Slashdot Mirror
NY Times On Spam Zombies
A discreetly valorous slashdotter writes "The NY Times is featuring a story about the growing armies of spam zombies. It focuses on New Jersey teen spammer Jasmine Singh. Choice quote: 'Hacking in its purest form is not about compensation or about wrecking a Web site. Hacking in its pure form is to show what you can do.'"
"A discreetly valorous slashdotter writes"
From dictionary.com: valorous - Marked by or possessing great personal bravery; valiant
From the same: discreetly - Marked by, exercising, or showing prudence and wise self-restraint in speech and behavior; circumspect.
Meaning an anonymous coward?
Don't you love sales/marketing speak?
Hacking in its purest form is showing how you can go to jail. :-)
Today, a pure form of hacking would be to read the article without actually being a registered user.
Crunch!
Username: loser1234
Password: loser123
In one recent case, a small British online payment processing company, Protx, was shut down after being bombarded in a zombie attack and warned that problems would continue unless a $10,000 payment was made, the company said. It is not known whether the authorities ever arrested anyone in that case.
Where would they send the money? This is like a kidnapping scheme. There is far too much involved when you actually want something back from the person you commit the crime against. You would think they would be easier to catch.
"Scientists don't change their minds, they just die." -- Max Planck
If the SBL can shot down an entire group of blocks because of one spammer on one IP, then someone should be able to shut down an entire ISP (say, AOL, Earthlink, etc) if they have just one spam-sending zombie. Period.
I mean, what's good for one group is good for the other, right?
Would Slashdot please quit posting stories
that you have to register for to read.
Thank You.
Cracking is about breaking into a system. It might require some hacking, but it can also be done by script kiddies.
http://www.nytimes.com.nyud.net:8090/auth/login?US ERID=loser1234&PASSWORD=loser123&URI=http://www.ny times.com/2005/06/24/technology/24zombie.html
Uncheck "remember me", press login.
but I don't think they really got to the real news here. The article doesn't mention how users can protect themselves at all. And it only focuses on the one case, when I think there could have been bigger name cases that would display the same message better. Is this article going to make the average user care at all, not in my opinion. The underlying theme I got from the article is that hackers are these crafty people who are sneaking onto your system, not something you can stop *coughfirewallscough*. Ok, maybe not ever totally stop, but slow down. My windows machine (only for games, I swear) has been clean (cept for Windows) for a month now, behind a hardware firewall (linux Fedora core 3) and a software (Zone Alarm). Just my two cents.
--Snarky
Want to find other gamers to play board and role playing game
Okay, so this teen treats crackery like it was a sport. To show his or her proverbial "balls", as it were. This would be a prefect opportunity for some older, social-concious geeks to get together and set up a crackery league for these youth. Let them perform their crackery against each other. Each youth could set up a system, and then they would go head-to-head to crack the other youth's system. Indeed, it would be an intellectual junior soccer- or baseball-style league.
Cyric Zndovzny at your service.
All responsible ISPs have terms of service agreements that strictly prohibit abusive practices such as phishing, spamming, warez and media trading. They reserve the right to terminate anyone's service who is violating these agreements. Beyond that, it's not reasonable to expect the ISPs to be punished for other people's irresponsible or illegal behavior, any more than the car dealer should be punished for selling a car that is used in a bank robbery or the hunting goods store for selling ammo. You can't have freedom and also place that kind of restriction on third parties. That said, service providers such as Verizon are closing certain ports to reduce this kind of attack.
The bottom line is that the software is flawed and should be replaced. That's something that is happening over time; Apples and Linux and other OSes are pretty secure now, and Microsoft is really trying to catch up.
Eventually it will be a lot harder for a 17-year-old to command an army of zombie PCs. In the 1970s, it was incredibly easy to hack into sites via a modem, using easily guessed passwords (guest/guest) because it was such a rare thing even to have a computer and a modem. The teen hackers of that era would be clueless today, just as these punks will be clueless 5-10 years from now.
it's = "it is"; its = possessive. E.g., it's flapping its wings.
I think everyone is better off when ISPs stay out of the business of controlling customers based upon the type of traffic they're sending or even worse what type of equipment they have. Consider the following two scenarios:
SnoopyISP has a 'we can shut you down based upon the traffic you send' policy. After doing so, they could be set upon to offer this service to RIAA, MPAA, etc, etc. After all, they can't say they can't/won't do it.
SnoopyISP says, "sorry, we don't let anyone who isn't running XP with our approved set of firewall apps running on it.", "But sir, I run linux, no worms here!", "Linux? Isn't that the hacker os? Sorry, we need to be sure that spam zombies don't attack. Therefore you must run UltraFireSoft Anti Hack Pro which we provide for free." "Do they have a Linux version? BSD? OSX? etc?" "Sorry, no, only windows XP. Oh and you need to have their auto-update feature turned on at all times--just to be safe."
I'll take a net where I can pay for network connectivity and get that, and I can pay for email filtering, and get that. I most certainy and emphatically DO NOT want to create inroads (beyond such that may already exist) into ISPs doing traffic or configuration based filtering/management of customers.
There's a place called "too far". I can't seem to find it.
'crackery' again.
The Kruger Dunning explains most post on
...but "Jasmine" is a dude? Really?
I'm sure it's a cultural thing, but seriously, when I was in school (cue old-timey phonograph and creaky rocking chair sound) he'd have been hating life if he had the balls to show up to school with a name like Jasmine!
The times they are a changin'. (That's a good thing, I think)
-Tom
>>
:)
Eventually it will be a lot harder for a 17-year-old to command an army of zombie PCs. In the 1970s, it was incredibly easy to hack into sites via a modem, using easily guessed passwords (guest/guest) because it was such a rare thing even to have a computer and a modem. The teen hackers of that era would be clueless today, just as these punks will be clueless 5-10 years from now.
Are you kidding? They are probably tomorrow's managers.
Probably it's not the spamming they are talking about. Probably it's the fact the spammers are cracking into other computers in order to spam.
I'm afraid you're kinda screwed on this point. Slashdot is a news aggregator. This story is effectively a dupe of one that came before, but the "news" is that it's the New York Times publishing it, which has a far more important readership than PC World.
In other words, the news isn't that there are zombies, but that a very important mainstream newspaper is telling people that there are zombies, and lots of 'em. You can't get this story from any other source, because the source is the story.
And because the New York Times is so important, they get to charge for content. In this case the charge is cheap: you just let them know who you are, so that they can better sell ad space. That's not free, but it's pretty cheap.
So basically I doubt Slashdot is ever going to "quit posting stories taht you have to register for to read", because that's where the good news is. If you'd like to establish an open source news gathering organization and make it available for free without registration, feel free.
That's news "gathering" like the Times, not "aggregating", like Slashdot. News gathering is usually considered pretty expensive. You have to have a lot of reporters, and editors. And it takes time to establish the reputation that the Times has. And like software, news depends on trust.
But hey, news, like software, is free to distribute once it's created, so maybe the open source model will apply. Go for it.
Alternatively, stop bitching about what people are giving you for free (Slashdot summaries) or cheap (New York Times articles for the price of some trivial and easily lied about demographics). Your choice.
Sarflicks! I couldn't agree with you mosby! Why haggleby when the low-rider don't know blatz about the snoozer?
Next: NYTimes advises that zombie-spammers can be dealt with by "removing the head or destroying the brain".
You're quite correct. It doesn't make you any smarter. However, it does have a few positive effects:
You don't sound like a 15-year old who slept through elementary school English class, which in turn gains the respect of other people, which in turn helps you to do a lot of things, among others, get a job.
Other people understand what you mean. It is true that in most cases it is fairly trivial to infer the meaning, but there are cases in which both the phrasing which was actually used and the phrasing which was intended form logical, sensible sentences. In this case, the meaning becomes ambiguous.
In answer to your question "Who cares?", many people do. Your professors, publishers, potential (and current) employers, people you do business with, just to name a few.
SIGSEGV caught, terminating
wait... not that kind of sig.