face.
-Fear that someone will break into your suburban home where the liklihood of you actually being involved in a violent crime is still insignificant comapred to 1960. (Yes there has been an increase, but we're still talking less than 1% risk... So what do Americans do? They buy guns.
Fear that *GASP* you don't have a big enough schlong. So you buy big bad cars, get a toupee, or spend your money very conspicuously to show everyone how much better you are than them. Doesn't help that rotten feeling inside though does it? Deal with it! Nature gave you a smaller dick than Ron Jeremy. So fucking what?! If you can still stick it in your girlfriend, wife or boyfriend's hole, then what's the problem? But what do you do? Instead you buy Vigra through unauthorized channels like an idiot not realizing that it's probably not going to do you any fucking good.
-Fear of life itself. I see so many new drugs advertised on TV here in the US it's ridiculous. And the list of side effects that go with these drugs is even more ridiculous. Have you ever seen a Propecia ad? It basically says, "Choose!! Either risk having a mutated or dead baby, or be bald!" The push for anti-depressants is incredible. There is is bizarre desire on the part of most Americans to want to be "happily in a state of controlled euphoria". How fucking mentally ill is that?! I'm sorry, but there is this thing called "real life" that has it's ups and downs. DEAL WITH IT!!! Don't think that some magical pill is going to fix your problems! If you're fat, then change your diet and excercise! Or, you can accept that maybe your genetically predisposed to being obese and tell everyone else to fuck off. If you are unhappy, then get to the root of the problem. Go see a phychologist, a clergyman, a shaman. Whatever you need to get your problems off your chest. IF, at the end of it all you still feel depressed and the experts you talked to don't see any reason for it, then MAYBE you need an antidepressant. ON the other hand... maybe you need to re-evaluate your life and the direction you've chosen. Are you in control of your life or is someone else? Keep in mind that there are lots of other people who want to control you in this supposedly "free country".
FDR said it best, "There is nothing to fear but fear itself." Wake up folks! Be brave! Put down your guns. Wean yourself of the infantile dependance on SUVs, pharmaceuticals and television. Live a little!!! Remember, when life kicks you in the ass, that's a good thing because it means your still alive!
Well, I had a rather important letter go missing in the mail...
During my senior year of high school, I visited a college that I was interested in attending. They were very interested in me, and offered me a full scholarship. They gave me some papers to fill out while I was there. I filled those out, but apparently there were some papers they forgot to have me fill out while I was there, so they mailed them to me. They didn't call to say they had sent anything. Those papers never arrived. Later, when I called the financial aid office to check on my status, they said that I hadn't sent back the papers in time ("papers? what papers?") and the scholarship was awarded to another student. I don't know for certain that the US mail was at fault (it could have been the college just screwing me over, but I can't see their incentive to do so), but we lost an awful lot of bills when we had that particular mailman. Eventually they gave my mom a new mailman, and she stopped losing mail, but I was already going to a college I couldn't afford. Oh, well, $60,000 down the hole. Thanks US Postal Service!
The US Immigration and Naturalization Service (now the BCIS as part of their re-org into Homeland Security) trusts the mail implicitly, unless they're sending you a notice that your application was denied (then they send it certified). A notice to come to a fingerprinting was not sent certified, got lost in the mail (although I have serious doubts on whether it was ever sent in the first place), and resulted in a $110 charge for me to reopen the case. Thanks a lot, guys.
I'm sure that plenty of important mail gets lost because some agency or another was too cheap to use a reliable mail service -- after all, if they send it reliably, it costs them a little extra. If, on the other hand, you lose it, they get a hundred bucks for refiling. No disrespect to the post office intended; it's the fault of the system design. Think of mail like you do UDP: Fast, simple, cheap, and unreliable.
There's no sig like this sig anywhere near this sig, so this must be the sig.
Revisit Ralsky and modify the name. A Ralsky needs spammed, as does AL Ralsky, B Ralsky until he quits! He has not quit. He still is a lowlife. He is a person deserving no less than he deals out!
Seriously though, if you need an hour to separate junk mail from real mail, you might want to review that superior attitude of yours.
The only thing necessary for the triumph of evil is for good men to do nothing. --Edmund Burke
Perhaps we should sign up some of our gov't officials to recieve massive-anonymous-mailings (MAMs) so that they might enforce some reasonable rules about snail-mail.
I recently went through a letter-war with my postman when I recieved a bit of junkmail sent to "occupant". The result was a much-mangled envelope with the word "occupant" scribbled multiple times in green (that was the Postman, did that). I finally fed it to my neighbors dog.
You're a real ass. The postal workers union is about as useless as tits on a bull, and the government exempts itself from all sorts of labor laws.
Postal workers, particularly those in the sorting centers work very hard -- they don't have a choice or a teamsters union to lighten the load.
Conformity is the jailer of freedom and enemy of growth. -JFK
or even worse, to serve as a diversion for a terrorist act
Finally.. and answer to junk mail! In our society of banning the tool, not the act (a la Napster), this translates into banning all forms of junk mailings! WOOOOOOOT!
Of course, none of this takes into account what happens when an overexcited script kiddie targets the wrong address for attack. This happened in the Ralsky case--if you go back, you'll see that people mistakenly posted his old address, the wrong phone number, etc. So some poor innocent sap (who could just as well be you) gets a dozen subscriptions to Hot Wet Naked Shaved Teenage Catholic Schoolgirls and Buff Biker Bears that he has to explain to his wife.
I guess that's just "collateral damage," right?
when the local LUG, gaming club, and anime association all stormed krispy kreme at the same time.
I have always sent those MS software registration cards in but never filled them out. I figured this was my small pinprick at the evil corporation (making the pay for the postage). I send 25-30 a month (working for a computer company installing networks) MS pays for the postage, the US postal service gets paid and I get a good laugh picturing the frustrated MS employee opening the blank card. Now instead of sending them back blank I'll just fill them out with an enemies name and address thus ensuring the vicious cycle of junk mail continues.
:)
If everyone sends back all the postage paid envelopes they get from registration cards, advertisements, the back of magizines and other junk maybe we can help the postal service out of their financial crisis. Prevent another stamp increase by having big evil, greedy corporations like MS to help subsidize them by driving their postage expenses through the roof.
If you don't wanna fill out the forms just shred them, put them back into the envelope and mail back. The operator of the automated machined thats supposed to open the envelope and remove the form will shit as the machine opens the envelope and is jammed to high hell because of all the little paper pieces you mailed back. In the case of MS, causing them even more time and money
argh, why must everyone in the government/news agencies/popular media/academy relate EVERY issue to terrorism? I'm sorry, but the idea that this has ANYTHING to do with terrorism is like saying that petitioning could be used for terrorism. Pretty soon anything that goes against businesses/government/assholes will be a "terrorist act". Wake UP America, there are other things to worry about (e.g. The increasing nat'l debt, growing inequalities between rich and poor, shitty public schools, RIAA, pissing off the world community, deregulation of the media, NO FRIGGIN' JOBS, tanking economony). Damn man, talk about WEAPONS OF MASS DISTRACTION!
Nobody said you couldn't use MS Passport or Gator. (Of course, you may want a sacrificial machine to run this on.) Heck, use the tools of the devil to attack his disciples!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
The physical world terrorizes you!
They get six weeks vacation over there, and hence, have a correspondingly bigger pile of mail when they get back from Spain.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
The only postal workers I've run into are A) the morons working the counters at every post office in the US B) USPS logistics drivers, the lowest form of trucker on the planet, and C) Postal inspectors, say no more, and D) My rural route carrier who does a fantastic job BTW.
I've worked in high volume mail processing (check my resume, RR Donnelley and Son's Kentucky Magazine division), yeah its shitty work, but someone has to route your issue of Maxim or mother's day card. Pay is reasonable at the local mail sort facility, in line with the pay scale at the local factories for someone with a GED or High School diploma with the exception of the Corvette plant (UAW takes care of their people)
09f911029d74e35bd84156c5635688c0
It seems clear the author's of this paper got their inspiration from a recently aired Pinky and the Brain episode. In this episode, Brain wants to overload the mail system by getting people's addresses through an info-mercial and then sending everyone mountains of spam. Brain would then run for office as dictator of the world and promise to stop all the spam.
Watch party platforms near you for spam-related issues.
Too bad the threat of overloading the mail system was thought up years ago by Pinky and the Brain storywriters.
Nah, probably wouldn't work... The virus would produce enough publicity that the Catalog companies would know about it and it would be in their interest to eliminate bogus mails from going out. Someone would reverse engineer the virus and use that information so that catalog companies could protect their online forms.
Impact would be minimal.
Damn, I'd really like a way to stop junk mail though...
It's a little dated, but it's a straight definitiom. Terrorists strike at target of opportunities in urban areas. The goal of their attacks is usually not to go after military targets--in most cases the're too well defended (although see Beirut, Khyber Towers, Pentagon and if you're willing to split hairs. the King David Hotel) but to inspire confidence in those who would support them ("We can win this struggle!") and inspire fear in their enemies ("They came out of nowhere. How could we let this happen?").
Many terrorist organizations don't have a sufficiant grasp of political reality to transform their terrorist activities into an effective opposition. Al Quada's goal was something along the lines of "worldwide Islamic Revolution"-- something that can probably be characterized as "pure fantasy." Although bin Laden's "simultaneous , multiple target" signature may have won him respect from other terrorist organizations, his tactics did little, if anything, to secure his stated political goals, and have instead (deservedly so) marked him as a mass murderer.
Christopher Hitchens defined terrorism as the tactic of demanding the impossible, and demanding it at gunpoint. It's a interesting definition, but, of course it all depends on what one views as impossible.
... try not having them. Without the labour movement we'd all be working 14 hour days for $3.50 an hour (with no benefits of course). Try being efficient for $3.50 an hour, at 7 pm on a Sunday, with an untreated infection.
Freedom: "I won't!"
Of course its automated.
OOooo.... SNAILSPAM Washington! There has to a be a list of all the congressmen's address....I think they'll 'get' it after that! (Crap...I'm gonna get blamed for this aren't I..)
That doesn't let you catch every spammer that spams you, but it's enough that it can theoretically be very annoying to small spammers, who have to show up personally, and are more likely to be receptive to the message that "everybody hates you, and we'll make you lose money and spend lots of time being told that everybody hates you." (And if not, then hey, it's an $200 check for an evening's trip to Small Claims - busting spammers can be profitable if you 're in a state with that kind of law.) Big spammers are likely to annoy more people, and usually incorporate to protect their owners, so they probably have to send a lawyer to the courts rather than the owner, but that's fine too. On the other hand, they're much more likely to locate to states that don't have such laws, so they're only subject to Federal laws.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I can think of a million ways to use the internet to cause more havoc than just stuffing someone's mailbox with porn.
Probably the coolest thing you can do with the internet is to cause a revolution. And if you don't see it, you're the one who's losing.
God spoke to me
It is the year 4022; all of the ancient country of Usa has been buried under many feet of detritus from an accident with a computer and a junk-mail system back in 1985. Amateur archeologist Howard Carson, crossing the perimeter of an abandoned excavation site, felt the ground give way beneath him and found himself at the bottom of a shaft, which, judging from the DO NOT DISTURB sign hanging from an archaic doorknob, was clearly the entrance to a still-sealed burial chamber.
And he goes on to describe the items in the Toot'n'C'mon Motel and speculate about what they must have been used for by the ancient inhabitants...
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
(C) Kaki Sain, 2011. By reading this, you have illegally copied my property to your brain.
Am I the only person that doesn't mind junk mail all that much? I mean the paper stuff. Anything addressed "Resident" (of course I screen it) goes to my 4 year old daughter. She loves getting 'mail'.
If the marketing companies want to waste their postage to provide my kid with entertainment, that's on them.
Getting people to use the service would not be all that difficult.
Sending gobs of bulk mail to uninterested parties costs them money. This would be a valuable service for the bulk mailer to take advantage of.
This space intentionally left blank
Every one should know by now you Never Ever piss off a geek.
Never underestimate the power of stupid people in large numbers.
I didn't realize that the systems had become that accurate, the last time we were working with auto-sorters it was about 25-30% kick rate, helpful, but you still needed a lot of human eyes.
09f911029d74e35bd84156c5635688c0
As far as I know the anthrax attacks are as yet unsolved, and there is no evidence that they were or were not perpetrated by an American. Perhaps I missed something in the news; if so, would anyone care to enlighten me?
- First they ignore you, then they laugh at you, then ???, then profit.
Germany circa 1930's...
Didn't their Chancelor do this too back then?
I love history, the politicans always step in like pigs to slop!
[An open letter to the paper authors:]
m
Your paper "Defending against an Internet-Based Attack on the Physical World" describes a number of coutnermeasures, almost all of which are focused on the Internet level of the attack.
Since most of the actual bad consequences of the attack come due to the "mail implosion" at the target address, it seems to me that there are other defensive possibilities based on detecting and averting the mail implosion before it happens.
The only entity in a position to do this is the post office itself. But the post office is already in the business of knowing the destination address of every piece of mail in its system. If the post office were able to mine the addressing data in its system to such an extent as to be able to detect sudden service-threatening implosions targeted at a particular address, the post office itself would be able to flag such mail as "nondeliverable due to system abuse" (perhaps with a notification to the target address that their mail was too voluminous to be delivered).
This would of course require exceptional investment in real-time tracking systems by the post office, although since all that is really required is a count of "number of mailings addressed to target" (and not an actual index of what the mailings themselves *are*), it is possible to avoid the overheads of constructing a full per-package tracking system.
This defense, it seems to me, would be performed by the actual victim of the attack -- the post office itself. Moreover, it is hard to see what countermeasures an attacker could employ to circumvent the post office's own monitoring of its traffic.
(I would imagine similar techniques at the email level are likely already used by ISPs to protect users against email implosion attacks...?)
What would you consider the strengths and weaknesses of this defense?
Thank you for a thought-provoking paper.
Sincerely,
Rob Jellinghaus
rob@helium.com
http://www.helium.co
I can think of two reasons just off the top of my head:
1) The Postal system is quasi-government, but they're in the business to make money (well not lose a lot anyway). Bulk mail postage helps keep the wheels moving.
2) A lot of junk mail now is tagged to look important. Makes it harder for a mail carrier to make that judgment call on the letter. Just easier to chuck the whole wad into your box.
An aside on 2 above:
When you get credit cards/ATM cards, they come in nondescript envelopes, to make it less likely to get stolen. I usually check all plain envelopes now, feel them for a plastic card to see if Citibank has sent me a new card, or if some bank sent me a credit card I didn't ask for (has happened). I'm starting to see junk mail taking advantage of that behavior, a plain envelope with a hard card in there someplace, to make me open the thing and look at the contents. The bastards.
We need a script that sends email back to all email adresses in spam. If 99% of all answers to spam are bogus, they will stop spamming.
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
You have managed to perfectly capture his whining tone !
Terrorism is whatever the far right in power in the US says it is.
And since you have raised objections you look actually quite suspect.
Welcome to the magical world of the PATRIOT act!
IANAL but write like a drunk one.