This is the classic confusion of authentication with security. Authentication does not protect against spammers. The spammers will simply authenticate and keep right on spamming, and now they won't have to do tricks to circumvent the filters because the cert makes them "trusted". (One other example of this is the illusion of security caused by cryptographic authentication on the web. That hasn't stopped spyware sleazebags such as Gator/Claria; they just get their own certs.)
Yahoo is an unrepentant spammer and spam support service itself. They reset your marketing preferences at their whim. Abuse reports routinely go to/dev/null. Any "anti-spam" solution coming from a spammer and spam supporter is necessarily a scam.
OpenSource is a philosphy of saying "Look at this neat-o code I/we created. You can use it, learn something from it or improve it but just follow this license (which generally keeps with the same philosphy.)"
That's actually more like the definition of Free software.
I'm sure nobody wants *all* of that installed on their hard-drive, just as I wouldn't want to install all the packages that come with my Linux distro CD, but instead I want to choose what I install and nothing else, and save disk space.
These people are few in number and generally not at all interested in Windows (or a similar product like OS X) anyway.
Mac OS X does actually allow you to install or not install what you want. Just click the Customize button and you can leave iChat or most anything else out and add non-default options.
It's already slow and it may get slashdotted soon, so here it is:
[blank.gif] [1]Carrel.ORG > Important Mac OS X Security Advisory
Mac OS X Security Advisory
Vulnerability:
Malicious DHCP response can grant root access
Affected Software
Mac OS X 10.3 (all versions through at least 26-Nov-2003) Mac OS X Server 10.3 (all versions through at least 26-Nov-2003) Mac OS X 10.2 (all versions through at least 26-Nov-2003) Mac OS X Server 10.2 (all versions through at least 26-Nov-2003) Probably earlier versions of Mac OS X and Mac OS X Server Possibly developer seeded copies of future versions of Mac OS X
Abstract
A series of seemingly innocuous default settings can cause an affected Mac OS X machine to trust a malicious machine on a network for user, group, and volume mounting settings.
What does this mean to the average user
Anyone who can gain access to your network can gain administrator (root) access to your computer and therefore steal your data or launch attacks upon others as soon as you reboot your machine. System administrators and users of affected software should read the section "Workarounds" for immediate actions to protect their machines. It is important to note that WEP security in 802.11b/g (AirPort/AirPort Extreme) wireless networks is generally not sufficient to protect your network from access by an attacker.
Vendor Patch
Apple Computer has been notified of this issue and may be working a fix at this time. At the time of this writing, a fix is not available from Apple.
Workarounds
There are a variety of avenues to avoiding this vulnerability... 1. Disable any network authorization services from obtaining settings from DHCP: + in Directory Access, select LDAPv3 in the Services tab, click "Configure...", uncheck "Use DHCP-supplied LDAP Server" + in Directory Access, select NetInfo in the Services tab, click "Configure...", uncheck "Attempt to connect using broadcast protocol" and "Attempt to connect using DHCP protocol" + in Directory Access, uncheck LDAPv3 and NetInfo in the Services tab, if you don't intend to use them 2. Turning off DHCP on all interfaces on your affected Mac OS X machine can also keep you from being affected.
For added security, be sure to disable any unused network ports: * turn the AirPort card off or remove it, if it is not being used.
Configuration Awareness
If a user should need any of these settings turned on due to the network and authorization system they are currently using, they should be aware that they could fall prey to a malicious individual using the techniques outlined in this advisory. Steps to mitigate this concern could be as simple as manually configuring the directory server settings on the affected machine.
Technical Details
By default, the affected versions of Mac OS X attempt to negotiate DHCP on all available interfaces. In the event that an Airport card is installed but there is no network nearby, they also default to associate with any network that might appear and then use DHCP to obtain an address. The system will also use DHCP provided fields, if available, to connect to an LDAP or NetInfo server on the network. The default settings in "Directory Access" on affected systems will cause the system to place the network LDAP or NetInfo server ahead of the local user info for any given account, and will implicitly trust the LDAP or NetInfo server to provide correct information. Furthermore, nothing in the system prevents a login as a user with uid 0 (zero) with any login name. For example, an LDAP or NetInfo source with an account username "bluemeanie", uid 0, would be perfectly valid and usable for login at the login window and on any network provided service, includi
I'm not sure what all the accents are on the alphabet, will I have to know to type them to access a simple website?
Never fear, oh monolingual one, I found this very handy site that will help solve this pesky problem for you. Try it some time and let us know what you think!
From: Steve Linford <linford@spamhaus.org> Newsgroups: news.admin.net-abuse.email Subject: Re: Spamhaus in the New York Times Date: Mon, 10 Nov 2003 18:18:04 +0000 Organization: The Spamhaus Project Message-ID: <linford-322705.18180310112003@news.supernews.com> References: <rbnsqvsesdq5pq0jkqpl8o2mm65rjbj8qq@4ax.com> <7udtqvog72ndachspbeodnm07s5q1tla1r@4ax.com> User -Agent: MT-NewsWatcher/3.3b1 (PPC Mac OS X) X-Complaints-To: abuse@supernews.com Lines: 70
In article <7udtqvog72ndachspbeodnm07s5q1tla1r@4ax.com> , shiksaa <shiksaa@spamhaus.org> wrote:
> On Sun, 09 Nov 2003 10:31:14 -0500, Tim Boyer <tim@denmantire.com> > wrote: > > >Good article. > > > >http://www.nytimes.com/2003/11/09/business/yourmo ney/09spam.html?pagewanted=a > >ll&position= > > No, it's not. Hansell left out many team members who contribue an > awful lot. That pisses me off.
One thing Saul did say though is that he'd gathered too much info to fit into one article. I too would have preferred much more focus on Spamhaus as a team, as without it it comes off sounding like one guy on a boat.
A couple of things I'd like to correct here for the record are:
- "Mr. Linford's block list is faltering". It's not, the SBL is blocking everything it is designed to block and so well that the spammers are having to use highly illegal 3rd party exploits to get round it. I think Saul may have not understood that the lists are not in competition with each-other but each list is specialized in blocking one type of spam-source; direct spam or 3rd Party exploit. The SBL specifically blocks direct spam sources only and is not faltering in this, it's holding a vital front line as spamming via 3rd Party exploits is illegal and crackdowns by law enforcement are about to begin on spammers doing it. So if spammers don't want to go to jail they have little choice but to spam direct from their own IPs... which are on the SBL, hence the dilemma facing spammers, hence the attacks on us and the other spam-source list, SPEWS.
- The UK Government haven't "not" given us a grant (the article implies they turned us down), I simply have not completed the formal request yet as we've had too much going on here. There is also a written recommendation from the All Party Parliamentary Internet Group for UK Goverment (DTI) to fund Spamhaus. It's something I have to follow up on.
- On me personally, there are a couple of little bits that went a tad pear-shaped... I don't mind at all coming over as an ex-hippy (I was), but I didn't "play guitar in coffee shops" (well I did sometimes for fun), I mostly spent my time in recording studios and was signed to an Italian record label, hence I had a beach lifestyle on the proceeds, later I was a concert production manager (the guy in charge) not a road manager (the guy who gets the bottom bunk on the crew bus;-) My first company didn't 'flop', we simply changed the name sometime in 88-89 to "Ultradesign" because it sounded nicer, and then shifted the emphasis to Internet which didn't formerly exist. The last bit about plans to move onto a yacht (cruiser) is basically correct, but that would be only my personal computers (Spamhaus' main computers, like the team which we can't operate without, are all over the place and would no doubt remain in various datacenters), although that would not be in the Adriatic, rather the Mediteranian, where I grew up.
- I would have liked to have seen the reader given a bit more information on spammers quoted such as Scott Ri
When Steve Jobs holds forth in public, it's usually to a mob of fawning Apple-ites--the true believers who still develop software and accessories for Apple products. (emphasis mine)
I got to admit, there is something cool about being an endangered species facing imminent extinction*. You get so much admiring and attention, you get to be on lots of TV documentaries and in lots of newspaper articles, and everyone wants to be like you because you're beautiful.:-p
* Especially if you've been facing imminent extinction for some 20-odd years.
But if Microsoft are going to take this approach, then what about extending it to spammers?
Because we don't need to find the identity of the spammers; we know who they are already. The problem with spammers is different, i.e. that not every place on earth has anti-spam laws and those that do have them often don't enforce them. Writing viruses OTOH is unquestinably illegal.
based on the number of spams that are getting through.
They are losing based on the response percentage they get on their spam. Even most suckers are on to them now, and they get so few responses that they are forced to send ever bigger quantities of spam to break even. They are also so widely blocked now that they are desperate enough to risk jail time writing DDoS viruses to antispam sites.
Seems to me the endgame is near, in which spam will explode like a supernova before it disappears.
How soon we forget. Anyone remember how useless the Internet was on 11 September 2001?
No, I remember how useless mainstream news websites were on 11 September 2001. The Internet was working as well as always, and mirror sites were springing up all over the place. IRC and e-mail were also working just fine. The Internet was extremely useful indeed, if you just bothered to look beyond the mainstream web. Remember, Internet != WWW.
I think that DNS operators should think twice before applying code that tampers with authoritive answers from root nameservers.
Not only do i agree with your statement, but i feel this applies equally as well to mailservers (and other facets of inet infrastructure).
The Internet is a collaborative network, i.e. it only functions because independent nodes agree to collaborate with each other. Conversely and by consequence, it is not only unneeded but undesirable to collaborate with a node that is not collaborating. If Veri$limey is not collaborating, their non-collaboration should be blocked in order to save the Internet as we know it.
RFCs were created for a reason,
...which is to request comments (remember what those RFC letters mean?) and not to serve as the ultimate authority on all matters Internet.
and the day we all decide to do it our own way is the day that the internet will die.
BTW, all torrent downloaders, be sure to keep open that window for a while after you're done. And if you're the first to download it, expect a slow speed at first because you've got only my ADSL line to get it from, speed will pick up as others join in.
(In case anyone wonders how I keep getting thru, ftp.mozilla.org is a hostname for several IP addresses, and one of them kind of works some of the time. GNU 'wget' with its retry feature does the rest.)
Going to get it for you... (in case anyone wonders how I manage to get through, ftp.mozilla.org is a name for several IP addresses and I found that just one of them is kind of working some of the time, GNU 'wget' does the rest with its retry feature).
Oh, and all torrent downloaders, be sure to keep open that window for a while after you're done. And if you're the first to download it, expect a slow speed at first because you've got only my ADSL line to get it from, speed will pick up as others join in.
Slashdot Mirror
That's actually more like the definition of Free software.
Mac OS X does actually allow you to install or not install what you want. Just click the Customize button and you can leave iChat or most anything else out and add non-default options.
It's already slow and it may get slashdotted soon, so here it is:
[blank.gif] [1]Carrel.ORG > Important Mac OS X Security Advisory
Mac OS X Security Advisory
Vulnerability:
Malicious DHCP response can grant root access
Affected Software
Mac OS X 10.3 (all versions through at least 26-Nov-2003)
Mac OS X Server 10.3 (all versions through at least 26-Nov-2003)
Mac OS X 10.2 (all versions through at least 26-Nov-2003)
Mac OS X Server 10.2 (all versions through at least 26-Nov-2003)
Probably earlier versions of Mac OS X and Mac OS X Server
Possibly developer seeded copies of future versions of Mac OS X
Abstract
A series of seemingly innocuous default settings can cause an affected
Mac OS X machine to trust a malicious machine on a network for user,
group, and volume mounting settings.
What does this mean to the average user
Anyone who can gain access to your network can gain administrator
(root) access to your computer and therefore steal your data or launch
attacks upon others as soon as you reboot your machine. System
administrators and users of affected software should read the section
"Workarounds" for immediate actions to protect their machines. It is
important to note that WEP security in 802.11b/g (AirPort/AirPort
Extreme) wireless networks is generally not sufficient to protect your
network from access by an attacker.
Vendor Patch
Apple Computer has been notified of this issue and may be working a
fix at this time. At the time of this writing, a fix is not available
from Apple.
Workarounds
There are a variety of avenues to avoiding this vulnerability...
1. Disable any network authorization services from obtaining settings
from DHCP:
+ in Directory Access, select LDAPv3 in the Services tab, click
"Configure...", uncheck "Use DHCP-supplied LDAP Server"
+ in Directory Access, select NetInfo in the Services tab,
click "Configure...", uncheck "Attempt to connect using
broadcast protocol" and "Attempt to connect using DHCP
protocol"
+ in Directory Access, uncheck LDAPv3 and NetInfo in the
Services tab, if you don't intend to use them
2. Turning off DHCP on all interfaces on your affected Mac OS X
machine can also keep you from being affected.
For added security, be sure to disable any unused network ports:
* turn the AirPort card off or remove it, if it is not being used.
Configuration Awareness
If a user should need any of these settings turned on due to the
network and authorization system they are currently using, they should
be aware that they could fall prey to a malicious individual using the
techniques outlined in this advisory. Steps to mitigate this concern
could be as simple as manually configuring the directory server
settings on the affected machine.
Technical Details
By default, the affected versions of Mac OS X attempt to negotiate
DHCP on all available interfaces. In the event that an Airport card is
installed but there is no network nearby, they also default to
associate with any network that might appear and then use DHCP to
obtain an address. The system will also use DHCP provided fields, if
available, to connect to an LDAP or NetInfo server on the network.
The default settings in "Directory Access" on affected systems will
cause the system to place the network LDAP or NetInfo server ahead of
the local user info for any given account, and will implicitly trust
the LDAP or NetInfo server to provide correct information.
Furthermore, nothing in the system prevents a login as a user with uid
0 (zero) with any login name. For example, an LDAP or NetInfo source
with an account username "bluemeanie", uid 0, would be perfectly valid
and usable for login at the login window and on any network provided
service, includi
I know. But thanks.
Never fear, oh monolingual one, I found this very handy site that will help solve this pesky problem for you. Try it some time and let us know what you think!
I'm glad to see that people other than the Swiss are being recognized on the web. Which originally started as an Swiss scientific project...
Without the rest of the world, the Internet would have been obsolete and irrelevant by now. Deal.
* Especially if you've been facing imminent extinction for some 20-odd years.
Ah, here is another one who has found the Final Ultimate Solution to the Spam Problem.
They are losing based on the response percentage they get on their spam. Even most suckers are on to them now, and they get so few responses that they are forced to send ever bigger quantities of spam to break even. They are also so widely blocked now that they are desperate enough to risk jail time writing DDoS viruses to antispam sites.
Seems to me the endgame is near, in which spam will explode like a supernova before it disappears.
Wishful thinking? We'll see.
FWIW, I linked to that thread in the original submission but it was edited out. (Which is good for you - enjoy the karma. ;) )
BTW, all torrent downloaders, be sure to keep open that window for a while after you're done. And if you're the first to download it, expect a slow speed at first because you've got only my ADSL line to get it from, speed will pick up as others join in.
(In case anyone wonders how I keep getting thru, ftp.mozilla.org is a hostname for several IP addresses, and one of them kind of works some of the time. GNU 'wget' with its retry feature does the rest.)
Anyway... here is the torrent for FireBird 0.7 for Mac OS X.
Oh, and all torrent downloaders, be sure to keep open that window for a while after you're done. And if you're the first to download it, expect a slow speed at first because you've got only my ADSL line to get it from, speed will pick up as others join in.
Third and last: just got through to the Win32 version, here is the torrent. Have fun. (get BitTorrent first if needed)
I just managed to get the Linux version as well, here is the torrent. Enjoy! (get BitTorrent first if needed)
Here ya go. If needed, get BitTorrent for Mac OS X first. Enjoy!
Do you want to register:
( ) online, now
( ) remind me in one week
( ) never
(*) Man, I wrote the damn thing!</I>
(*) No he didn't! _I_ did! -- Darl
[OK] [Cancel]