If you're interested in social engineering attacks(and how to defend against them), Kevin Mitnick's The Art of Deception is a must-read. The book is all about the human-shaped holes in security systems, and has almost nothing to do with computer-based hacking. The example security policies at the back are worth the price of admission - and the book's war stories make it easy to explain why these procedures are necessary.
the 'jettison management' bit has to have Darl sitting on the edge of his seat!
And here's a picture of Darl's seat, courtesy of SCO's just-closed Polish office. (The former manager of which is now setting up his own Linux business, specializing in helping users migrate from SCO's software onto Linux -- which is not SCO's, of course! -- see Groklaw for details)
You mean it's a bit like the altogether uncanny similarity between the long-established Googlebot FAQ and the still-in-prototype MSNBot FAQ?
Which is more than a little bit two-faced -- or should I say Janus-faced? -- coming as it does from the home of Palladium/Trusted Computing/NGSCB, etc...
Also, that IBM is filing for this judgement now doesn't mean that the judge will rule on this next week. AFAI understand, this judgement will just be part of the final ruling on the case.
Exactly. Some people are confusing declaratory judgement (i.e. asking the judge to produce a definitive ruling on a matter... eventually) with summary judgement (i.e. asking the judge to throw the litigious bastards out of court now, because they have no case).
See this post on news.admin.net-abuse.email: Orlando Soto sells spamming tools to desperate webmasters. Funny he didn't mention that to the journalist...
"in the margin on the right, with grey text over a grey background, there is a link to the free player."
Reminds me of this:
"It's the wild colour scheme that freaks me," said Zaphod whose love affair with this ship had lasted almost three minutes into the flight, "Every time you try to operate on of these weird black controls that are labelled in black on a black background, a little black light lights up black to let you know you've done it. What is this? Some kind of galactic hyperhearse?"
From The Restaurant at the End of the Universe, by Douglas Adams.
SPEWS has no delisting policy at all. Their website is rather mysterious about that and only suggests to post on NANAE. I have even tried that (as a customer of our provider).
That doesn't work: you need to get your provider to post on NANAE. (It's their space that's been listed for spam support, after all). Read the SPEWS FAQ more carefully, then hassle your provider to do the right thing. (It's in their interest, isn't it?).
Yeah, I used that stuff 10 years ago. You didn't need to get "a second identical imprint," though -- simply running the printed page (plus face-down foil) through a hot laser printer bonded the foil to the black print-out. Worked well for me.
You have a point. But Snotty Scotty wasn't seeking publicity by lying about his alleged secret deals with Brightmail... that particular libel was only posted in a private email to prospective business partners (quite understandably).
So Scott Richter says he *is* asking for publicity, but he certainly *isn't* doing it by lying about Brightmail, and that's *not* how the Brightmail insinuations made it into the public domain.
Posting the story as it appeared on/. *without* mentioning the lawsuit, or the source of the claim, still seems bizarre to me.
The original poster seems to have missed the story. OptInRealBig spammer Scott Richter isn't "looking for attention" -- he's being prosecuted for fraud. His (implausible) claims about a deal with Brightmail have been disclosed in emails gathered as evidence by the New York Attorney General's office (that's a 2.5 MB PDF, Richter's Brightmail allegations are on p.90-91).
"Region codes only prevent honest people from buying what they want..."
And/or from viewing what they own. I live in the UK, and have to jump through hoops to view the few R1 DVDs I own. (I only buy them when DVDs I want aren't released in R2 editions. This is usually for reasons related to the British film classification process, and the 'extras' that come with DVD special editions. If the distributor can't be bothered to get the 'extra' bits classified, they leave them off the UK DVD edition. So UK 'special editions' are less special than the US originals).
Fortunately, region-free DVD players are widely available in the UK, so this is becoming an ex-problem for us. But it is still irritatingly stupid.
The paperwork/procedure is available now, from this site.
It's ineffectual paperwork, naturally -- and to use it you have to be able to read documents created in a secret proprietary format (MS Word) -- but then, just look at the ineffectual law it's supporting!
Yup, looks like the politicians have dropped the ball again...
RTFA: "Yahoo said its 'Domain Keys' software, which it hopes to launch in 2004, will be made available freely to the developers of the Web's major open-source e-mail software and systems"... "Yahoo's proposal should be attractive to other e-mail providers because it is free and comes with no special restrictions."
If an unsupported assertion by an interested commercial party that gets paid by the word is all the evidence that there is, then I'm going to consider that there is no actual evidence at all...
And carry on attempting to 'unsubscribe' from spammers' lists? Good luck! And please let us know how well that works for you.
a do-not-spam registry is stupid in the sole fact that it gives spammers a huge list of millions of VALID email addresses - doing their job FOR them
This is the hard part. How can you make it a crime to traffic or abuse a list of email addresses?
Salt the list with honeypot email addresses. Only supply the list under contractually binding terms and conditions which prohibit its abuse. Then just monitor the honeypot inboxes, and be ready to whack any Do-Not-Spam list-abusers for breach of contract so hard their ears bleed.
"We then set about religiously unsubscribing from the invitations sent to one of the addresses, but not those sent to the other. We've had it running for three weeks at date of writing and more than twice the volume of spam has come back to the 'unsubscribed' mailbox as to the untouched one."
So this study found that unsubscribing made spam volumes more than double.
Slashdot Mirror
If you're interested in social engineering attacks(and how to defend against them), Kevin Mitnick's The Art of Deception is a must-read. The book is all about the human-shaped holes in security systems, and has almost nothing to do with computer-based hacking. The example security policies at the back are worth the price of admission - and the book's war stories make it easy to explain why these procedures are necessary.
And here's a picture of Darl's seat , courtesy of SCO's just-closed Polish office. (The former manager of which is now setting up his own Linux business, specializing in helping users migrate from SCO's software onto Linux -- which is not SCO's, of course! -- see Groklaw for details)
Two things. One is described as "long-established," the other "still in prototype". Which do you think came first???
(American schools... I dunno...)
You mean it's a bit like the altogether uncanny similarity between the long-established Googlebot FAQ and the still-in-prototype MSNBot FAQ?
Which is more than a little bit two-faced -- or should I say Janus-faced? -- coming as it does from the home of Palladium/Trusted Computing/NGSCB, etc...
But this is good fun. SCO may still be up on its pre-lawsuit form (for now)... but you'd have done better to invest in Red Hat or Novell, regardless.
Also, that IBM is filing for this judgement now doesn't mean that the judge will rule on this next week. AFAI understand, this judgement will just be part of the final ruling on the case.
Exactly. Some people are confusing declaratory judgement (i.e. asking the judge to produce a definitive ruling on a matter... eventually) with summary judgement (i.e. asking the judge to throw the litigious bastards out of court now, because they have no case).
See this post on news.admin.net-abuse.email: Orlando Soto sells spamming tools to desperate webmasters. Funny he didn't mention that to the journalist...
Why would spammers want to hurt VeriSlime?
It's almost as crappy a model as the one based on having a domain name you think everyone will type in.
I can think of a worse one: having a domain name that's a typo for the domain name everyone's trying to type in. Scum.
Reminds me of this:
From The Restaurant at the End of the Universe, by Douglas Adams.
Yeah, I used that stuff 10 years ago. You didn't need to get "a second identical imprint," though -- simply running the printed page (plus face-down foil) through a hot laser printer bonded the foil to the black print-out. Worked well for me.
You have a point. But Snotty Scotty wasn't seeking publicity by lying about his alleged secret deals with Brightmail... that particular libel was only posted in a private email to prospective business partners (quite understandably).
/. *without* mentioning the lawsuit, or the source of the claim, still seems bizarre to me.
So Scott Richter says he *is* asking for publicity, but he certainly *isn't* doing it by lying about Brightmail, and that's *not* how the Brightmail insinuations made it into the public domain.
Posting the story as it appeared on
The original poster seems to have missed the story. OptInRealBig spammer Scott Richter isn't "looking for attention" -- he's being prosecuted for fraud. His (implausible) claims about a deal with Brightmail have been disclosed in emails gathered as evidence by the New York Attorney General's office (that's a 2.5 MB PDF, Richter's Brightmail allegations are on p.90-91).
"Region codes only prevent honest people from buying what they want..."
And/or from viewing what they own. I live in the UK, and have to jump through hoops to view the few R1 DVDs I own. (I only buy them when DVDs I want aren't released in R2 editions. This is usually for reasons related to the British film classification process, and the 'extras' that come with DVD special editions. If the distributor can't be bothered to get the 'extra' bits classified, they leave them off the UK DVD edition. So UK 'special editions' are less special than the US originals).
Fortunately, region-free DVD players are widely available in the UK, so this is becoming an ex-problem for us. But it is still irritatingly stupid.
The paperwork/procedure is available now, from this site.
It's ineffectual paperwork, naturally -- and to use it you have to be able to read documents created in a secret proprietary format (MS Word) -- but then, just look at the ineffectual law it's supporting!
Yup, looks like the politicians have dropped the ball again...
RTFA: "Yahoo said its 'Domain Keys' software, which it hopes to launch in 2004, will be made available freely to the developers of the Web's major open-source e-mail software and systems" ... "Yahoo's proposal should be attractive to other e-mail providers because it is free and comes with no special restrictions."
Already done: check out ROKSO.
they could set up a traveling exhibit
Like this?
Here's the paper by Gabrilovich and Gontmakher on the Homograph Attack (unicode scam).
If an unsupported assertion by an interested commercial party that gets paid by the word is all the evidence that there is, then I'm going to consider that there is no actual evidence at all...
And carry on attempting to 'unsubscribe' from spammers' lists? Good luck! And please let us know how well that works for you.
Salt the list with honeypot email addresses. Only supply the list under contractually binding terms and conditions which prohibit its abuse. Then just monitor the honeypot inboxes, and be ready to whack any Do-Not-Spam list-abusers for breach of contract so hard their ears bleed.
OK: here's a year-old ComputerWorld article documenting a study that did exactly that. Its title? Unsubscribing from spam counterproductive.
The best anecdote/example/statistic?So this study found that unsubscribing made spam volumes more than double.
Feeling better now?