But the spammer can easily and cheaply change the domain name used. While ".com" addresses cost ~$8, ".org.uk" addresses can be bought for even less (about $4). Is it such a barrier to spammers? Spammers that may have paid many dollars to use the network of zombies?
I guess we will see. Currently, the vast majority of the spam that hits my domains comes from trojanned dsl machines. If domains are so cheap and easy, why use zombies? Perhaps when the zombies become ineffective due to spf, spammers will start using cheap domains, and the war will have escalated again.
The first is that a lot of SPAM comes from trojan'd machines. SPF won't prevent or help mark email coming from these machines as SPAM.
Yes it will. Almost all of those trojanned machines send mail directly to the receiving server, not through the mail relay of the spoofed sender. If the email purports to be from jblow@someplace.com, the receiving mail server can check someplace.com's spf record and see that the ip address of the trojanned machine is not allowed to send mail. That is the very essense of what it does.
You are correct that a spammer with a server can publish an spf record, but he is much, much easier to blackhole than a rapidly changing large selection of compromised dsl machines.
I have SO not been looking forward to the upcoming massive quantity of American federal election discussion. This way I can unselect the Politics section (already done!) and hope that much of the politics will stay in its own section.
I hope I haven't jinxed myself. My abuse address isn't listed out there anywhere but these reject notices. Maybe I should set up another account to use for the rejects so that I don't spoil my abuse account, which is kind of necessary.
I'm sure you're right that spammers don't care what addresses are on their lists, curse them.
Not to jinx it, but what if some jerk starts spamming your abuse account?
I'd have to track them down and kill them:-). Actually, postmaster and abuse are two accounts that every domain has, but they hardly ever get spam, because spammmers are afraid of us (insert demonic laugh here). Or perhaps it's just because they know that we will trace them back and report them, since we can read email headers better than your average user.
After I first read about this Comcast thing, I looked into how to block connections directly from spambots on home machines to the corporate mail server I admin (~500 users). I set Postfix up to check_client_restrictions and look up the connecting machine's name in a file that lists all the broadband domain names I could find. The results were so good that I have now added every little ISP whose machines send me spam and started using regexes to catch the ones where if I blocked the domain I'd also block their mail server.
The results are truly staggering. I have cut the incomimg spam by 80-90%. I cut incoming spam by 50% just by blocking client.comcast.net, client2.attbi.com and cpe.net.cable.rogers.com. The users think I'm a miracle worker. So far I blocked 2 legit messages... one guy with a home mail server and one guy whose Telus mail server I accidentally blocked with my filter. The error message says to mail abuse@mydomain if the message is blocked in error and, of course, check_client _restrictions is turned off for the abuse account.
I was amazed at how little "legitimate" spam there is out there. It is almost all hijacked home machines.
In Canada we have PureTracks, which I was just checking out today; $Cdn 0.99 per track and most albums are $Cdn 9.99. They have quite a lot of stuff and they promise more, but they use Windows Media Player (with its DRM). It says you can burn to cd and download to (supported) players (whatever that means). I'm sure you can convert the wma files to mp3.
Anyone here used PureTracks extensively? I think I'll spend a few bucks, download some and see how it all works. Otherwise, I'll have to wait until iTunes is available in Canada >:-(
Even worse, Apple's site led me on. It let me choose Canada from the dropdown box on the install download page (w00t! says I), then it installs, runs and THEN tells me that the service is unavailable.
National pride will probably prevent countries other than the US from using a system that divides the history of the world into:
D -- HISTORY (GENERAL) AND HISTORY OF EUROPE E -- HISTORY: AMERICA F -- HISTORY: AMERICA
While I'm sure the LOC system works fine for the Library of Congress, it does not seem to be widely applicable enough to replace the Dewey Decimal Sysem around the world.
Incidentally, I am shocked that use of the DDC requires royalties more than 100 years after its invention.
There was a Dilbert strip where Dogbert tried to sell Dilbert a "perpetual newspaper"; only a thousand dollars and you'll never need to buy another newspaper!
The headlines were like "Pope Denounces Violence" and "Real Estate Values Rise" and "Unrest in the Middle East". I think that "Buffer Overflow Found in Sendmail" would have been a worthy addition to the Tech Pages.
Even though there is no patch available (yet), this heads-up is extremely valuable, as it allows people who cannot afford to be compromised to shut down or appropriately filter SSH on their systems.
Anyone who is relying on slashdot for critical security updates is being extremely irresponsible. If your site is so sensitive, you should have blocked/filtered/whatever ssh last night when it first came out on Full Disclosure or whatever list/service you subscribe to for critical security updates..
How much suffering would you have to endure before you'd use Caldera on all your servers to make it stop?
At this point, I think it would take me and my loved ones being flogged with bundles of stinging nettles that have been dipped in hot sauce and rolled in salt, while listening to Celine Dion sing that Titanic song accompanied by an orchestra of bagpipes. In Hell.
This couldn't have anything to do with idle scanning could it?
Idle scanning doesn't require a valid source IP address.
Idle Scanning (which is really cool) does require a valid IP from-address since you have to be able to query the zombie to see whether it got a response.
Eighteen companies currently hold Class A allocations: Apple, AT&T, BBN Planet, Computer Sciences, Compaq, Ford, Eli Lilly, GE, Hewlett-Packard, Interop Show Network, IBM, MIT, Mercedes Benz, Merck, PSINet, Prudential Securities, Stanford University and Xerox.
I don't know where this list came from, but it's not complete. NortelNetworks still owns the old Bell Northern Research Class A (47.0.0.0/8).
There's a syndrome I've heard called "buying a dog and then doing your own barking". If they're paying you for your expertise and then they ignore your recommendations, you have to wonder. Also, if the project crashes and burns due to bad project management decisions, how much damage will it do to you and your reputation?
From the advisory, which is now in my mailbox, (though it wasn't a few hours ago when I left work) Microsoft was initially notified last July, iDefense's (paying) clients were notified in January and we, the great unwashed, are just hearing about this now.
Actually the receptionist(!) at work forwarded me a news story about this from the local tabloid newspaper this afternoon, but the article was so non-technical that it was impossible to tell what exploit they were talking about (and there were no links), so I postponed looking into it until I heard more.
I read BugTraq religiously. Looks like I need to get another religion if I want to save my soul, let alone my ass. Fortunately, at our site, use of either IE or Outlook is punishable by a severe whacking, so we shouldn't be too badly off.
According to the CPCC's website, they have started distributing the money. Are you out of date or do you think they are lying?
For the record, as an Canadian independant musician and copyright holder, I am none too thrilled with this "tax the blank media" approach. I pay extra for every blank CD I buy for both legal music copies and data backup and I think that it will be a cold day in Hell before my little bar band will see dime one of this blank media tax from SOCAN.
Open source has been subsidised through tax dollars via the university system (student loans, grants, etc). Before you bitch about people having to pay for software, why don't you think about the fact that people who don't have crap to do with Linux, etc, had to pay for it's construction...
Yeah, all those people paying for all this unwanted research and education with their hard-earned tax dollars. I'm sure we would all be much better off if those academics didn't bother with stuff like Linux and the Internet. And what's with all the medical research being paid for by those who aren't even sick?
I'm right with you on the "entitlement mentality" thing and I have no problem with purchasing documentation, but I am not too crazy about the idea of purchasing documentation that comes with an NDA. If someone asks me a question whose answer is in the book, do I have to answer "No comment" or "If I tell you, then I'd have to kill you"?
Not that it will work anyway. If the software is of use to people, they will start their own discussion groups etc and *not* buy the book just on principle.
"But if Microsoft wanted to, they could become the world's biggest producer of Linux software."
If Microsoft wanted to, they could become the world's biggest producer of fishing lures. Or coffee warmers. Or pencil lead. They have the money to be the largest producer of anything.
MS is currently trying to become the world's biggest producer of game consoles (or at least a serious competitor), and it doesn't seem to be working very well from what I've heard.
First thing in a Google search for WEP: http://www.isaac.cs.berkeley.edu/isaac/wep-f aq.htm l
The difference is that openssl is implemented more rigourously than WEP. IANAC (I am not a cryptographer), but it sound like the WEP folks put it into place without sufficient review and now we are stuck with a less-than-robustly-designed standard.
Sometimes, combining two encryption methods can result in something weaker than either of the two original methods, in that they kind of partially decrypt each other.
Slashdot Mirror
I guess we will see. Currently, the vast majority of the spam that hits my domains comes from trojanned dsl machines. If domains are so cheap and easy, why use zombies? Perhaps when the zombies become ineffective due to spf, spammers will start using cheap domains, and the war will have escalated again.
Yes it will. Almost all of those trojanned machines send mail directly to the receiving server, not through the mail relay of the spoofed sender. If the email purports to be from jblow@someplace.com, the receiving mail server can check someplace.com's spf record and see that the ip address of the trojanned machine is not allowed to send mail. That is the very essense of what it does.
You are correct that a spammer with a server can publish an spf record, but he is much, much easier to blackhole than a rapidly changing large selection of compromised dsl machines.
I have SO not been looking forward to the upcoming massive quantity of American federal election discussion. This way I can unselect the Politics section (already done!) and hope that much of the politics will stay in its own section.
I'm sure you're right that spammers don't care what addresses are on their lists, curse them.
I'd have to track them down and kill them :-). Actually, postmaster and abuse are two accounts that every domain has, but they hardly ever get spam, because spammmers are afraid of us (insert demonic laugh here). Or perhaps it's just because they know that we will trace them back and report them, since we can read email headers better than your average user.
The results are truly staggering. I have cut the incomimg spam by 80-90%. I cut incoming spam by 50% just by blocking client.comcast.net, client2.attbi.com and cpe.net.cable.rogers.com. The users think I'm a miracle worker. So far I blocked 2 legit messages ... one guy with a home mail server and one guy whose Telus mail server I accidentally blocked with my filter. The error message says to mail abuse@mydomain if the message is blocked in error and, of course, check_client _restrictions is turned off for the abuse account.
I was amazed at how little "legitimate" spam there is out there. It is almost all hijacked home machines.
That's just wrong. It's like faking orgasms; if you do that, he'll never learn.
Anyone here used PureTracks extensively? I think I'll spend a few bucks, download some and see how it all works. Otherwise, I'll have to wait until iTunes is available in Canada >:-(
Even worse, Apple's site led me on. It let me choose Canada from the dropdown box on the install download page (w00t! says I), then it installs, runs and THEN tells me that the service is unavailable.
The CMA says that 80% of direct marketers in Canada belong to their organization and are apparantly obliged to honour this list.
Some of the cards are hilarious, like "Venture Capital" or "Flame War"
I recommend NewFunPages for getting lots of spam to an account that never used to get spam.
Then start clicking on the Unsubscribe links.
National pride will probably prevent countries other than the US from using a system that divides the history of the world into:
D -- HISTORY (GENERAL) AND HISTORY OF EUROPE
E -- HISTORY: AMERICA
F -- HISTORY: AMERICA
While I'm sure the LOC system works fine for the Library of Congress, it does not seem to be widely applicable enough to replace the Dewey Decimal Sysem around the world.
Incidentally, I am shocked that use of the DDC requires royalties more than 100 years after its invention.
There was a Dilbert strip where Dogbert tried to sell Dilbert a "perpetual newspaper"; only a thousand dollars and you'll never need to buy another newspaper!
The headlines were like "Pope Denounces Violence" and "Real Estate Values Rise" and "Unrest in the Middle East". I think that "Buffer Overflow Found in Sendmail" would have been a worthy addition to the Tech Pages.
Even though there is no patch available (yet), this heads-up is extremely valuable, as it allows people who cannot afford to be compromised to shut down or appropriately filter SSH on their systems.
Anyone who is relying on slashdot for critical security updates is being extremely irresponsible. If your site is so sensitive, you should have blocked/filtered/whatever ssh last night when it first came out on Full Disclosure or whatever list/service you subscribe to for critical security updates..
According to a story on NewsForge, it's not quite true (yet)
How much suffering would you have to endure before you'd use Caldera on all your servers to make it stop?
At this point, I think it would take me and my loved ones being flogged with bundles of stinging nettles that have been dipped in hot sauce and rolled in salt, while listening to Celine Dion sing that Titanic song accompanied by an orchestra of bagpipes. In Hell.
Idle Scanning (which is really cool) does require a valid IP from-address since you have to be able to query the zombie to see whether it got a response.
I don't know where this list came from, but it's not complete. NortelNetworks still owns the old Bell Northern Research Class A (47.0.0.0/8).
There's a syndrome I've heard called "buying a dog and then doing your own barking". If they're paying you for your expertise and then they ignore your recommendations, you have to wonder. Also, if the project crashes and burns due to bad project management decisions, how much damage will it do to you and your reputation?
From the advisory, which is now in my mailbox, (though it wasn't a few hours ago when I left work) Microsoft was initially notified last July, iDefense's (paying) clients were notified in January and we, the great unwashed, are just hearing about this now.
Actually the receptionist(!) at work forwarded me a news story about this from the local tabloid newspaper this afternoon, but the article was so non-technical that it was impossible to tell what exploit they were talking about (and there were no links), so I postponed looking into it until I heard more.
I read BugTraq religiously. Looks like I need to get another religion if I want to save my soul, let alone my ass. Fortunately, at our site, use of either IE or Outlook is punishable by a severe whacking, so we shouldn't be too badly off.
According to the CPCC's website, they have started distributing the money. Are you out of date or do you think they are lying?
For the record, as an Canadian independant musician and copyright holder, I am none too thrilled with this "tax the blank media" approach. I pay extra for every blank CD I buy for both legal music copies and data backup and I think that it will be a cold day in Hell before my little bar band will see dime one of this blank media tax from SOCAN.
Yeah, all those people paying for all this unwanted research and education with their hard-earned tax dollars. I'm sure we would all be much better off if those academics didn't bother with stuff like Linux and the Internet. And what's with all the medical research being paid for by those who aren't even sick?
I'm right with you on the "entitlement mentality" thing and I have no problem with purchasing documentation, but I am not too crazy about the idea of purchasing documentation that comes with an NDA. If someone asks me a question whose answer is in the book, do I have to answer "No comment" or "If I tell you, then I'd have to kill you"?
Not that it will work anyway. If the software is of use to people, they will start their own discussion groups etc and *not* buy the book just on principle.
"But if Microsoft wanted to, they could become the world's biggest producer of Linux software."
If Microsoft wanted to, they could become the world's biggest producer of fishing lures. Or coffee warmers. Or pencil lead. They have the money to be the largest producer of anything.
MS is currently trying to become the world's biggest producer of game consoles (or at least a serious competitor), and it doesn't seem to be working very well from what I've heard.
First thing in a Google search for WEP:f aq.htm l
http://www.isaac.cs.berkeley.edu/isaac/wep-
The difference is that openssl is implemented more rigourously than WEP. IANAC (I am not a cryptographer), but it sound like the WEP folks put it into place without sufficient review and now we are stuck with a less-than-robustly-designed standard.
Sometimes, combining two encryption methods can result in something weaker than either of the two original methods, in that they kind of partially decrypt each other.