In the wake of another Slashdot article that quoted Eugene Kaspersky saying that "there will be Linux viruses any day now" (and this was about two months ago, mind you:-), and the Slashdot post I made regarding Linux viruses, I turned it into an article which I posted on my website. The article can be found here:
Well, isn't this just great, you can collect $10 and and only if the spammer doesn't have the "ADV:" label and they don't remove you from their list.
As an anti-spammer, this bill is my worst nightmare come true. The opt-out clause is especially nasty, since now it means that we can get hit by each spammer once under the law, and we will have NO recourse whatsoever, thus, this bill isn't going to have any effect on the current spam situation. A much better law, IMHO, would be something like the current junk fax law, which states that if you get an unsolicited advertisement, you can sue the person for $500 per offence, or for $1,500 if the offence was "willful".
Okay, that's enough bitching from me, since there are already a few good laws on the books that are just waiting to be used against spammers in court. There's more information to be found on these laws at suespammers.org.
Has anyone complained to the Federal Trade Commission about LinuxOne yet? The FTC investigates fraudulent practices, both on the net and off, and I think they would be interested in something like this.
Yes, I really have been following viruses since 1992. No, I don't consider myself an expert, but I think I know a fair deal about them.
That being said, I also used to hang out on Fido Net's virus echos in 1994 and 1995 where some of the true anti-virus experts hung out too. And yes, I consider Eugine Kaspersky of AVP (the guy who was quoted in the article) to be one of them. Back when the first Word Macro virus (Winword.Concept), he was the one who I saw first post about it to Fido's VIRUS echo, and he was also the first one to release a fix for it (another word macro which caught and disinfected Winword.Concept).
Unfortunately, I fear this is another case of False Authority Syndrome in that while Eugene may know viruses very well, I question his credentials in the UNIX/Linux area. For one thing, for a virus to replicate to a considerable degree on a system, you'll need to be running as root -- if you're logged in as a regular user, any program you run isn't going to be able to infect/bin/ls, no matter how hard you try.:-)
I think Kaspersky also misunderstands the nature of UNIX/Linux, in that a lot of applications (the stuff *I* use, anyway, like Apache, PHP, MySQL, etc.), when downloaded from the net, are usually done so in source form, and the end user compiles the code and runs it. It would be foolish if someone tried to put replicating code in their source, as it would be spotted very quickly and the author would have some serious explaining to do.
Finally, just to play the Devil's Advocate, I think problems could arise if say, a binary in a distrubtion is infected, and then is sold to thousands of unsuspecting end users. All it would then take is to run that binary as root, and you suddenly have an infection on your hands. However, I don't see this as a very likely scenario, since I can count the number of Linux-based viruses which I have heard of on one hand. For the reasons I outlined above, Linux just isn't a very attractive platform to virus writers, who want to see their creations spread.
Disclaimer: I am not a Usenet or NNTP guru. That being said...
>what does it mean to "alias" NNTP traffic?
Okay, every posting to Usenet have a "Path:" header in it, and each site that processes the post ads its name in, so you can see what path the post took.
Now, the way a UDP works, the cancel messages that are sent (which "cancel" other posts, or remove them from news servers that process them), those cancels have the string "udpcancel" in the path.
So, if you want to ignore the UDP, you could "alias out" that string, and your news server would drop those cancel messages and only those cancel messages. The term alias essentially tells the news server "hey, the system 'udpcancel' is an alias for this host, so ignore posts that contain that string". It's a hack, but it works.:-)
The Usenet Death Penalty (UDP) is when *all* articles from an offending site are summarily cancelled.
This may sound heavy handed, but from my experience (5 years as an anti-spammer now) the anti-spammers involved make every effort to contact the offending ISP and help them secure their news servers, report abusive users to them, etc. In essence, a UDP is something of last resort.
It should also be noted that this isn't some small cabal (TINC) of people trying to censor others, as participation in a UDP is voluntary. All you need to do to not participate is alias NNTP traffic with the "udpcancel" site in the path. Often however, the benefits of a UDP outweigh the disadvantages, and the UDPed site cleans up their act rather quickly.
From the article: Maxus claims the company agreed to the payment last month, but subsequently balked at initiating a wire transfer to a secret bank account because it might be noticed by auditors.
I can't freakin' believe this, that the people CDUniverse were actually going to pay the blackmail instead of trying to either fix the hole, or alert law enforcement/credit card companies to what happened!
This disgusts me, it's not that CDUniverse didn't pay because they might have though he was bluffing, but they didn't pay because their were worried that they might get into legal trouble for that! What about the customers with the comprimised credit card numbers in the first place, don't they mean anything to CDUniverse? Bastards.
I don't think I'll ever be doing business with CDUniverse. I think I'll be dropping a line to manager@cduniverse.com and telling them why, too!
First, I should probally preface this by saying that while I don't consider myself to be a hacker, I have been a geek for several years, and love playing with technology, so I feel I am able to relate to the hacking community.
Anyway, my question is, how do you deal with the way the public (including the media) percieves "hackers"? I've seen some clueless people use the term to describe *anyone* who does anything with a computer that they find objectionable. I've even heard the term applied to spammers!
Needless to say, the misue of the term makes my blood boil, because I feel a certain respect towards the real hackers, such as yourselves, because you guys do know what you're doing, unlike all of the script kiddies out that that either have the term applied by clueless reporters, or they use it on themselve.
So, I'd be interested in knowing how you cope with this sort of problem, as I've noticed this sort of perception of the hacking communtiy for some time.
Given that I've been known to do crazy things such as weari ng a leopard tail and collar and climbing street poles in major cities, for the sole purpose of freaking out other people on the street, and given the number of real "whackos" in any particular city, I think there would be far too much "deviant" activity for it to be possibly monitored.
Yeah, that's the ticket, let's all wear tails and collars around cities! Furries unite!:-)
Uh, like why pay someone $15 to claim to claim to scan your spams for you when there are plenty of mailing lists out there full of people willing to help you learn how to read the headers on your own.
Really, it's not that hard once you get the hang of it...
I'm curious as to how crooks/con artists are going to try and bypass this kind of security. Maybe we'll see a black market pop up for glass eyes that are replicas of legitimate bank customers' eyes.:-)
I think there's more to this story than the article tells us. From what I know of the Real Time Blackhole List ( http://maps.vix.com/rbl/) and the people who run it, an ISP has to be pretty clueless in order to get onto it in the first place. According to their RBL candidacy page, they try their best to reason with the ISPs of the spammers and, if possible, to only Blackhole the spammers themselves.
I'd be interested in hearing what the RBL folks have to say about this situation.
Changing Social Dynamics
on
Generations
·
· Score: 2
I agree with what you said, in that people are bound together less and less by their common history, though I'm not sure that's a Bad Thing. What I see happening instead is people being bound together more by their present instead, and their history taking a back seat.
The Internet is a perfect example of this - I've met people from all over the world, young and old, and from a perspective of history, we have nothing in common. However, we do have something in common, and that is what we are interested in. Comparing my life now to what it was 5 years ago before I was on the Internet, I think my life and the friends I've made in it have changed for the better, as rather than being confined to those in my physical area who may have a common history but dissimilar interests, I find myself interacting with people who are interested in the same things that I am.
> One buddy of mine has been working on some > awesome Clone Wars armor for about 6 months. Hmm...I wonder if there are any places that sell Wookie Fursuits?:-)
Why are people more open on the net than in real life?
I think the main reason is because you don't have the fear of being laughed at or made fun of if you say or do something stupid. I myself am very open when I'm online (if anyone doubts this, just look at my website;-), and have made friends from around the world, some of whom I've even been able to meet in person.
Sure, people get raped and such meeting someone whom they've met on the Internet, but it certainly happens in real life too, and I'll even go out on a limb and hypothosize that it happens more in RL than on the Internet since on the Internet, if someone has a hostile personality, you'll be able to see it right away and not even consider wanting to meet them.
In a nutshell, I think the advantages of meeting people on the net far outweigh the disadvantages.
If you want to fake a bounce, just use Procmail to return the appropriate exitcode to sendmail. You can find a list of the error codes by number in/usr/include/sysexits.h.
I'm not sure if bouncing will do a whole lot of good though, as lots of the spam out there is forged, so the spammers don't get the bounces. It's a lose-lose situation.:-(
Slashdot Mirror
http://www.claws-and-paws.com/virus/articles/linux _viruses.shtml
Share and enjoy. Comments are welcome.
As an anti-spammer, this bill is my worst nightmare come true. The opt-out clause is especially nasty, since now it means that we can get hit by each spammer once under the law, and we will have NO recourse whatsoever, thus, this bill isn't going to have any effect on the current spam situation. A much better law, IMHO, would be something like the current junk fax law, which states that if you get an unsolicited advertisement, you can sue the person for $500 per offence, or for $1,500 if the offence was "willful".
Okay, that's enough bitching from me, since there are already a few good laws on the books that are just waiting to be used against spammers in court. There's more information to be found on these laws at suespammers.org.
Their complaint form is here.
That being said, I also used to hang out on Fido Net's virus echos in 1994 and 1995 where some of the true anti-virus experts hung out too. And yes, I consider Eugine Kaspersky of AVP (the guy who was quoted in the article) to be one of them. Back when the first Word Macro virus (Winword.Concept), he was the one who I saw first post about it to Fido's VIRUS echo, and he was also the first one to release a fix for it (another word macro which caught and disinfected Winword.Concept).
Unfortunately, I fear this is another case of False Authority Syndrome in that while Eugene may know viruses very well, I question his credentials in the UNIX/Linux area. For one thing, for a virus to replicate to a considerable degree on a system, you'll need to be running as root -- if you're logged in as a regular user, any program you run isn't going to be able to infect /bin/ls, no matter how hard you try. :-)
I think Kaspersky also misunderstands the nature of UNIX/Linux, in that a lot of applications (the stuff *I* use, anyway, like Apache, PHP, MySQL, etc.), when downloaded from the net, are usually done so in source form, and the end user compiles the code and runs it. It would be foolish if someone tried to put replicating code in their source, as it would be spotted very quickly and the author would have some serious explaining to do.
Finally, just to play the Devil's Advocate, I think problems could arise if say, a binary in a distrubtion is infected, and then is sold to thousands of unsuspecting end users. All it would then take is to run that binary as root, and you suddenly have an infection on your hands. However, I don't see this as a very likely scenario, since I can count the number of Linux-based viruses which I have heard of on one hand. For the reasons I outlined above, Linux just isn't a very attractive platform to virus writers, who want to see their creations spread.
>what does it mean to "alias" NNTP traffic?
Okay, every posting to Usenet have a "Path:" header in it, and each site that processes the post ads its name in, so you can see what path the post took.
Now, the way a UDP works, the cancel messages that are sent (which "cancel" other posts, or remove them from news servers that process them), those cancels have the string "udpcancel" in the path.
So, if you want to ignore the UDP, you could "alias out" that string, and your news server would drop those cancel messages and only those cancel messages. The term alias essentially tells the news server "hey, the system 'udpcancel' is an alias for this host, so ignore posts that contain that string". It's a hack, but it works. :-)
Please note that no one has successfuly sued the Realtime Blackhole List, either.
This may sound heavy handed, but from my experience (5 years as an anti-spammer now) the anti-spammers involved make every effort to contact the offending ISP and help them secure their news servers, report abusive users to them, etc. In essence, a UDP is something of last resort.
It should also be noted that this isn't some small cabal (TINC) of people trying to censor others, as participation in a UDP is voluntary. All you need to do to not participate is alias NNTP traffic with the "udpcancel" site in the path. Often however, the benefits of a UDP outweigh the disadvantages, and the UDPed site cleans up their act rather quickly.
Hope this helps.
Maxus claims the company agreed to the payment last month, but subsequently balked at initiating a wire transfer to a secret bank account because it might be noticed by auditors.
I can't freakin' believe this, that the people CDUniverse were actually going to pay the blackmail instead of trying to either fix the hole, or alert law enforcement/credit card companies to what happened!
This disgusts me, it's not that CDUniverse didn't pay because they might have though he was bluffing, but they didn't pay because their were worried that they might get into legal trouble for that! What about the customers with the comprimised credit card numbers in the first place, don't they mean anything to CDUniverse? Bastards.
I don't think I'll ever be doing business with CDUniverse. I think I'll be dropping a line to manager@cduniverse.com and telling them why, too!
Anyway, my question is, how do you deal with the way the public (including the media) percieves "hackers"? I've seen some clueless people use the term to describe *anyone* who does anything with a computer that they find objectionable. I've even heard the term applied to spammers!
Needless to say, the misue of the term makes my blood boil, because I feel a certain respect towards the real hackers, such as yourselves, because you guys do know what you're doing, unlike all of the script kiddies out that that either have the term applied by clueless reporters, or they use it on themselve.
So, I'd be interested in knowing how you cope with this sort of problem, as I've noticed this sort of perception of the hacking communtiy for some time.
Thanks!
Yeah, that's the ticket, let's all wear tails and collars around cities! Furries unite! :-)
Going back and searching through the article for the word "exclusive", I see that it is indeed "non-exlclusive".
I'm apologize for the slipup when I submitted the story to Slashdot, I had honestly thought that it had said "exclusive".
Really, it's not that hard once you get the hang of it...
I'm curious as to how crooks/con artists are going to try and bypass this kind of security. Maybe we'll see a black market pop up for glass eyes that are replicas of legitimate bank customers' eyes. :-)
I hate to nitpick, but it annoys the bejeezus out of me everytime something nasty is discovered and people immediately scream "virus".
I'd be interested in hearing what the RBL folks have to say about this situation.
The Internet is a perfect example of this - I've met people from all over the world, young and old, and from a perspective of history, we have nothing in common. However, we do have something in common, and that is what we are interested in. Comparing my life now to what it was 5 years ago before I was on the Internet, I think my life and the friends I've made in it have changed for the better, as rather than being confined to those in my physical area who may have a common history but dissimilar interests, I find myself interacting with people who are interested in the same things that I am.
I'll shut up now.
>awesome Clone Wars armor for about 6 months.
Hmm...I wonder if there are any places that sell Wookie Fursuits? :-)
> One buddy of mine has been working on some > awesome Clone Wars armor for about 6 months. Hmm...I wonder if there are any places that sell Wookie Fursuits? :-)
That's one of the funnier April Fools' jokes I've seen in a long time, excellent piece of work!
I think the main reason is because you don't have the fear of being laughed at or made fun of if you say or do something stupid. I myself am very open when I'm online (if anyone doubts this, just look at my website ;-), and have made friends from around the world, some of whom I've even been able to meet in person.
Sure, people get raped and such meeting someone whom they've met on the Internet, but it certainly happens in real life too, and I'll even go out on a limb and hypothosize that it happens more in RL than on the Internet since on the Internet, if someone has a hostile personality, you'll be able to see it right away and not even consider wanting to meet them.
In a nutshell, I think the advantages of meeting people on the net far outweigh the disadvantages.
I'd like to see a see a sequel to this book where Ping has little ducklings and it explains how traceroute works. :-)
I'm not sure if bouncing will do a whole lot of good though, as lots of the spam out there is forged, so the spammers don't get the bounces. It's a lose-lose situation. :-(