Slashdot Mirror
NYT Reports Porn Spam Hijacking Network
twitter writes "This NYT story describes how thousands of PCs have been used as porn spambots and reverse proxy servers, and mentions that they could be used for kiddie porn. Finally, though Microsoft is not mentioned, people might start to understand what a monoculture of poor quality software enables."
Finally, though Microsoft is not mentioned, people might start to understand what a monoculture of poor quality software enables.
Laugh.
When do we got to mod the articles themselves as flamebait. Much more of this crap and slashdot is going to News for Weenies, Stuff that Bores.
-Matt
Is this a pornjacking or a spamjacking?
disturbing.
IT must be microsoft's fault no other OS has ever had a problem and I am not responsible for what I do on a computer...
Now I've got a great new excuse when the wife stumbles onto things...
Stop by my site where I write about ERP systems & more
NYT registration site stories should be filtered.
There might soon be laws that require a minimum amount of security to insure the general well being of other people connected on the internet. Sort of like minimum safety requirements on cars. I wonder if Microsoft will pass the test?
I guess that's pretty authoritarian, and there are better ways to beat spam. Still... the elimination of the luser is a shining grail for us all, no? ;)
Finally, though Microsoft is not mentioned, people might start to understand what a monoculture of poor quality software enables."
Umm, no they won't. First of all, very few people would notice the article in the first place. Second, people who did notice wouldn't know what to do to protect themselves (not supporting MS isn't an option for 90% of the computer users in the world). Third, was the comment necessary?
This could make for an excellent convenient excuse... "I'm serius honey, I have no idea how that Jill Kelly lesbian porn AVI got on our computer. Our computer must be being used as one of those porn bots we heard about on the news last night. Damn those hackers!"
"We are all in the gutter, but some of us are looking at the stars." - Oscar Wilde
"The rogue program does not affect the Apple Macintosh line of computers or computers running variants of the Unix operating system."
so um, not to Microsoft bash or anything, but what OS does this 'sploit attack then?
Erm, yes your honour, my PC was hacked and reversed proxy-thingy-ed and that's what all those pictures were.
Honest.
That's gotta be one of the most FUDaliscious articles I have ever wasted my time on.
"Some random guy says grillions of computers are infected with an undetectable virus and is going to distribute kiddie porn!!"
Please.
P.S. I'm not saying it's not possible, but for fuck's sake, get a few details before bothering to blather on about it for pages at a time.
Try this link
Well, there's spam egg sausage and spam, that's not got much spam in it.
Why do the Slash Editors(ha!) put this drivel up? We can bash Microsoft enough in the comments without the extra crap in the article itself.
An optimist believes we live in the best world possible; a pessimist fears this is true.
here
if it was legal, i bet it could be quite useful. it would make /.ing alot harder of a job.
I want 2D games back.
What is it with the mass media not wanting to say that a given worm or trojan affects only systems running Microsoft Windows?
"...though Microsoft is not mentioned, people might start to understand what a monoculture of poor quality software enables."
Shouldnt that read:
"... though Microsoft is not mentioned, we thought we might use this as an excuse to attack them anyway."
I mean I understand MS doesnt exactly have a large fanbase here but that is frankly ridiculous.
<fnord>OBEY</fnord>
here you go
There is no god
Hackers Hijack PC's for Sex Sites
By JOHN SCHWARTZ
ore than a thousand unsuspecting Internet users around the world have recently had their computers hijacked by hackers, who computer security experts say are using them for pornographic Web sites.
The hijacked computers, which are chosen by the hackers apparently because they have high-speed connections to the Internet, are secretly loaded with software that makes them send explicit Web pages advertising pornographic sites and offer to sign visitors up as customers.
Advertisement
Unless the owner of the hijacked computer is technologically sophisticated, the activity is likely to go unnoticed. The program, which only briefly downloads the pornographic material to the usurped computer, is invisible to the computer's owner. It apparently does not harm the computer or disturb its operation.
The hackers operating the ring direct traffic to each hijacked computer in their network for a few minutes at a time, quickly rotating through a large number. Some are also used to send spam e-mail messages to boost traffic to the sites.
"Here people are sort of involved in the porno business and don't even know it," said Richard M. Smith, an independent computer researcher who first noticed the problem earlier this month. Mr. Smith said he thought the ring could be traced to Russian senders of spam, or unwanted commercial e-mail.
By hiding behind a ring of machines, the senders can cloak their identity while helping to solve one of the biggest problems for purveyors of pornography and spam: getting shut down by Internet service providers who receive complaints about the raunchy material.
The web of front machines hides the identity of the true server computer so "there's no individual computer to shut down," Mr. Smith said. "We're dealing with somebody here who is very clever."
By monitoring Web traffic to the porn advertisements, Mr. Smith has counted more than a thousand machines that have been affected.
The creators of the ring, whose identities are unknown, are collecting money from the pornographic sites for signing up customers, the security experts say. Many companies play this role in Internet commerce, getting referral fees for driving customers to sites with which they have no other connection.
The ring system could also be used by the hackers to skim off the credit card numbers of the people signing up, said Joe Stewart, senior intrusion analyst with Lurhq, a computer security company based in Myrtle Beach, S.C.
The current version of the ring is not completely anonymous, since the hijacked machines download the pornographic ads from a single Web server. According to the computer investigators, that machine apparently is owned by Everyones Internet, a large independent Internet service company in Houston that also offers Web hosting services to a large number of companies. Jeff Lowenberg, the company's vice president of operations, said that he was not aware of any illegal activity on one of his company's computers but said that he would investigate.
Mr. Stewart said the ring was most likely a work in progress, and that flaws, like being tied to a single server, would be eliminated over time.
He said the ring was troubling not just because of what it is being used for now but also because of what it might be used for next.
"This system is especially worrisome because they have an end-to-end anonymous system for spamming and running scams," he said. "It's not a far stretch to say that people who are running kiddie porn sites could say, `Hey, this is something we could use.' "
The computer ring is the latest in an evolution of attacks that allow creators of spam and illicit computer schemes to use other people's computers as accomplices. For several years, senders of spam have relied upon a vestigial element of the Internet mail infrastructure known as "open relay" to use Internet servers as conduits for their spam.
As network administrato
Having worked the abuse@ email address for a DSL provider, I've been seeing this for a couple of years. It's interesting that the mainstream news is finally giving lip service to the problem, though. I heard a commentator on the ABC radio network mention open relays on mail servers the other day during morning rush hour.
Someone (by someone, I mean companies that put out SMTP servers with a large share of the market) should strike while the iron is hot and take it a step further by airing some simple PSA's during a small assortment of shows. Maybe some must see TV "The More You Know" type thing...
I had a sucky sig.
More than a thousand unsuspecting Internet users around the world have recently had their computers hijacked by hackers, who computer security experts say are using them for pornographic Web sites. The hijacked computers, which are chosen by the hackers apparently because they have high-speed connections to the Internet, are secretly loaded with software that makes them send explicit Web pages advertising pornographic sites and offer to sign visitors up as customers. Unless the owner of the hijacked computer is technologically sophisticated, the activity is likely to go unnoticed. The program, which only briefly downloads the pornographic material to the usurped computer, is invisible to the computer's owner. It apparently does not harm the computer or disturb its operation. The hackers operating the ring direct traffic to each hijacked computer in their network for a few minutes at a time, quickly rotating through a large number. Some are also used to send spam e-mail messages to boost traffic to the sites. "Here people are sort of involved in the porno business and don't even know it," said Richard M. Smith, an independent computer researcher who first noticed the problem earlier this month. Mr. Smith said he thought the ring could be traced to Russian senders of spam, or unwanted commercial e-mail. By hiding behind a ring of machines, the senders can cloak their identity while helping to solve one of the biggest problems for purveyors of pornography and spam: getting shut down by Internet service providers who receive complaints about the raunchy material. The web of front machines hides the identity of the true server computer so "there's no individual computer to shut down," Mr. Smith said. "We're dealing with somebody here who is very clever." By monitoring Web traffic to the porn advertisements, Mr. Smith has counted more than a thousand machines that have been affected. The creators of the ring, whose identities are unknown, are collecting money from the pornographic sites for signing up customers, the security experts say. Many companies play this role in Internet commerce, getting referral fees for driving customers to sites with which they have no other connection. The ring system could also be used by the hackers to skim off the credit card numbers of the people signing up, said Joe Stewart, senior intrusion analyst with Lurhq, a computer security company based in Myrtle Beach, S.C. The current version of the ring is not completely anonymous, since the hijacked machines download the pornographic ads from a single Web server. According to the computer investigators, that machine apparently is owned by Everyones Internet, a large independent Internet service company in Houston that also offers Web hosting services to a large number of companies. Jeff Lowenberg, the company's vice president of operations, said that he was not aware of any illegal activity on one of his company's computers but said that he would investigate. Mr. Stewart said the ring was most likely a work in progress, and that flaws, like being tied to a single server, would be eliminated over time. He said the ring was troubling not just because of what it is being used for now but also because of what it might be used for next. "This system is especially worrisome because they have an end-to-end anonymous system for spamming and running scams," he said. "It's not a far stretch to say that people who are running kiddie porn sites could say, `Hey, this is something we could use.' " The computer ring is the latest in an evolution of attacks that allow creators of spam and illicit computer schemes to use other people's computers as accomplices. For several years, senders of spam have relied upon a vestigial element of the Internet mail infrastructure known as "open relay" to use Internet servers as conduits for their spam. As network administrators have gradually shut down the open relay networks, spam senders have used viruses to plant similar capabilities on home and business computers. But this appears to be the first viral infe
Here is a better URL that did not require registration http://www.nytimes.com/2003/07/11/technology/11HAC K.html?ex=1058500800&en=dfe68a99bce4317d&ei=5062&p artner=GOOGLE
"Action is the thing that escapes most people. Great ideas are a dime a dozen. Great actions are few and far in between.
Finally, though Microsoft is not mentioned,
Oh, but we'll take care of that.
The coolest voice ever.
but then again, if you bitch about registration that much i bet you steal your neighbors paper too... so they wont know where you live.
I want 2D games back.
seriously...slashdot readers can be so blind
why is it always and exploit on a microsoft OS?
well, maybe because the vast majority of people in the world use Windows. So if you're a hacker do you spend your time hacking Apple/Linux or Windows? Windows of course, because there are more users.
if Apple or Linux were the predominant OS in the world, then they would be the ones getting hacked and all of you would consider Windows to be "secure".
Piss off.
Translation:
Use your built-in filter - your brain. If you see "NYT" then skip the story. Not everyone is averse to filling out a free registration form (using real or imagined data) in exchange for content.
I needed a new place to store/share mp3s.
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
More than a thousand unsuspecting Internet users around the world have recently had their computers hijacked by hackers, who computer security experts say are using them for pornographic Web sites.
The hijacked computers, which are chosen by the hackers apparently because they have high-speed connections to the Internet, are secretly loaded with software that makes them send explicit Web pages advertising pornographic sites and offer to sign visitors up as customers.
Unless the owner of the hijacked computer is technologically sophisticated, the activity is likely to go unnoticed. The program, which only briefly downloads the pornographic material to the usurped computer, is invisible to the computer's owner. It apparently does not harm the computer or disturb its operation.
The hackers operating the ring direct traffic to each hijacked computer in their network for a few minutes at a time, quickly rotating through a large number. Some are also used to send spam e-mail messages to boost traffic to the sites.
"Here people are sort of involved in the porno business and don't even know it," said Richard M. Smith, an independent computer researcher who first noticed the problem earlier this month. Mr. Smith said he thought the ring could be traced to Russian senders of spam, or unwanted commercial e-mail.
By hiding behind a ring of machines, the senders can cloak their identity while helping to solve one of the biggest problems for purveyors of pornography and spam: getting shut down by Internet service providers who receive complaints about the raunchy material.
The web of front machines hides the identity of the true server computer so "there's no individual computer to shut down," Mr. Smith said. "We're dealing with somebody here who is very clever."
By monitoring Web traffic to the porn advertisements, Mr. Smith has counted more than a thousand machines that have been affected.
The creators of the ring, whose identities are unknown, are collecting money from the pornographic sites for signing up customers, the security experts say. Many companies play this role in Internet commerce, getting referral fees for driving customers to sites with which they have no other connection.
The ring system could also be used by the hackers to skim off the credit card numbers of the people signing up, said Joe Stewart, senior intrusion analyst with Lurhq, a computer security company based in Myrtle Beach, S.C.
The current version of the ring is not completely anonymous, since the hijacked machines download the pornographic ads from a single Web server. According to the computer investigators, that machine apparently is owned by Everyones Internet, a large independent Internet service company in Houston that also offers Web hosting services to a large number of companies. Jeff Lowenberg, the company's vice president of operations, said that he was not aware of any illegal activity on one of his company's computers but said that he would investigate.
Mr. Stewart said the ring was most likely a work in progress, and that flaws, like being tied to a single server, would be eliminated over time.
He said the ring was troubling not just because of what it is being used for now but also because of what it might be used for next.
"This system is especially worrisome because they have an end-to-end anonymous system for spamming and running scams," he said. "It's not a far stretch to say that people who are running kiddie porn sites could say, `Hey, this is something we could use.' "
The computer ring is the latest in an evolution of attacks that allow creators of spam and illicit computer schemes to use other people's computers as accomplices. For several years, senders of spam have relied upon a vestigial element of the Internet mail infrastructure known as "open relay" to use Internet servers as conduits for their spam.
As network administrators have gradually shut down the open relay networks, spam senders have used viruses t
Pete Townsend could have used this article a few months ago.
Not to mention the obviousness of using such a widespread and vulnerable platform. I think this is what everyone's getting at.
And to think of how many NT4 machines are out there with a root RPC vulnerability that MS refuses to fix. If someone's running NT4, I don't know how likely it is they are going to apply anti-virus patches. I think MS leaves footprints of vulnerabilities for this sort of problem for years after releasing products, regardless of actions others take to try to help.
The only thing more dangerous than a file named -rf is renaming it -rf\ /
According to that statement, my Amiga and Commodore 64 might be affected. 1000 computers affected one the net? That seems like the right number of those computers left in the world. I guess I'll have to spent days and nights wondering if mine are affected.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Gosh, I wonder who it does affect? I mean, who's left?
Serious question: So why is the NY Times being so purposefully evasive?
Thanks for the large block of text. Perhaps some might find it worthwhile to register for free in exchange for viewing a formatted version of the article. And get this...you don't even have to use your real name to register! They'll never know!
In my experience, end-users who are not tech-savvy have little real understanding of online security practices: they tend to ignore basic things such as updating antivirus dat files because they don't know or don't understand. And from my own experience, I know that broadband providers are more interested in pitching all their cool features than they are in educating users how to be safe. Seriously, how hard would it have been for my ISP to have included a Sygate or ZoneAlarm trial on the install CD they had to send out anyway?
What kills me is that it's in the ISP's best interests to encourage safe computer habits, and they don't really emphasize that.
----------
Something cleverYou may be able to pull the wool over the eyes of some old judge, but when marriage comes into play it is a whole other ball game...
Husband: No honey that porn isn't mine. You see it was hacked and something to do with reversed proxied. I swear.
Wife: Next thing your are going to tell me is that I left the toilet seat up!
Score- Wife 1 / Husband 0
Or just wait 2 minutes, and let the slashdot community help you out.
--
Here's the thing though, with StarBand, they have an auto-imposed limit of around 500mb/week upload, and if you go over it, you are automagically shut off for a few days. The problem with this, and I have seen it happen, is that the Spam/Pornbots can infect a Starband Customers computer, and easilly make them go over their weekly 500mb upload limit. Thus causing them to lose their internet connection.
This poses a real problem, not only for the end user (The people I deal with are all in the far reaches of Northern Minnesota where Satellite Internet is the ONLY broadband option) but also for the ISP's. Its viruses/bots like this that make it even more necessary for legislation to fight spam.
The writers of the Bots would be the spammers, not the owners of the infected systems. Just because I borrow your car to deliver the paper, does that mean that in reality, you delivered the paper because it was YOUR car?
-I may not me amish, but I am a geek!-
There are three types of people:
(1) Those that recognize Microsoft's influence and approve of it.
(2) Those that recognize Microsoft's influence and disapprove of it.
(3) Those that are oblivious to Microsoft's influence and wouldn't care even if someone told them.
Groups 1 and 2 are not going to have very many people switching from one to the other. Group 3 is going to have even fewer people leaving it. So the whole "people might start to understand" bit is, quite simply, B.S. It reflects the submitter's membership in Group 2 more than anything else.
The coolest voice ever.
twitter writes ...Finally, though Microsoft is not mentioned, people might start to understand what a monoculture of poor quality software enables.
Twit.
hey! /. to understand...
it's funny!! you should have read the previous article on
it takes time to fill it out and time is money you know!
Hardly a fair question, and I'll use your car safety requirement example to demonstrate.
Back before there were seatbelt laws, many cars simply did not have them. So once those laws were put into place, would it be fair to expect older cars to pass the seatbelt test?
Now if this minimum security law you suggest were to become a reality, it would be Microsoft's responsibility to make sure that future operating systems pass the security test. But you cannot hold them to a standard that does not currently exist.
"Ask not what your country can do for you." --John F. Kennedy
The web of front machines hides the identity of the true server computer so "there's no individual computer to shut down," Mr. Smith said. "We're dealing with somebody here who is very clever."
Mr Smith:
For the sake of my sanity, I respectfully request that you not label these 2-bit punks as "clever", as you are giving them far more credit than they deserve. The folks who deserve the clever label work in marketing for Microsoft, because while they regularly advertise a secure operating system (that seems to get a critical "system comprimising" update at least once a week), they do not deliver on that promise yet manage to evade the wrath of people such as yourself.
That means no installing any software downloaded from the internet. I suppose you could checksum the download to ensure accuracy, but I would think that it'd be more along the lines of Altering this PC/installation in any way voids your warranty or somesuch nonsense.
You could always ignore them.
Or register, which you're obviously not entirely opposed to.
Take a little shot at MS in there somewhere so he doesn't have to. Christ... what a disgrace this site is becoming...
Quit, taco, and replace yourself with someone who cares about the readers and quality. PLEASE!
.. However, only the entry page was proxied (three A-Name entries for the domain - Cable/DSL addresses). URL's mentioned in spam will often point to these, though for heavier content (porn sites), only the initial page will be proxied. The domain listed in the spam message will often be very similar to the linked one from it (e.g. "thepornsite.com (==Proxy)" -> "pornsite.com (==real site, content)") Apparently this prevents most hosting companies/ISP's from shutting them down; and as mentioned in the article, the A-records for the proxy-domain are rotated regularly. A lot of money is paid for this illegal proxying "service" - approximately $500 a month, i've heard. The ones i've seen however, appear to be *nix boxes with SAMBA... though i didn't poke them too much. Thats quite unusual - windows is often a much easier target... But as these all had samba in common (139), i'd guess its a recent vulnerability in that...
What do you get when a product is made to sell (marketing guys dream) and not designed to tackle the task in hand with a proper apporach, read the discussion on "Quick 'n Dirty" vs. "Correct and Proper"?.
Microsoft is just living on a legacy of bad code (read insecure), they have enough money to start a project to clean up their OSes, but is that their preference? I think not. As long they have the stranglehold on the market they decide if you want a secure operating system, which is a no.
I hope to live to see the day when operating systems market for the PCs is better balanced
There are two kinds of egotists: 1) Those who admit it 2) The rest of us
Someone went to jail for running Microsoft Windows.
This isn't as far-fetched as you might think. For instance, the federal child-porn laws are strict-liability laws, which means that if someone is found in possession of child porn, they are guilty, regardless of how it got to their machine. So when these viruses start delivering child porn, some clueless windows user could literally get 5 to 10 years for running their machine without a firewall.
I say this is a good thing. When computer virus victims start getting jail time, the average populace will get serious about computer security. (Which of course, can only be a good thing for Linux.)
The society for a thought-free internet welcomes you.
Apparently, /. rules out the possibility ow world MS domination. Give the HERD mentality in the IT industry, the entire momentum could now switch to Linux.
:-)
In which case, the author feels a world of insecure Linux systems could be a kiddie-porn-peddlers dream. But then, that should be a nice problem for the Linux folks
Peace
If you keep throwing chairs, one day you'll break windows....
A properly configured NT/2000/XP systems with the correct security settings and policies in place wouldn't have any problem preventing virii from doing anything.
If Linux were in the mainstream, everyone and their mom would be logged in as root, like Windows users are with administrative accounts anyway. So why even pretend that Linux, should it ever become as mainstream as Windows, would be inherently more secure? The issue here is educating the users who open "FREE COLLEGE WEBCAM HOTTIES.EXE" rather than improving the quality of the software.
Registration Free Link
Click on the "Also by michael" link sometime. And then look around for the censorware story. It's enough to make you ill. Why is he still employed by OSDN?
Finally, though Microsoft is not mentioned, people might start to understand what a monoculture of poor quality software enables.
/.
Read that as "Although MS isn't implicated at ALL in the article, I as a Slashdot reader must make my daily quota of biased anti-MS attacks despite the evidence to the contrary." Glad to see the status quo is strong on
So you're saying all I have to do is install one of those screensavers shrouded in four web-site redirections and I can sit back and wait for some pirate in The Phillipines to jack all the 1337 w4r3z and pr0n for me?
Dude! This is better than PointCast **AND** Kazaa -- The stuff just shows up! It's like subscribing to the FBI files-you-shouldn't-have mailing list!
Spyware and viruses r0ck!
"Lawyers are for sucks."
- Doug McKenzie
There is a technical writeup here:
http://www.lurhq.com/migmaf.html
Mirror: http://www.joestewart.org/migmaf.html
This is terrible.
They put all that porn on my computer, and I don't even get to see it?
Ooh, a sarcasm detector. Oh, that's a real useful invention.
More than a thousand unsuspecting Internet users around the world have recently had their computers hijacked by hackers, who computer security experts say are using them for pornographic Web sites. The hijacked computers, which are chosen by the hackers apparently because they have high-speed connections to the Internet, are secretly loaded with software that makes them send explicit Web pages advertising pornographic sites and offer to sign visitors up as customers. Unless the owner of the hijacked computer is technologically sophisticated, the activity is likely to go unnoticed. The program, which only briefly downloads the pornographic material to the usurped computer, is invisible to the computer's owner. It apparently does not harm the computer or disturb its operation. The hackers operating the ring direct traffic to each hijacked computer in their network for a few minutes at a time, quickly rotating through a large number. Some are also used to send spam e-mail messages to boost traffic to the sites. "Here people are sort of involved in the porno business and don't even know it," said Richard M. Smith, an independent computer researcher who first noticed the problem earlier this month. Mr. Smith said he thought the ring could be traced to Russian senders of spam, or unwanted commercial e-mail. By hiding behind a ring of machines, the senders can cloak their identity while helping to solve one of the biggest problems for purveyors of pornography and spam: getting shut down by Internet service providers who receive complaints about the raunchy material. The web of front machines hides the identity of the true server computer so "there's no individual computer to shut down," Mr. Smith said. "We're dealing with somebody here who is very clever." By monitoring Web traffic to the porn advertisements, Mr. Smith has counted more than a thousand machines that have been affected. The creators of the ring, whose identities are unknown, are collecting money from the pornographic sites for signing up customers, the security experts say. Many companies play this role in Internet commerce, getting referral fees for driving customers to sites with which they have no other connection. The ring system could also be used by the hackers to skim off the credit card numbers of the people signing up, said Joe Stewart, senior intrusion analyst with Lurhq, a computer security company based in Myrtle Beach, S.C. The current version of the ring is not completely anonymous, since the hijacked machines download the pornographic ads from a single Web server. According to the computer investigators, that machine apparently is owned by Everyones Internet, a large independent Internet service company in Houston that also offers Web hosting services to a large number of companies. Jeff Lowenberg, the company's vice president of operations, said that he was not aware of any illegal activity on one of his company's computers but said that he would investigate. Mr. Stewart said the ring was most likely a work in progress, and that flaws, like being tied to a single server, would be eliminated over time. He said the ring was troubling not just because of what it is being used for now but also because of what it might be used for next. "This system is especially worrisome because they have an end-to-end anonymous system for spamming and running scams," he said. "It's not a far stretch to say that people who are running kiddie porn sites could say, `Hey, this is something we could use.' " The computer ring is the latest in an evolution of attacks that allow creators of spam and illicit computer schemes to use other people's computers as accomplices. For several years, senders of spam have relied upon a vestigial element of the Internet mail infrastructure known as "open relay" to use Internet servers as conduits for their spam. As network administrators have gradually shut down the open relay networks, spam senders have used viruses to plant similar capabilities on home and business computers. But this appears to be the first viral infection to cause t
... signals the final, terminal irrelevance of Slashdot.
At least it's still sort-of related...
Once we start seeing things like "MS kills babies" attached to a story about farming equipment, then I'll worry.
Dumb comments about how awful the NYTimes registration is should be filtered.
If you actually read the article, you read:
The rogue program does not affect the Apple Macintosh line of computers or computers running variants of the Unix operating system.
OK, so that leaves what? Windows, OS/2, and a few oddities. And the only likely one of those, the only possible one is Windows.
So, Windows is there, but the NYT went out of their way to *avoid* mentioning it.
But is it worth giving up Linux to run Windows so you can claim to have been vulnerable?
...just possible that somebody could install Linux without all the proper security safeguards and have their machine opened up to this type of attack?
It's not only possible, it's happening. One domain using it is seductionissimple.com. You can check news.admin.net-abuse.email and alt.spam for details; basically the domains are rapidly changing between different DNS servers and web servers, all of which are trojaned PCs.
So instead of their normal scare-mongering by involving terrorism in any way possible, they are now suddenly switching into scaring everyone by mentioning kiddie porn instead? Wow, such diversity! Next thing you know NYT actually becomes a good source of news with facts and interesting content without a "we will spam your ass off" scheme! Maybe right after DNF is released...
Hate me!
"Here people are sort of involved in the porno business and don't even know it," said Richard M. Smith
Life moves pretty fast; if you don't stop and look around once in a while, you could miss it. -FB
The article makes a good point about unwitting hosts participating in world-wide spamming. A host that is insecure can become compromised by an automated worm or mailicous attacker and then configured to relay junk mail.
As a system administrator this worries me. Typically we use blocklists for netblocks that are known to be sources of spam. But when a random internet host is compromised and used as a mail relay, this slips past our blocklists (for a while).
The moral of the story is that computer security and spam fighting go together. Though average users don't get the point, it is every internet user's responsibility to keep their host secure both for their own good, and to be a good neighbour.
Finally, though Microsoft is not mentioned, people might start to understand what a monoculture of poor quality software enables.
I blame K & R for writing such a fundamentially broken language in the first place.
DrLunch.com The site that tells you what's for lunch!
I second that notion.
Username: nopass Password: nopass
--
I agree - if ISPs would simple require, as a term of service, that users keep their machines virus free (by whatever means the user sees fit), and immediately disconnect anybody who fails to do so until they correct the problem, then many of these problems would go away.
However, the legions of Dr. Spock raised little brats who were told since childhood "Do whatever you want, because to deny you your right of freedom of expresssion will turn you into a homicidal maniac" you have just threatened everything they hold dear.
If you want proof, look over some of my older postings, and the flamings I've received.
www.eFax.com are spammers
So if someone is caught with p0rn on their PC (ie: kiddie porn), does this mean that the virus could *potentially* provide a "reasonable doubt" about that person's guilt? Sure seems like it could...
Items like this seem to be happening more and more frequently (spyware, viruses, etc) and I am wondering what the impact will be on the legalities involved. I mean, in the old days, I controlled EVERYTHING that came into and out of my PC -- now, that has changed and there may well be things hiding on my PC that I am not aware of. I do my best to administrate properly but I don't know everything and I am certain that Joe Sixpack knows even less than me about his machines.
Food for thought...
Beware of the tool talk. A computer is a device, and as this article already illustrates, this DEVICE can perform actions without you knowing. It will continue to perform these actions when you are not using/operating it.
Tools such as a pen or a screw driver work ONLY when you are using it. A screw driver does not screw a screw and cannot stab someone without a person operating it (and hence a TOOL).
The point is devices are inherently more dangerous than tools. One has moral agency over tools (again: stab or screw, its all up to the operator), one has much less control over a device. Which is EXACTLY why people should be educated on how to use and control these devices. While not having moral agency over a device, one most definitely carry partial responsibility for activating a device.
or hey you could just use this one: user: slashdot_rules pass: slashdot
Simply click the link. When the NYT site asks you to register, replace the 'www' in the url window with 'archive'. The site will error out and drop you into the front page.
Thank you, drive through...
were going to get into the back-orifice type business for the money, instead of the litterally giggling children we have doing it now for laughs.
This ain't over yet - and what do we NOT know about?
It's Christmas everyday with BitTorrent.
It was about ten months ago that I first saw trojaned/hacked machines used as the webservers for the "extrarape.com" porn spam domain. No one will host the nameservers used to access trojaned machines, so alerting the hosts for the nameservers took it down. About a month ago he came back. Alerting the hosts of the nameservers worked again.
One only needs one working nameserver in the root servers to send victims on to the trojaned machines which serve as the webservers. Abuse desks are busy. Hey! Suppose we can find a registrar who will enter the IP addresses of a new set of four trojaned machines every day! Of course, one needs a registrar who, when informed of this, declares it to be perfectly legitimate since they are not hosting the porn site.
He came back about two weeks ago running both the websites and nameservers off trojaned machines.
Lots of info on it in news.admin.net-abuse.email and some in alt.spam.
I wish I could give the hostname/domain name which is working today. Check the nameservers *listed in the root servers* for seductionissimple.com and seduceherfast.com. Then get a reverse lookup on the IP address of the nameservers. I get two ShawCable, a RoadRunner, a cable.rogers.com, a client.mchsi.com, a client2.attbi.com, a bellsouth.net and one with no rDNS which is in Korea. The nameservers listed in the root servers were all different yesterday. Now who changes the IP address of his four nameservers every day?
Unfortunately, the hostnames, www.seductionissimple.com and seduceherfast.com do not resolve at the moment (yesterday they did, to different IP addresses every minute or so, all on trojaned machines - many of them on AOL). Has the publicity gotten to him? Is he having problems? You can check what registrar was willing to submit the IP addresses of trojaned machines after having been informed of what is going on.
But, there are trojaned machines out there being used as nameservers and webservers by spammers. For this spammer, the webserver was tiny (a page or so) and sent you off to somewhere else to signup for whatever.
Or at least not modded up.
[SIG] It's like putting a moose in the blender -- a recipe for disaster!
Microsoft to blame for kiddie porn, idiocy. Film at 11.
If you were blocking sigs, you wouldn't have to read this.
Flame on if you like, but it is quite common for these sorts of things to happen on Windows boxes, and not on Linux boxes, due precisely to the monoculture and the flawed default security model of Windows (actually a number of different flawed models in Windows OS and apps).
Perhaps you could clarify how the comment in this instance was not appropriate. The GNU/Linux default security model that my family run all their machines on does not run arbitrary software with elevated privileges as Microsoft does. It never has. And it is not such a monoculture, resulting in being less susceptible to attack.
These are attacks I have never had to worry about. A neighbor, who typically runs Linux with no breaches of security, tried putting up an IIS server just once to see how it compared, and it was owned by hackers within 15 minutes.
Sure there could be an increase in real security incidents some day with Linux, but not before there are far worse problems with existing Windows platforms (until there is much change to Windows).
Perhaps there just needs to be a windows-only section of Slashdot, so that Windows users can discuss these problems which are less relevant to the rest of us without feeling continuously picked on due to the technical problems with their choice of an OS.
We now seem to be pinning child pornography onto Microsoft. I think second to spam 'security warnings' from people trying to further their career, or flog software is my current internet pet-hate. If you run a recent version of windows, own some antivirus software and set them both to auto-update 99.99% of all this crap just isn't going to affect you.
If you register online to read a story, their spybots automatically pin down your location using an algorithm based on the well-know scientifical principal that YOUR COMPUTER IS TRANSMITTING AN IP ADDRESS! Using this "IP ADDRESS", they can scan MSN mapquest and find out where you live. Once they have that information, it is a simple matter to send a priority override to point the NSA mind-control satellites (when they're not otherwise busy zapping agriglyphs into English wheatfields) at your house to read your mind. Then they steal your precious intellectual property, which they license to SCO!
Sorry for yet another post, but something possibly interesting... The whois records for the powermailing.biz domain are registered to an address in Argentina... (http://www.whois.biz/whois.cgi?TLD=biz&WHOIS_QUER Y=powermailing.biz&TYPE=DOMAIN&Search=Submit+Query )
I wonder whether this has anything to do with Superzonda...
http://news.bbc.co.uk/1/hi/technology/3036092.stm
people might start to understand what a monoculture of poor quality software enables...
So, you'd be happy with a population made up of 50% MS and 50% UNIX variants?
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Slashdot moderators seem to be affected by the aforementioned blindness, as well..
I worked tech support for an ISP for several years a while ago, and when products like ZoneAlarm started making their way around it was no help.
Even other tech support people came to me everytime a port was scanned, or anything showed up on it. Then those tech support people recommended it to their callers, and the problem got worse.
Of course, 99.9999% of these scans/hits/etc were not attacks and were just routine net traffic. The personal firewalls just builds paranoia of something they don't understand.
no comment
You can always add the Blitzed Open Proxy DNSBL to your mailer configuration, check out http://opm.blitzed.org/.
Hackers from the former Soviet Union have been linked to several schemes, including extortion attempts in which they threaten to shut down online casinos through Internet attacks unless the companies pay them off.
\begin{sinister Slavic voice}
You must pay one gazillion dollars to my PayPal account immediately, or I will post a link to your site on Slashdot.
\end{sinister Slavic voice}
P.S. I happen to be a hacker from the former Soviet Union.
One of the sites I created a while back was a mod site for NwN, I had it hosted by a company Called XO Communications since I didn't have a fast connection at my house. After getting a little notice from the NwN community I of course started getting spam - however I also started getting these weird emails from people saying they would sue me for sending them spam. I didn't know what was going on until I got 15 bounced emails from yahoo saying my messages were undeliverable. I hadn't sent the message and I had no idea who the recipients were. I contacted XO and they told me "Yeah this happens occasionally there really isn't anything you can do, but we have proof that it's not from you so don't worry about getting sued."
Well I didn't appreciate that responce so I changed hosts I tried icestorm and I tried globalhost it would be fine for awhile then it would start again - the more traffic I got the more of a pain in the ass it became to explain to people that I was sorry for something I wasn't doing.
In the end I just stopped caring, unless I ever get a fast enough connection at home to host the site myself it looks like this is somethign that will just happen. And as an end-user I have no control over the security of the website since it is my hosting companies responsibility to lock there shit down. And everyone I've tried seems to have the same responce "well its easy to fake where email comes from, sorry your shit out of luck in having people confuse you with ass holes"
Ave Molech Setting
It's time to license email servers. Strictly as an opt-in arrangement, whereby if you operate an email server on the internet you will voluntarily only exchange email with other licensed servers and refuse connection for all unlicensed servers. Everyone who agrees to play by the rules gets to enjoy the usefulness of email, if you don't want to play by the rules, then you get ostracized by the community... simple as that.
Townshend escapes child porn charges
"After a four-month investigation, London's Metropolitan police said that Townshend "was not in possession of any downloaded child abuse images," but had accessed a site containing such images in 1999."
oh and just in case cause I know someone will say this otherwise, all the hosting plans I went with WERE the Linux hosting because when I first did the site I was using PHP and MySQL and apparently MS Hosting plans don't always include that.
Ave Molech Setting
The biggest difference would be that instead of millions of run-off-the-mill configured-the-same-way insecure-by-default multipurpose Windows boxes we would have millions specialized Linux appliances - media players, media servers, write-a-doc laptops, etc.
Linux is all about diversity and being able to throw away what you do not need and build what you want.
The end result will be much more secure.
I cannot speak for later versions of Windows since I stopped using them, but I never saw a version of windows that does not force you to completely log off and back on to access privileged functions, encouraging people to run with privileges on all the time, because they cannot just enter the password for privileged activities. Su does not exist, nor does sudo.
Most other modern versions of OS's are significantly better (Lindows early versions were an exception). Just having su and sudo is much better.
OSX has no root enabled by default, and relies on sudo to limit elevated privileges to single operations.
GNU/Linux/XFree86 systems typically give warnings when the user logs in to the window manager as root, give a limited environment with a red background, etc., and on the other hand make it easy for the user to run without elevated privileges most of the time.
And the monoculture is also inherently less even if everyone were to use Linux, because the licensing allows significant derivitive / deviant branches.
Claiming that Linux would be no better if it were as successful as Windows ignores facts.
This is just the tip of the iceberg. I have been on an email team faced with the question, do we allow contents to auto-execute, which actually thought about the problem before blindly implementing it, unlike Microsoft.
or was i the only one who was remined of Agent Smith by "we are dealing with some clever people here"
Dipwad. Government CAN'T crack down on open source software. America ain't the only country you know. Yeah, the US might crack down on something, so to speak, but they would have to succeed in shutting down all the kernel mirrors and then effectively make all ISPs censor where their firewalls will let you go to.
Get real.
We're not austrailia YET.
"One of the sites I created a while back was a mod site for NwN, I had it hosted by a company Called XO Communications since I didn't have a fast connection at my house. After getting a little notice from the NwN community I of course started getting spam - however I also started getting these weird emails from people saying they would sue me for sending them spam."
The problem you're having is that your email address is being picked up from someone else's address book (or your address appears on a webpage they've visited), and is then being used as the from address in the Spam.
Changing hosts won't help you, in fact your host is irrelevant, it's the availability of your email address that causes it. I've had a few of these bounces because my email address is listed on my website. I never get them for my private address, just the public one on my site.
US Democracy:The best person for the job (among These pre-selected choices...)
Cool! Thanks for the tip. That's one less place that will sell my personal inf, and flood my inbox with spam.
Ever hear of load balancing? Microsoft allows users to load balance over many hundreds of machines? Can your precious Linux do that?
Perhaps it's not the poor quality software so much as the marketshare of the target os? If you write a spambot for an OS with smaller marketshare, then you've already limited your possible penetration to the insecure boxes of a smaller base. If every Apple on the internet was insecure and infected would that be higher or lower than (let's say) 10% of Windows boxes on the internet?
What channel is it on?
I have been registered to NYTonline for several years, and I have yet to recieve any spam from them. I won't vouch for the quality of their articles (even though I read it everyday), but if you are getting spam, it isn't from the NYTonline
omitted mention of Linux. That way, users who are not tech-savvy can't be sure that Linux is safe.
Sounds to me like they were completely fair. Of course that's not a journalistic conspiracy involving Microsoft and the NYT. Could not happen, categorically impossible. I never gave it a second thought. Our journalistic 5th Estate is as honest as our courts and our politicians.
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
What I want to know is what can we do about it aside from choosing another site to get our news from? How can we get our issues to the people they need to. Does CmdrTaco really care if there was MS Flaming in the summary? No, he probably likes it, because guess what, it means more comments. Which in turn means more eyeballs on the ads, which in turn means more money from advertisers.
The quality of this site has been going to hell lately, and everybody bitches and moans about it in the comments, but guess what, NOTHING gets done about it. How can we change that?
Buy Steampunk Clothing Online!
I'm really disappointed that the press simply lumps all incidents like this into "computer" problems. They are problems with specific software packages and how the systems are managed.
We are never going to get to the point where people shop for systems based on the quality of the software or gain an appreciation for secure system management until articles like this bring those issues to light. If noone knows there are choices, the general public will continue buying the same old stuff.
Quite novel to call the article itself off-topic so you do not have to discuss what the submitter clearly wanted to discuss as part of his submission.
And according to you, AC, an "actual discussion" must religiously ignore Microsoft-related causes of the problems even if they are the result of undefendably-poor product design with respect to security? At least you correctly mark yourself as a -1 MS Fanboy (Troll).
I invite you, again, to explain how you think it was off-topic and out of bounds.
Discussing percieved or real causes of the problem is clearly on topic for those not religiously opposed to such, as you seem to be. It suprises you that people here are not msbots? Perhaps you thought you were on MSDN.
OK time to jump on the bandwagon...
Kiddie Porn sucks
Microsoft sucks
Shitty software sucks
but quality porn rules!
If I were one of the people who's pc was used for this purpose and found out who was doing it I wouldn't sue, unless it was kiddie porn. What I would do is request a year's free access to "Plumpers and Dumpers". In case you didn't know it really is the source of the other white meat!
After viewing my comment scores yesterday I think I've coined a new term for slashdot if it hasn't already been said.
I "hit for the cycle" yesterday. That means I had a 1,2,3,4, & 5. Single, double, triple, homerun, and the fist. I am very overwhelmed at this moment so I most get a hold of myself...on second thought if I get a hold of myself at work I might get in trouble:D
You aren't free to do anything, until you've lost everything.
To bash in Microsoft OS, use .bat files.
Or Cygwin--but then, you're just emulating.
"Reality is that which, when you stop believing in it, it doesn't go away." - Philip K. Dick
My advice is by stock in Symantec, they will take over the industry eventually and become a sort of Pinkertons to the computer industry. You will need always need them to ride shotgun if all you use is MS certified people.
OH THE SHAME I fell off the wagon and use sigs again!
Nobody is responsible for anything they do. Anybody who wants to hold them responsible is an authoritarian crypto-fascist bastard to be flamed into oblivion.
,besides it's Microsfts' fault!
You forgot the most important part of that statement
Why do people link to silly login pages?
Can't you either take a copy of the article, or provide some way to get the article without registering or looking around for a username/password to use? If the owner prohibit copying, then find a similar article somewhere else, and link to that. If you *must* link, then at least include a warning that this is a silly login page, so I don't go there by accident, and include a working username and password with the link.
Thanks.
At work I use a PC running Windows (2000 and now XP). I am not the systems administrator, or anything near, so we tried to get by without me having administrator priveleges. As a result, the programs I was trying to use to do my job did not run properly. That is among the reasons people log in as administrator all the time.
Starskita
!
I was getting ready to write up a response to the original post and you saved me the effort. That was quite insightful and I hope you get modded up accordingly.
... and after reading yesterday's comments I guess I don't have a lot of faith that this will happen any time soon...)
Just because the average Slashdot poster has a server closet with wires running everywhere and makes a point of downloading the latest patches and sees that the sky is falling when it comes to "casual users' attitudes towards security" -- doesn't mean anything will or can be done from this direction.
Do you have the latest console import before everyone else? Do you have the latest (insert obscure band name here) import? Can you modify the fuel injector in your car? Do you know all the lines in each episode of Friends? Do you know everything there is to know about wine? What about the NBA?
This attitude that the elimination of lusers is a shining grail for us all reminds me that Slashdot isn't really a collection of smart people connected with technology; it is a niche group, just like NBA junkies, wine snobs, Friends fanatics, motorheads, groupies or video game junkies. There is nothing wrong with being a member of these groups. You just need to rememeber that you are part of a niche and the world will never come around to seeing things your way. The self-righteous attitude that comes from members of a clique when things aren't going their way leads to hackneyed movie plots ("Revenge of the Nerds") or tragedy. But it doesn't usually make for good policy.
There are more than a few smart people in this niche group that is Slashdot. Some of them, like darthtuttle (excellent post, again!), appear to understand that we need to make technology usable for the masses. If that means that there are gaping holes in security, perhaps it is up to us to fix it? (Of course that would mean doing things "Correct and Proper" not "Quick 'n Dirty"
I would have to say that explosives are the most abused technology in all of history.
I guess it wasn't your day. But the bright side is that the weekend is nearly upon us, right? Take care.
It's not known yet how this spreads. For all you know, it attacks Mozilla or MySQL.
But, oh I hate M$. Bill Gates ran over my dog. VBScript makes me mad. etc etc etc.
Yessir, it's the online axis of evil.
Porn, spam AND hijacking.
But what's with this 'could be used for kiddie porn' comment. I have a shovel in my closet. It COULD be used to whack someone over the head with. Dosen't mean I've done it. Hell, my printer could be used for printing kiddie porn.
___
It's the end of my comment as I know it and I feel fine.
I know what we should do. Everytime any person submitts an article, regardles of the topic, just add a little bit of M$ flame bait to it. Eventually michael will get so inundated with M$ bashing comments, that eventually the comments will lose the appeal. Who's with me!!!
I want to drive my car to work, you're right. I shouldn't need to know every single component and how it works. I don't need to know the tire pressure. I don't need to understand what the gas guage is for or what the speedometer indicates. I ignore the little blinking red lights, too.
Oh - wait - no, I don't. A car requires a lot of upkeep if you want it to work properly, just like a computer does. I have to change my oil every three months (patch the OS), fill up my car with gas every week or so (update AV software), and need to get it inspected every year (reinstall Windows :)). I also need to watch for any error lights lighting up on my dash and need to take action based on them. (Answering AV software alerts?) If it breaks down, I take the car into the mechanic. He knows far more about cars than I do and can fix it properly and safely.
Why should a computer be treated any differently from a car? Because people have been told that computers are "smart" and are only slowly beginning to learn the horrible truth - they aren't. Computers are dumb. They do what they're told, even if it's harmful, even if it wasn't what was meant (Do What I Mean!). They require constant checkups to ensure that "what they are told" is as close to "what they are supposed to do" as possible.
Computers require upkeep, just like cars. Just like cars, doing the upkeep prevents your doing what you actually want to do - and just like cars, regularly maintaining your computer helps to ensure smooth operation.
You are in a maze of twisty little relative jumps, all alike.
you are basicly correct. you don't know how a car works. it just runs.
but you left out the rest of it. when the car doesn't work, it needs to be fixed. and if you don't have the know-how and tools to fix it, you take it to someone who does and you *pay* them to fix it.
there are issues here about reliability and stuff like that, but when it comes right down to it, you don't have to know anything about computers, you just have to pay to fix them/make them work.
eric
.. are probably avid porn surfers and got
infected while watching some hardcore-action.
it might go unnoticed..
After 20+ years someone finaly found a good use for a MS-Windows machine!
-- Many men would appreciate a woman's mind more if they could fondle it
4) Those who are not aware of the problems, but would do something about it were they aware of it.
That you didn't see this group only means you belong in the group of people whose head is vaguely associated with more assinine features of your body and therefore are unable to see that there may actually be a *reason* for bringing such problems to light in the world.
If we don't talk about these problems, they don't go away.
Microsoft is a company who *does not deserve* its current position, on the basis that through its inactions, self-serving deployment of technology, and erroneous decisions, it has allowed such crimes against society as mass computer-hijacking for kiddie porn propagation.
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
Each state requires the driver some working knowledge of the car, the rules, general courtesy and judgement concerning its use. Whether drivers are or whether they adhere to them is a different story. I pondered this idea at length in the past to discern the problem with drivers on the road today (you know what I'm talking about).
What I concluded was based upon evidence of existing processes I see today. Gov and industry work together to provide products to the MASSES, hence improving economy. This produces recursive benefits for everyone. However, we can not promote this industry without limiting the number of incidents, including accidents and malicious actions since incidents work against the confidence of purchasing and using cars. Hence gov (and insurance companies get a piece of this) institute laws that improve confidence in products, services and practices. However, measures to ensure safety work also against industry.
Consider this: If we were to raise the bar on driver's exams to permit only the most capable of drivers (in my dreams), the industry would suffer to lost sales from incompetent drivers. So there's a fine balance in what govs and industry will consider is "acceptable losses" to maximize the sale and use. I don't think I would be far off the mark to suggest that the regulations are set with the economy in mind, and more importantly the pockets of politicians. This is what I surmise as the reason why [1] the driver's license exams are a joke [2] there's an abundance of idiot drivers risking people's lives everyday.
Unfortunately, the same can not be concluded with computers, since the confidence to buy and use a computer is impacted at a smaller rate than a requirement for a license would be. The consequences to poor use of a computer is less than lethal. If no license were required to drive a car, and (reasonable assumption) this leads to a vast increase in accidents I may stop driving, and never purchase another car. No license exists today for computers (and idiots abound) but it will not deter my purchase and use of computer equipment.
Hope this gives you food for thought.
"Last one in is a rotten goblin!" - Kepp
I've been seeing side effects of this. Random mailblocks come and go on dynamically assigned IP addresses because they've been transiently used by some spammer.
Most large ISPs already do require you to keep your computer secure, but they haven't gotten to the point of penalizing offenders (yet). Check this little bit out in SBC/Yahoo!'s TOS
I don't read this as requiring people to keep their computers secure... this reads like a CYA for SBC/Yahoo... basically, if you get hacked/backdoored/infected with virus-du-jour, you can't sue us. It could possibly be read as, if you get prosecuted for spamming senators with kiddie porn because your computer got backdoored into an open relay, we (SB/Yahoo) aren't liable for that, either.
Ita erat quando hic adveni.
I've done some snooping on the machines that have been used to spam me - all of them were Windows boxes, which was initially a surprise. Some of them allowed passwordless access to their hard drives (thanks MS for the defaults :) ), and every one of them I had access to had AnalogX Proxy installed. The rest that I could not access had proxy ports open. The vast majority of the spam hosts were in Brazil.
I'd like to kick the authors of AnalogX in the jimmy for leaving their system wide open. Who's with me?
Seriously, I didn't expect this - now Sun is in a position to stomp on 'em for IBM.
This sig no verb.
If the average user had a Palladium type computer, than end users could be protrected from things like this.
Yes, they are covering their ass, but this kind of language wouldn't have been there two or three years ago. I find the fact that it is interesting.
US Democracy:The best person for the job (among These pre-selected choices...)
A computer is not merely a tool, it is a way of life! A Taxi driver will say the same thing about the car being driven to make a living! Tell the Alpha Troll that his Alpha computer he gave 10 pints of blood to purchase was to be used and tossed aside...I will not tell him where you live. Look, kitten, some people want to take advantage of what technology has become, while the people that work with that technology daily would like to make the most efficient use of it through its well-maintaned half-life. The people that work with such subjective technology are the ones that often evolve the industry to a perfection, with exception to those dorks that paint flames on the sides of their cars and the dorks that mod the fuck out of their computers with fans and heatsinks and neon lights and testosterone-enamel.
The only people that can agree mutualy on respect for a given thing is Nuclear Physicists and Omnivorous people; they both respect the molecules that compose their soup and salad.
Have I earned +5 Funny?
More to the point, are you suggesting that there are thousands of computers running Amiga, Commodore, Atari ST, BeOS, AtheOS and/or OS/2 with high speed internet connections?
More specifically, are you suggesting that there are thousands of computers running Amiga, Commodore, Atari ST, BeOS, AtheOS and/or OS/2?
Even people that do this for a living let things slip by.
How can you expect a non techie to keep up with the constant technology changes and vulnerabilities..
How about move the issue farther upstream, ISP's can monitor for strange traffic and notify their customers.. If a home user suddenly spits out 10,000 emails, that might be a clue that something is amiss..
Not talking about making the isp responsible for fixing, but asking them to monitor isn't out of line, and it helps keep the garbage off their lines.
---- Booth was a patriot ----
This is the guy whose signature reads "Friends don't let friends install M$ crap"? Whose whole existence and reason de'tre is to make bogus claims and lame jokes against and about Microsoft?
Yeah, I though so.
You got it! It's a conspiracy paid for by "M$"! Wow, you're a smart one. I appreciate your catching that, else I would've been completely and totally brainwashed. Damn double speak.
because a turn signal stick does one thing, it operates a blinking light
well mr. smarty, you are wrong. a turn signal turns on a light that blinks AND turns off a light that blinks. That's two things.
Is the problem just one of your e-mail being harvested off the webpage(s)? If so, try this:
<script language="JavaScript">
function writeAddress(name, domain, msg) {
document.write('<a href="mailto:' + name + '@' + domain + '">');
document.write(msg);
document.writeln('</a>');
}
</script>
Blah blah blah
<script language="JavaScript">
writeAddress('mymail', 'nospam.com', 'E-mail me!');
</script>
Now you've produced a document which displays links to e-mail addresses, without specifying any easily-harvested e-mail addresses in the source of the document.
!#@%*)anks for hanging up the phone, dear.
I kid you not.
Mass-mailing software is responsible for spam. Who would've thought? Seriously, you should blame the developers of the mass-mailing list software for not producing a database to keep track of responses to the mass-mailing and allowing opt-out subscribers. Well, I know most of you are smoking crack, but wait jus a minute for the last point I shall make... The elite spammers are both the devlopers of their mass-mailing software and they are the self-pronounced spammers!
Microsoft Outlook (eMail client) is used the majority of time in..you guessed it..spamming a mailing list. Ask yourself, why hasn't Microsoft made any provisions against this? Why hasn't Microsoft prevented eMail virii (external programs) from indiscriminatly reading (stealing) eMail addresses? Why hasn't Microsoft prevented authoritative eMail peers to respond to eMail to have Outlook remove their eMail address of the spammer's mailing list? One reason...Microsoft will lose market share. Period.
Outside of Microsoft, we have various opensource mass-mailing lists. I know majordomo is for mass-mailing, but since it is opensource it can be modified to wreak havoc on people. I know procmail can be used for mass-mailing, is opensource, and can be modified to wreak havoc on people. So much can go wrong with software and it is too difficult to reveal the *intent* of someone using eMail. It's almost as-if the spammers don't even use the opensource software however because most spam is being sent by Microsoft Outlook in its virus-infected or non-virus-infected spamming missions. What does this mean? Sending spam with easy-to-use software on Microsoft Windows is prefered.
Ladies and Gentlmen, start your engines...Microsoft is the key to the problem.
Fair enough.
But the real problem from the spam point of view is the negligence of consumer broadband ISPs.
Dialup pools block outbound port 25. Why can't attbi.com, comcast.com, and rr.com get their acts together too?
At present, 12.0.0.0/8, 66.0.0.0/8 (fuggit, I'm lazy!) and 24.0.0.0/8 produce nothing but spam, and I block 'em wholesale.
You wanna run an MTA? Fine - smarthost. The 90% of Windoze luzers with SoBig.* and 9% of 0wn3d Linux boxen don't belong on the 'net, and IMO the ISPs where these boxen reside are criminally negligent in not blocking outbound port 25 traffic to anything other than the ISP's outbound mail server.
Ease of use, Remote administration, blah blah blah.
If Microsoft focused on shipping their product so that a base install was somewhat hardend as opposed to lighting up every service under the sun, having hidden shares enabled etc.. so the system is WIDE open maybe things wouldn't be this bad.
Sure, no OS is completely secure. And certainly whats secure today may not be tomorrow but and some point Microsoft needs to change its policy regarding this.
But, I am happy that Dell is taking the initiative to ship systems with a hardened OS.
Kudos to DELL!
How about legalizing system cracking? When peoples' systems are getting cracked left and right, maybe they'll insist on better software quality from their vendors?
They have a right to be force fed Hormel products until they explode like the Glutton in Seven if you ask me.
Or the one in "Meaning of Life"
Maitre d': Good evening sir and how are we today?
Mr. Creosote: Better.
Maitre d': Better?
Mr. Creosote: Better get a bucket. I'm gonna throw up.
It is easier to build strong children than to repair broken men. -Frederick Douglass
..poorly configured sendmail is also responsible for large amounts of spam.
/. , we cant expect any kind of objectivity on this subject.
Id say even more than any windows security problem.
But this is
Won't somebody PLEASE think of the kiddie porn!
- First they ignore you, then they laugh at you, then ???, then profit.
Back in '97 I worked for a now non-existant dot com. Back in those days I was a pretty hard core MS evangelist (hallalugha i've seen the linux light now)
/dummies. So whenever we logged into the sun we would be chrooted to /dummies and had no idea that we had been hacked. In the folder level above /dummies was his pr0n ftp site. It took the dev weeks to figure out that one. He would log in, try and try to make changes to the /dummies/etc directory which wouldn't stick because it wasn't the real /etc directory.
/etc directory, but by that time the damage had been done. Our T1 and sun had sent out over a million spams and served over 20 gigs of porn. Our company got owned.
I really wanted to implement some sort of firewall at my work, MS proxy server. Most of our executive and administrative staff was on windows, but our developers were all mac people, and they resisted hard..
One paticular dev was a mac/sun junkie. He went around like a drone (well, I was a MS drone so I guess it's like the pot calling the kettle black) telling everyone that my MS proxy plan was evil and how it would interfere with product development. Eventually he got my plan to implement MS proxy shot down, so there we were on a nice fat n juicy T1 line with absolutely no firewall or protection of any kind.
What goes around, comes around.
We started getting calls and e-mails complaining about us sending out pr0n spam. Turned out someone had been using the open relay on this dev's sparc II to send out his e-mail. Worse yet this hacker had somehow managed to root the box and in addition to using it as a spam relay, he had used it as a FTP site for his porn. The root account was renamed, and our entire directory structure had been copied to a subfolder under
Everything was fixed by dropping into single user mode and fixing the real
The executive team realized that the dev team would never let me implement anything. So they hired another admin with more of a unix background and he put in those little red fireboxes at each of our locations. After that we never had a problem again.
We expect our cars to "just work" but at the same time one has to have some understanding of the need to change the oil, and that the squeak coming from the brakes means that it is time to replace the pads.
There is a lot of maintenance work that requires driver attention and knowledge.
It is much the same with a computer. You may not have to know the internals of fixing it, but you should know enough to recognize that it needs servicing, and know who to take it to when those symptoms appear.
This archetypal spammer image will equate roughly with people's image of a hacker. And those weirdy beardy folks called RMS and ESR call themselves hackers. And so this Linux must be ... so that's what young Timmy is doing. Quick Al, call the police!
"It's not your information. It's information about you" - John Ford, Vice President, Equifax
Look, the people who are really interested in such filth don't spend their time trying to peddle it to the largest possible audience, as they could be traced and the book thrown at them. They swap it on private servers with passwords, firewalls and, almost certainly, as much security than your average e-commerce site. They're more concerned about *stopping* people from seeing it so they can carry on their nasty obsession without interference by the authorities.
The sort of stuff we normally get spammed with is 30-year old women with headbands and pigtails.
When I am king, you will be first against the wall.
You'd be familiar with the convention that the items in quotes are as the submitter wrote them. Michael has posted exactly what the submitter wrote, with no modifications.
/. reader and contributor is the flamebaiter for their writing, as much as you are for coming down on an innocent person.
In this case, the
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
We farm out our computation to users of operating systems which are not secure by default.
I hereby place the above post in the public domain.
I dumped M$...
Not only do I advocate Linux to friends, family, and associates, I've accepted Linux as my new religion. I've read the GPL and accept it as a holy document.
Linus Torvalds is the high priest of of the First United Church of Linux.
Finland is Mecca...
It would be nice if something like Bittorrent could be harnessed to make this type of system work in an opt-in manner, where a user's browser cache of a website, combined with an application, becomes a hosting node for that website, and the web servers keep track of who is caching for the site and randomly redirects traffic to the many nodes. The more popular your site becomes, the less likely you're actually serving up any pages!
# Erik
"Run As" is a half-assed implementation of the concept of the sudo command. It only works with executables (so if you need to, say, run a batch file with elevated priveleges, forget it) and some installers I've tried using it with simply puke and tell you that your priveleges are insufficient.
Granted, this could be a coding defficiency on the part of the software's authors, or simply "growing pains" from the idea of RunAs being so new (to Windows, anyway) but it needs to be, well, more "sudo"ey... If that is a real word.
Who did what now?
In some ways, the OP has a point though. If the intention is to get rid of sites that require you potentially open yourself up to spam, the anything linking to the NYT should be filtered.
Now, I know it's ridiculous because the NYT is easily spoofable, but one day, they may not be.
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
well.. except for the obligitory 250-1001 times on /. =)
You're both wrong, a turn signal stick turns on AND off EITHER the right OR left light that blinks, that's technically four things.
Also, my turn signal stick (Toyota Camry) adds the additional functionality of turning on/off my highbeams, as well as turning my lights from DRL off, to DRL, to parking lights, to headlights.
We just THINK it's simple because we've been educated about the use of the stick and it's been simplified down to the level that, well lets face it, stupid people can understand. My friend rebuilt and drives a 1944 jeep, to turn on his windshield wipers, he needs to manually reach and turn on one motor, then reach over and turn on the other motor. The turn signal mechanism was broken, so in order to have turn signals, he installed two toggle switches, one for left, and one for right.
Cars have made leaps and bounds in UI, imagine if everyone drove that '44 jeep how many people would be driving around with a turn signal constantly on and one windshield wiper. This is an element in which the computer industry is almost completely lacking. The problem is, the people who develop the software, are nearly all familiar with the workings of computer software and therefore end up developing user interfaces that are perfect for...THEMSELVES. Not that every developer is selfish, not that these interfaces aren't good, and not that there aren't some companies who take into account HCI and UI. It's just that the common person can't grasp such concepts (yet, hopefully) as ".exe files as attachments from strange people are probably viruses" and "emails that SAY they are from Grandma might not actually BE from Grandma".
Now, to do a complete 180, I'm not saying that we should dumb down all user interfaces for the idiots. Just like cars, there should be options. For "power users" and the technologically versed, an options should be offered with a lot of flexibility, a lot of customizability, and the ability to do pretty much whatever you want. For the average user, and the idiots(millions) out there, an extremely simple interface which reduces functionality but increases safety, in effect making a computer ever closer to a TV with six buttons on the front, should be developed. If a large percentage of the people are only sending photos and possibly movies to Grandma, this program should then only allow them to view attachments that are...BINGO, photos and movies.
The point is this, the average computer user doesn't understand 90% of the functionality of his/her computer, and as such should not need to deal with that software. Just as the average car driver probably does not need to worry about shifting gears and therefore will be perfectly find with an automatic transmission, why not offer an automatic transmission for the computer user. For the rest of the people who are daring enough to tackle the computer equivilent of manual transmissions, not acquiring viruses and trojans should be easy.
Just imagine if, with no training, no licensing, no experience, no anything, someone threw a car in front of you with manual everything, and for shits and giggles, lets include no speedometer or tachometer, or even a fuel guage (do computers come with any obvious way for the untrained user to guage anything abou the computer?). The average person pretty quickly would figure out, OK, I sit here, and this wheel makes the car turning, but even something a simple as starting the car would confuse them, as does starting a computer for many first time users. In many ways, we've improved, now you boot a standard windows, linux, or macOS machine and you're taken right to a GUI, one giant leap made by software/hardware manufacturers. In the "olde" days, command prompts, which aren't very intuitive to the average user were the standard, just as with manual "everything" to start a car you would have to depress the clutch, pump the gas (no fuel injection), an turn the key at the same time, then slowly release the clutch. Now continue the analogy with the car and you'll end
Let's get one thing perfectly clear, I did not vote for George W Bush, and I do not endorse what he does or says.
"
windows script-kiddie style :
download, feed result to IE component, print to textfile printer, harvest from result textfile.
No javascript will beat that without essentially breaking the link/e-mail address text.
Might even be a more direct way, but the data sent to printer drivers is always what is displayed on the screen.
-- semi off-topic
And 'nospam' links etc. are pathetic as well. A simple script written as a test harvests most of the obfuscated e-mail addresses in Slashdot threads.
Wonder if that should be publicized in the interest of research material and so that better obfuscation techniques could be used.
Or is security through obscurity better for Slashdot users' e-mail addresses ?
I want a new mod level, that can be used in place of M1.. "Descriptive Ultra-Mod", for use in those particularly obnoxious/trollish/flamebaitish posts. Mods get one of these per week, and results would be posted as a reply to the original comment. If someone gets multiple copies of this form on their comment, they are banned by IP, AC or no... *grin* Ah well. If only.
Hi
Hello again
This is another reply to lengthen the page.
Yet another.
Since Slashdot imposes a seven level nest, I must stop at this point.
Nah, just people who look at the fron page of that little known newspaper, the New York Times. Get real,
Second, people who did notice wouldn't know what to do to protect themselves (not supporting MS isn't an option for 90% of the computer users in the world).
With enough momentum, that will change. All you need for people to know are the disavantages of sticking with M$ and that there are easy to use alternatives. Microsoft's power is based on the false perception that there are no alternatives. I'm not sure why you think 90% of the world needs Microsoft Word or any of their other junk. My house has been Microsoft free for years and I'm much happier that way. So,
Third, was the comment necessary?
Yes, the comment was useful. "sobig" was mentioned as a possible cause of this new rash, so we know it's yet another MicroSoft Transmitted Disease (MSTD). Credit should be given where credit is due.
What did you want to be excused for? Did you fart or something?
Friends don't help friends install M$ junk.
With this new excuse comes a new plan...
:)
At work or anywhere you're not supposed to be downloading porn or other illegal stuff, just install a fake trojan of your own and secure it so it's not actually accessible to hackers. When you ever get caught just blame it on the hackers.
eTrade SUCKS
A virus and other such things follow a biological analogy. As viruses evolve, the host must evolve as well, or it will be wiped out, basic protection or 'isolation' from contamination is essential. The host for the virus will never be invulnerable, because the very functions that make it useful also makes it vulnerable, so if functionality and utility for the common user is sacrificed for theoretical protection it may be counterproductive. The computer with the most 'necessary' set of protections combined with the most needed functions will be the survivor, but primitive protection, such as turning the computer off, or having an offline floppy disk with sensitive data, may be OK security depending on the situation. Perhaps in some cases it is actually more efficient to be occasionally hacked or infected than to be extremely secure. It may be acceptible if I get hacked, or get a virus 5 or 10 times in my lifetime, if in return I can take off work early every third Friday in perpetuity because I leave without updating my security. Also, virus protection will not protect you from other fatal disasters such as hard drive crashes. I figure I can crash 6 times a year due to viruses and it would be just as efficient as keeping my security up to date, for non-critical systems.
Mathematically:
WIPE&REINSTALL&REBOOT&RECOVER = 4hr;
TIGHT SECURITY = 2+ hr per month minimum (24hr per year);
Over a period of one year TIGHT SECURITY = 6 WIPE&REINSTALL&REBOOT and at $100 an hour it is equal cost to throw the computer in the trash and buy a new one with new pre-installed software every 6 months ($1200 x 2 each) compared to keeping the old one up to date ($2400).
n/m
the OS that the article is referring to is NOT OS/2, Amiga, BeOS or any of the others. It is Windows. The systems hijacked are Windows system.
You say, [nothing ever changes] So, the whole "people might start to understand" bit is, quite simply, B.S...
Kind of circular, ain't it? Nothing changes because nothing changes? Group 1, if it exists at all, just shrank. Group 3, likewise shrank. Group 2 just grew. They have to be hiding under a rock to not get this one, "Evil Hackers can turn your Microsft PC into a kiddie porn server and you won't know till the break down the doors, trash your house and drag you to jail!". That tends to get attention, and now it's being demonstrated. Oh, but XP must be worth it, right?
Can I lump you into group 1, people who like their computers controled by others so much they are willing to pay big bucks and suffer unreliable system performance? I don't recognize Microsoft's derivative garbage as anything like influential.
Friends don't help friends install M$ junk.
Someone else has provide technical details. This is not run of the mill.
exploit a common hole in Windows, but to indicate that this is a symptom of Windows insecurity with insufficent evidence is unethical.
You can say that wihout laughing? I love you too!
Friends don't help friends install M$ junk.
Why don't you go back to your intersts, Interests: Space, music, psychological warfare and put up a firewall or something to protect your fine FrontPage work from evil hackers? I see your host runs Red Hat for you, but do you know what your home computer is doing for you?
Friends don't help friends install M$ junk.
You will get to see it when they use it as evidence that you possed and traded in kiddie porn. Where does your computer want to go today? It's not funny.
Friends don't help friends install M$ junk.
You forget to change your oil or transmission fluid, check and align your tires periodically, etc. and you will end up causing expensive damage.
Computer users need to do far less to maintain their pc's.
Actually, all of the functions pertaining to turn signal usage were meant to fall under the inclusive "operation." That is why I did not specify that it only turns a blinker on or off. In comparison, we were discussing email clients. Email clients allow you to operate email functions. There are hundreds of things you can do with email in most clients, but there is no reason to list them all every time you talk about "using email." You both missed the point entirely, the comment was not meant to be an exhaustive run-down of everything a turn-signal stick can do in a 1996 Chrysler versus Outlook 2002 XP -- damn --hehe. The point was static function systems versus dynamic function systems, and why it takes a lot longer to get a dynamic system "new user" proof.
V
Would an anti virus program and/or fire wall (I use Norton) catch/stop this. I manually ok all programs that try to access the net or act as server, but only if I know or can find out what the program is.
If you could reason with religious people, there would be no religious people
Funny thing is, it isn't about security most of the time. It is about stupidity. The people that are going to be effected by this are the same people that open all attachments on their email whether or not it says .jpg or .exe.
My girlfriend, who is actually a pretty smart girl, had REPEATEDLY installed viruses on my PC without knowing it. She sees pretty boxes and I tell her, "Honey, just "ex" out of it". She clicks "OK" instead. Oops she says.
This is mainly why I limit our email to the Mac, as well as chatting on websites. But the shit still makes its way through to her one way or the other.
Reformat again...
My point is, it is again, without failing, not really MS's or Vendor's problems. It is an end-user problem. They blithely accept any proposal that pops up on the screen. I know a few ways this porn thing has been propogating, and I can't do much when my GF decides to click OK on everything.
By the way, any of you guys using XP know how to get rid of "Net-less" pop-ups? My GF helped it outsmart me and I can't get rid of these things, which mostly advertise how to get rid of themselves, which is doubly annoying.
And the "boobs" icon on my desktop....haven't had time to mess with it, but it seems content to stay there, no matter how furiously I drag and drop it onto the recycling bin.
Oh yeah, and I know this porn thing is a windows script mainly because the radio I heard this from SPECIFICALLY said: "And this ----- does not effect the Apple Macintosh line of computers at all." And you know the media; they don't even know Linux exists yet.
------ = Whatever they called it (Virus, problem, etc.)
I got nothin'.
why dont they just put a EULA on a virus...
Do [most] people actually read them?
Do [most] people instinctivly hit ``I Agree"
Perfectly Legal...
oh wait.... Microsoft allready did that
remember Windows?
Where I work, the email server is set up to filter all "dangerous" attachments. Occasionally we need to email executables, and usually what happens is the attachment is simply removed, the recipient emails back complaining, and then the attachment is re-sent as a .zip file.
Not in a .zip file, you just rename testprog.exe to testprog.zip and email it. On the other end, they rename it back.
If filtering that stupid when it's just email, I can imagine how quickly things will grind to a halt if you did that for saving files.
BTW, they also don't equip individual PCs with CD-ROMS, apparently to prevent people from installing unauthorized software. It's so effective we have to walk all the way to the CD burner machine and put the CD in there, then go back to our own and run the installer over the network. It must add a whole minute to the time it takes to install unauthorized software - at least the kind that you don't just download from a web site (in a .zip file or similar so it's not blocked).
Come on guys, can't we stop using this phrase??
It almost legitimises it. At the very least tends to downgrade the problem.
"Paedophilia"
"Child abuse"
FAR more emotionally descriptive, but realistic terms.
I mean these poor victims can turn into REALLY fucked up adults because of the abuse they suffered.
Just my Euro 2cents worth
this makes a very good point...
It clearly attacks windows-based PCs. If it attacks through Mozilla or MySQL, it is the fault of the OS for exposing these things. In an OS with proper security, a bad user app such as Mozilla cannot compromise the system as badly as in Windows XP HE, for example, which runs apps as root by default, allowing for example new network services to be installed by downloaded viruses.
While I normally don't comment publicly upon the moderation of my comments, I believe the moderation of the parent makes my point more eloquently than anything else.
www.eFax.com are spammers
Just think of the mess if someone used a trojan to plant MP3's all over creation....along with appropriate sharing software..
RIAA would run themselves ragged suing Jill Winecooler & other innocents, gathering an army of friends while doing so....
I know this has already been said, but it needs to be said again.
Receiving complaints like this, has NOTHING to do with with your hosting provider. Your hosts could be LOCKED DOWN JUST FINE and you'll still receive complaints like this.
Why? Because it IS possible to fake the address of the 'sender' in an email. Ridiculously easy. The people sending the complaints are ignorant of this fact, so just assume that the spam is coming from you, where in fact its coming from somewhere totally unrelated. Blaming the host in this case is a fallacy, and just demonstrates how ignorant YOU are of how the mail system, and spam, works.
It is unfortunate that your domain has been used as the 'sender' in these spam mails, and the only way to solve that is.... change domain names.
It would have been nice if my hosting provider had explained that to me rather than just shrugging it off. I'm sure a lot more people would not be "ignorant" if those who we relied on for support would actually explain/show/teach/tell/something rather than just shrugging and saying "deal with it, your dumb" when we asked for help.
Ave Molech Setting
That's not what you said in your previous post, though. In the previous post, the quote from the hosting provider was actually pretty reasonable, but your own thoughts on the matter weren't.
:)
What am I to make of that, hmm?
last post!
--
Ruby says "bwarghhhhh!"