Slashdot Mirror


User: damn_registrars

damn_registrars's activity in the archive.

Stories
0
Comments
5,958
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,958

  1. Re:Interesting feedback... on The 'Malware Economy' Evolves · · Score: 1

    They have a distributed botnet. They'll just distribute the http traffic over the botnet and deliver the payload via a decentralized onion-style network, again, on their botnet, like tor.
    The current accepted model is that the spammers pay for time on the botnet. That makes it easy to dump a ton of spam through it, because that doesn't take long. I doubt that the spammers really want to use the botnet for web hosting, where they would potentially want to rent it for days. And beyond that, the dynamic nature of their botnet would require a mess of routing in order to make sure that the http and https requests get to systems on the botnet that are up.

    Going after the registrars will only be a temporary solution.
    Let me know when you start seeing a large amount of spam that doesn't refer to the websites by a domain name. Well over 99% of the spam, and likely a solid 100% of the phishing emails that I see rely on using a domain name in the link, likely for the reasons that I've outline before. The spammers just don't have as much to gain by using a numeric address over a domain name. If they change their game drastically, I'll then concede that point.

    You're right that as long as they make money, they'll keep doing it.
    Which is exactly why running from spammers (as per your suggestion) is futile. They'll find you eventually. Ditto for anyone who thinks that spam filtering is a good answer - it's only a matter of time until any given filter is circumvented by a creative spammer, and then new filtering has to be devised. We can play whack-a-mole with the spammers, or we can actually work to stop the mechanisms that they use. Take your pick.

    browser-confirmed TLS certificate
    Granted, I've never purchased anything from a spamvertised domain. But when I have looked at their sites, they do say that they have TLS security, which is as much (if not more) than most people would look for. Same sites do everything they can to reassure you that your transaction is secure and legit. Whether or not it is, well thats of course very debatable. Considering most people probably will just look for the lock icon in their bottom right corner, and they'll almost always trigger it, I don't think you can really ask for a whole lot more for reassuring the users.

    ll the people losing money due to spam, frankly, deserve it.
    Thats extremely condescending, but I guess it matches your tone from your first reply. You also seem to be overlooking the fact that many of these spamvertised sites are targeting extremely vulnerable people. Have you considered how many people are online now that are on medicare / medicaid? If you tell these people that they can buy their prescriptions for less than half the usual price, they'd love to listen. And then if your site looks legit, and authenticates legitimately, they may well fall for it. Do 80+ year old senior citizens really "deserve" to be taken advantage of by criminals?

    In this case, a lot of freedom translates to speech you didn't want. Grow up.
    If you want to discuss freedom of speech issues, you should start by acknowledging the fact that the 1st amendment doesn't guarantee that people will be forced to listen. And furthermore, there are fraud laws that need to also be taken into consideration, things like insider trading. So I'm afraid your argument that spam should be protected just simply doesn't hold water. But thanks for playing.
  2. Interesting feedback... on The 'Malware Economy' Evolves · · Score: 1

    Looking at your journal, it's clear you're a raving idiot
    Looking at your comment, its clear you didn't actually read the journal entries. But we'll continue on...

    Spam is caused by bad registrars, you say!
    No, I said that bad registrars allow spam to happen by being complacent. Those are two very different statements. Your statement carries an implication that you feel I'm aiming to say that registrars are themselves sending the spam. This conclusion is patently false. I am saying that there are complacent registrars that are making money from spam and hence are not willing to do their part to stop spam.

    But thanks for playing, anyways.

    When we finally get registrars to pull spam sites
    We'd have a good start. Except I suspect you're not actually reading my comments accurately and its not even clear that you understand the different between a registrar, a webhosting company, and an ISP. But we'll continue on...

    they'd just use IP addresses -- or should we make using an IP address illegal, too
    First, I didn't propose making anything illegal. ICANN has no legal authority over anything, anywhere. How you read anything that I wrote and took it to mean 'illegal' is beyond me.

    But nonetheless, you are missing the point. Spammers use domain names because they're convenient. If you look up a spamming domain, you'll find that the spammers own a lot more than just the spamvertised domains. In particular, the domains that provide DNS for resolving the spamvertised domains are themselves owned by spammers.

    This mutli-level scheme that the spammers run allows them to very rapidly change the mapping for their domains so that even if one ISP shuts them down or disconnects them, they can re-map to another IP, and the spamvertised domain still goes where they want it to. Or do I need to explain DNS to you as well?

    but it sounds like you just need to calm down
    Thats a curious statement coming from someone who opened their comment by calling me "a raving idiot".

    and change email addresses to a subdomain
    OK, I could start by pointing out that you didn't really write a sentence there, but I'll leave your grammar alone and critique instead your lack of logic. Of all my email addresses, the one I have that gets the most spam is in a subdomain - username@aaa.bbb.edu. It pulls in at least 40 spam emails daily. Just because it works for you, doesn't mean it will work for everyone. Besides, the spammers will eventually come up with a way to probe those, as well, and then you'll be right back where you started.

    But I'll just let you think that you solved the problem with your interesting solution instead.

    And of course, your "solution" does nothing for all the people who use the likes of hotmail/yahoo/gmail for their email. You can say what you want about them, but thats a lot of people who couldn't use your answer if they wanted to.
  3. moderation for fun & profit on The 'Malware Economy' Evolves · · Score: 0, Offtopic
    I'm enjoying watching my comment get moderated up and down. As of this message, it has been moderated at least 4 times.
    • Starting score = 1 (I passed on the karma bonus)
    • +1 Informative -> Score = 2
    • +1 Informative -> Score = 3
    • -1 Overrated -> Score = 2
    • +1 Informative -> Score = 3
  4. Re:This shouldn't have surprised anyone on The 'Malware Economy' Evolves · · Score: 1

    they're all from the past two weeks!

    If you'd like, you could also read my journal entry from September 30th where I discussed the economic role of spam, and why filtering is the wrong answer. I know I also discussed it in forums starting then or earlier, but as I am not a subscriber, I can only look at my own last 24 postings from my page here.

    If there was an easy way for me to peruse my own old postings, I could show some of my earlier messages to this same effect. These more recent ones were just easier to access quickly.
  5. This shouldn't have surprised anyone on The 'Malware Economy' Evolves · · Score: 4, Informative

    Really, we've been talking about the Economic basis of spam for some time. I've commented and journaled on how the economics of spam make most current solutions meaningless in the greater fight.

    So now when we see yet another article discussing the money that is made in malware, particularly the botnets that drive spammers, there's no reason why anyone should find this surprising.

  6. Hooray for cat cloning! on Cloned, Glow in the Dark Cats · · Score: 1

    Because we were all worried we'd run out of cats!

  7. Sysadmins in heaven??? on The 5 Users You'd Meet in Hell · · Score: 1

    I'm not sure that many sysadmins could ever qualify to make it to heaven. Don't we all end up at some point disqualifying ourselves by turning into BOFH?

  8. Re:Yeah, but, but ... on The 305 RAMAC — First Commercial Hard Drive · · Score: 1

    And, also, didn't you say that production ended in 1961, and then Torvalds was born in 1969? How is that the same year?
    My bad, those were two concepts that weren't connected well in my answer. The article stated that IBM withdrew the device in 1969 (even though it stopped production in 1961). I of course do not work for IBM, but I suspect that withdrawing the device, in the context of this article, means they stopped supporting it. Therefore, I was trying to say that the device was no longer available from the IBM standpoint at the same year when Torvalds was born.

    Exactly why they stopped producing the device in 1961, and then 'withdrew' the device 8 years later, only IBM knows. Perhaps some institutions had exceptionally long support contracts on their double-refrigerator-sized storage devices? Or perhaps IBM made more of them in 1961 than they could sell?
  9. Re:Yeah, but, but ... on The 305 RAMAC — First Commercial Hard Drive · · Score: 1
    Interesting comments so far. And for the record, I was just trying to get a laugh. But that didn't seem to work out as planned. Furthermore, nobody hit directly on the answers that occurred to me on this question, so I'll share them:
    • The object in question isn't really a computer per se, its a storage device. What good would it do to have it run an operating system to begin with? (aside from the already pointed out fact that it only stored 5mb)
    • The object in question was developed and sold in the 1950's. Production ended in 1961. Linus Torvalds, however, wasn't born until 1969. Hence, Linux wasn't even in existence when the drive was discontinued.
    • The Unix epoch is generally regarded as having begun on January 1, 1970. This is later than even when this storage device was withdrawn by IBM. I would be surprised if anyone bothered to write a Unix driver for it - though feel free to prove me wrong.


    It also occurred to me while writing this that the device was withdrawn the same year Torvalds was born. An interesting coincidence.
  10. Yeah, but, but ... on The 305 RAMAC — First Commercial Hard Drive · · Score: 1


    ... does it run Linux?

  11. Re:Exactly on Microsoft Disses Windows to Sell More Windows · · Score: 1

    We live in a strange, strange world. Fucked up and strange.

    There, fixed that sentence for you...

    But that said, I couldn't agree with you more on the negative reflection of us with one company having such disgusting market dominance. I don't think that the US Postal Service even can claim that level of saturation.

  12. Rather short on information... on Robots That Bounce on Water · · Score: 4, Interesting

    I managed to view the site before it went down in flames under the slashdot effect. The picture was cool, but the article left much to be desired:

    How big is the robot?
    How much does it weigh?
    How fast can it move?
    How is it controlled?
    What is the range of speeds for this that was mentioned in the article?
    They mentioned applying it to sampling water quality, but wouldn't that disrupt the surface tension to sample the water right under the robot?

  13. Wishful thinking... on Microsoft Disses Windows to Sell More Windows · · Score: 2, Insightful

    "With Microsoft marketing against itself, perhaps the Mac and Linux camps can simply wait for Microsoft to self-destruct?"

    While I'd likely be the first in line with gasoline if MS HQ was on fire, I really don't see how the situation described could in any reasonable way be expected to be a sign of Microsoft's impending doom. Even if they never made it into high 6-figure sales of Vista, they'd still have what, about 90% market share for their desktop OS? If Vista completely laid an egg, there still wouldn't be dramatic anti-MS push from the mainstream.

    Even as myself a FreeBSD user, I'll say that I just don't see the failure of Vista as panning out in any real way to be a fantastic victory for the Unix-based systems out there. People are still going to want to stay with their familiar OS - which of course is windows.
  14. Careful not to lie down on a clear day outside... on SenseCam Aids Patients with Memory Problems · · Score: 1

    Or your picture may just resemble the blue screen of death!

  15. Look, someone else got it... on Spam Trap Claims 10x-100x Accuracy Gain · · Score: 1

    I've only been preaching this for years. Now we have an article that also realizes that there is an economic solution needed for the spam problem.

  16. I already said this... on Fighting Spam Through Regulation and Economics · · Score: 4, Insightful

    Previous slashdot discussions have discussed some of the ways that most people try to fight spam. I already said that we need an economic solution to what is an economic problem.

    Unfortunately, the suggestion from this article misses the boat. Trying to price the spammers out of operation doesn't get the job done, because there's hardly a shortage of money to keep them running. We need to price the middle men out of operation.

    In particular, when the spammers register new domains (which they do by the hundreds or more at a time), they give kickbacks to their favorite registrars, who in turn will turn the other way regarding the illegal operations.

    If instead ICANN had some cajones, they could take the bad registrars out, clean up the registration mess that currently exists, and they could make it economically unfeasible for the spammers to continue their game as currently played. A good start would be to enforce an exponentially increasing fee structure for domains - I know of very few people who have a legitimate need for more than about 4 domains. Furthermore, if the bad registrars were to actually lose their accreditation after willingly doing business with these criminals (easy to prove), that would also help.

    But as someone else already pointed out, you cannot just simply tax spam out of existence. You need real, working, economic solutions. And if ICANN was worth their own weight in bat guano, they could make it happen.

  17. Bad purchasing dept. was:Re:Meh. on CompUSA To Close All Stores · · Score: 2, Interesting

    From my experience working at CompUSA back around 1997-1999 (Store #787, Minnetonka, MN), I can tell you that the problem you noted was system-wide for the chain. And IMHO, the problem's source was with the people who did purchasing for the company. As far as I could ever tell, the purchasing was exactly the same for the entire chain - hence if one store was out of product X, there wouldn't be any to be found anywhere else, either. This was particularly problematic with advertised items.

    I was my observation that the quantity of an item purchased for sales at a store was only proportional to the markup of the item. Hence, every week we would get in several pallets of CD jewel cases, but only a dozen of the hard drive advertised on the front page. Following week, we'd still have half a pallet of jewel cases left over, and we're out of hard drives - yet two more pallets of jewel cases came in and even fewer hard drives than the previous week. It of course took very little time before the store was swamped with jewel cases and out of hard drives.

    And to further screw up the situation, there was no way for us to communicate with the people in charge of purchasing, and they never visited the stores in person. As an example, we asked for years for the store to carry case fans - which was an item that was listed with a very nice markup percentage in the special order inventory - yet it wasn't until years after I left that they finally did. But yet during that time interval, they tried selling (MIDI) keyboards, remote controlled cars, camcorders, cell phones, and television sets.

    I was just glad that the last time I stopped by my old place of employment, none of the capable co-workers that slugged it out there with me were still stuck there. They had all taken better jobs - primarily at best buy, circuit city, or microcenter. And of course the best of us finished our college degrees and got out of retail altogether...

  18. Two obviously missing titles on Twelve Game Music Tracks Worth Keeping · · Score: 1

    Quake and Spy Hunter.

    Someone already mentioned that the Quake soundtrack was done by Trent Reznor and was playable in an audio CD player (even just the $5 shareware release on CD was).

    But the Spy Hunter soundtrack is perhaps even more significant for its time. If anyone else ever listens to SecretAgent Radio on somafm.com, you will even encounter that song played on occasion. And it is how old now? I think I even heard an instrumental version (with actual instruments) played on a local jazz station a couple months ago.

  19. Re:CompUSA on Peru Orders 260K OLPCs, Mexico to Get 50K · · Score: 1

    Hell when I was running MS-dos I had such .bat files such as "goway" for reboot.
    There was a reboot command in MS-DOS? I always thought we had to use CTRL-ALT-DEL. Or did you find a tricky way to get that into a batch file?
  20. Re:The economic solution on Spam Trap Claims 10x-100x Accuracy Gain · · Score: 1

    you're not seriously proposing that they do background checks
    No, there's no need to go that far. The registrars need to be held accountable for the people they sell domains to. Of the registrars that have sold domains to Kuvayev, most have sold hundreds or thousands of domains to him. I am not aware of any registrars that have sold only one to him.

    If the registrars were forced to clean up their act and cease business with a given spammer X immediately, and also de-list the DNS data for the other domains sold to the same spammer, they could accomplish quite a bit towards ending their game. Beyond that, the registrar obviously took a payment of some sort from the spammer, or they wouldn't have registered the domain to that person to begin with. If they just simply followed their own money trail, they could find all the domains that they sold to any given spammer.

    Once doing so, the registrars should be held obligated to shut down all of the domains sold to the same payer. No need for a background check, since they have the payment records.

    Along similar lines, one could also place restrictions on purchases of large numbers of domains at a time. If someone registers hundreds of domains in one shot, it should raise a red flag. Checking the history of these people would be a worthwhile endeavor.
  21. Re:Not to be partisan, but... on Diffing Guantanamo Bay SOP Manuals · · Score: 2, Insightful

    In specific, send them back to Afghanistan when the government there can guarantee they won't be wielding an AK any more
    So basically, we want a pro-US government in Afghanistan that will take these prisoners, and then throw them in prison indefinitely (or execute them)? At that point, we'll be willing to call the conflict resolved?

    Sorry, but that sounds like empire building to me. Of course, an alternative would be that enemy combatants are released to Afghanistan, who subsequently "forgets" about them. Said combatant then disappears to Durkadurkastan for a while, and we call that a victory as well, since they are no longer fighting against us for Afghanistan?

    This of course also seems to ignore the fact that these guys were often
    • Taken from countries other than that which they would call home
    • Taken from countries which were not defined by their own people
    • Taken from countries which have diverse ethnic groups with no clear consensus on leadership

    So I don't think it really makes sense even to depend on new Afghanistan leadership to take care of these prisoners who may or may not be from there to begin with.

    Taliban eradicated, and control of the whole country
    There's also a problem here with defining eradication of the Taliban. Is that just when they are no longer in Afghanistan? Because of course there are pro-Taliban forces outside of Afghanistan. And the Taliban itself is almost as much of an idea as it is an organization. How does one eradicate an idea? And beyond that, don't forget that it wasn't that long ago that Taliban representatives were welcomed into the US.

  22. Not to just be partisan, but... on Diffing Guantanamo Bay SOP Manuals · · Score: 1

    may be detained for the duration of an armed conflict
    What will be the duration of the current "armed conflict"? Even more so, what will be the end of this "armed conflict"? We don't have a defined end game (or any exit strategy) for the conflict that we are in with Al Qaeda. How then could we ever define the duration for which these combatants are held?

    I don't expect that anyone here has an answer for these, I just bring it up because it makes it hard to take that definition and those guidelines when we can't really meet the requirement for the "duration of an armed conflict".
  23. mod parent funny on Spam Trap Claims 10x-100x Accuracy Gain · · Score: 1

    When I saw that statement, I laughed so hard I cried. A marketing strategy that works by claiming other techniques fail every time - what could possibly go wrong?

  24. Re:Yet another wrong answer... on Spam Trap Claims 10x-100x Accuracy Gain · · Score: 2, Insightful

    It's called information theory and statistics.
    I agree with you on the significance of information theory. There are plenty of important applications of it, but I don't think that spam filtering is one of them. As I said before, you can filter all the email you want, and in the end you'll just find that the spammers will find a way past your filters and you'll again be bombarded with offers for penis pills.

    further limits in the fields of pattern recognition, information and natural language processing.
    If someone wants to use spam to train their algorithms for work in those areas, I certainly do not oppose it. But if they think that it will somehow solve the spam problem, I stand by my statement that they are dead wrong. On the other hand, if they want to apply it to something like indexing research journal articles, or some other application that is for the greater good, then I applaud their work.
  25. The economic solution on Spam Trap Claims 10x-100x Accuracy Gain · · Score: 1

    Since there are over 20 replies to my message, I'll reply to my own message rather than replying to the individual replies.

    First, I'll point out that a large amount of spam comes from a small number of spamming operations. Check out SpamHaus and read their listings of the top spammers. You'll find that if you could stop just the top handful, you would have a huge impact on the total amount of spam. And I'm not going to suggest hunting them down with cops and guns, either.

    If you look further into the work of these spammers (I'll call it work, you can call it whatever you like), you'll find that one commonality is that the top spammers have registered lots of domains themselves that they spamvertise. If you dig deeper into these domains, you'll find that the spammers use only a small number of registrars and ISPs for their spamvertised domains. And if you bother to do a WHOIS on said domains, you'll find that many of the spammers don't even bother to make up new registration data for the domains, they just stick to a couple of repeated aliases each.

    Therefore, the registrars that sell the domains could chose to deny the sale of the domains based on the identity of the people buying them. For example, "Leo Kuvayev" is currently ranked number one at spamhaus. His list of aliases for registration is quite short. But yet the registrars chose to do business with him, even knowing that he is linked to criminal activity.

    I therefore say that the fault for much of the spam lies in the hands of registrars and ISPs that willingly keep criminals as customers.

    Which of course leads to the question of why these companies would do such a thing, which has a simple answer - money. These companies are making money off of these criminals who they do business with.

    Therefore, I propose that the solution lies in better regulation of the registrars and ISPs. In particular, if ICANN actually enforced some codes of decency on the registrars, by way of hitting bad registrars with hefty fines, the registrars would be forced to pass on the higher costs of business to their customers. If domains become expensive, then we will succeed in increasing the cost of business for the spammers.