If you are looking to obscure your link, you can visit almost any popular site and repurpose their own redirection script. Almost all sites have this, for example, want to visit slashdot and have the referrer come from Google? Just use THIS (http://www.google.com/url?q=http://www.msn.com) This won't work if the site is restricting referrals to its own hosts, but otherwise it can obfusicate the referer.
Programmers are analagous to lawyers now. It used to be that passion and a genuine interest was why most people were in this business. Now most people arbitrarily pick CompSci because they think that will give them career stability, and really giving a damn about the art of programming doesn't matter much. So like lawyers, you have this new breed of people in the industry who are just there for the money and have no appreciation for the work and the accomplishment. You don't see lawyers trying to use their craft to change the world.. you see them chasing around ambulances. Likewise, you don't see programmers these days trying to make things better.. you see them promoting ASP, Java, PL-SQL, and a hoarde of other get-bys so they can collect their check and move on.
Does this crash the SSL servers or merely tie them up? Anyone have any details? I assume this affects Apache with mod_SSL with an earlier version of OpenSSL, but can you disable Kerberos under Apache temporarily until the lib can be updated?
This is likely a classic profile of a spammer, not even a nutty fringe consumer. This gives you insight into the type of temperament spammers have. He is a spammer by his own admission and he also admits he hasn't made any money at it.
So what we've learned here is:
1. Spammer's like spam (duh)
2. Spammer's don't make money, and now they have to stoop to showing this dork as an example of perhaps the 11 idiots (aside form spammers) on the planet who think spam is good.
3. Spammer's are unfocused and mentally unstable.
4. WSJ has lost the last sliver of journalistic integrity it ever had.
5. Slashdot has turned into a tabloid web site, calling attention to goofy freaks in order to generate more attention, regardless of whether the article is informative or newsworthy.
6. Spammers everywhere are laughing their asses off that they have so successfully manipulated the media, as everyone from the WSJ to TechTV picked up this stupid story and made it larger than life, as well as didn't call adequate attention to the fact that this guy is a spammer and has played the media for the gullible, sensationalistic fools that they are.
spammers celebrate socially-engineering d'media
on
Junkie Loves His Spam
·
· Score: 1
Eventually, spam prompted Mr. Soto to dabble in Internet entrepreneurship himself. He's bought fancy knives, leather jackets, stuffed animals, party supplies and software, all via spam, and then created Web sites to sell the items at a profit -- a skill he learned from another piece of spam. Mr. Soto says he also has bought some adult DVDs and videos via spam, but never got around to marketing them. He says he purchased two pornography Web sites, again via spam, and ran them for a while, but then he decided they weren't worth the trouble and disabled them. Likewise, he says he procured some provocative domain names via spam. In the past, Mr. Soto says he has sent out spam himself, but he doesn't any more for fear of the increasing multitude of federal and state spam regulations now on the books.
I can see the Wall Street Journal running a troll like this, but Slashdot?
Surprise, surprise.. the guy who "likes spam" is/was a spammer himself.
This may qualify as the stupidest story Slashdot has ever called attention to. If I want to see idiots get their 15 minutes of fame for being dumbasses, I'll check the Darwin awards, fark, drudge, fox or a plethora of other lame sites. I always thought Slashdot's purpose was to talk about tech and intelligent issues. Now this site is stooping to trolling and calling attention to the 0.01% dregs of humanity in order to whore a little more traffic.
Shame on you editors! Get your shit together! Slashdot is turning into a goddam tabloid!
There will always be a percentage of people who are just stupid and unreasonably impressionable. One needs to only look at about half the crap that's advertised these days, whether it's spam-related or not, and see that there's a lot of useless junk that some people are buying. How does calling attention this do anything other than troll and promote more abusive marketing?
This is because we've turned into a race of people who prefer to ask "What?" or "Who?" instead of "Why?". We've been programmed to expect instant results and preemptive, pseudo-abstract ideas such as "a secure philosophy" don't seem to offer the instant gratification that blaming everything on the software does.
Exploiting people is a lot easier than exploiting hardware and software. Our entire economy is built around exploiting people, but the powers-that-be don't want this issue to be raised because if people become more aware of how their attitudes can empower their security, the powers-that-be wouldn't have much power.
As a professional in the security business, I'm responsible for handling tens of thousands of financial transactions on a regular basis. My biggest fear regarding security has more to do with the bad habits my clients have than the integrity of the software I use. When it comes to security, having proprietary software can be advantageous in these situations, as there isn't general knowledge of the system's inner workings freely available.
But the biggest security problem was and likely always will be, people who have access to sensitive information that do not act responsibly. Our systems have never been compromised, but once we transmit information to the client, that data becomes a lot less secure, whether it's from a compromised client machine, a rogue employee or a badly-chosen password.
You don't have enough time in the day to deal with all the evidence that I have of Shaw's spamming customers. I get at least five thousand spams from them a day.
People don't work well together the way they used to. The open source movement is not an exception. These people all work virtually and at their own schedule and desire. It's very difficult to find committed people who can see the "big picture" without having to finance their loyalty.
A good analogy can be found in the music industry. What makes a great band often has more to do with X number of guys being open-minded and ambitious AND able to work well together. They may make a lot of mistakes and suck early on, but if they hang in there, they will prevail (look at Bon Jovi - talent is obviously not a prerequisite - tolerance is).
I'm aware that if you don't like someone, splitting their head open with a pickaxe is an option, but talking about it seems pedantic and a waste of energy that could be better spent on suggesting more enlightened ideas.
I have an interesting idea to force ISPs to crack down on spamming customers...
This basically works only if the spamming ISP is from your country. Which is why blacklisting of foreign IPs is still necessary.
But for domestic ISPs who don't reign in spamming, someone should post the 800 numbers of ISPs that don't crack down on spamming. Put up a web site listing the 800 numbers of the ISPs that are top-ranked in harboring spammers. Most of them have 800 numbers.. if everyone calls these ISPs and complains, or at least takes up air time, it costs them money, and money seems to be the only thing that motivates these companies.
Oh let's not forget WANADOO - wanadoo.fr is one of the largest spamming pools of IP space on the planet now. This has been happening for more than a year.
We need all mail admins to BLACKLIST WANADOO. They've had a goddam year to stop their spamming customers. The only way to stop them is to send them a message that we WILL NOT ACCEPT MAIL FROM WANADOO. Then and only then will they get their act together. This is the way it's done.
WANADOO YOU'RE NEXT! Someone post an IP list of all WANADOO IP space so we can shut this lousy ISP off the net until they get responsible!
When you start doing IPLOOKUPs of the spammers you begin to see a pattern of which ISPs don't have their shit together.
Why did Comcast start cracking down on spammers? It was probably because admins like us stopped accepting mail from their business customers because they were embedded in the DSL IP space that spammers have compromised. Do you think Comcast gives a damn about spamming? No. But if you start making their IP space unuseable by legit companies, then their buttom line is hit.
Blacklisting WORKS. Unless you run your own mail server, your opinion doesn't matter. Run your own server, deal with these sleazebags every single day, bombarding your systems with their crap, then talk to me about BS client-side filtering.
Good for you. I feel sorry for all your other neighbors who suffered because of your little "arms race."
I'd give even odds that if you try the "get back and them with the same strategy" you can just as easily end up on the receiving end of punishment by the authorities as them, probably sooner.
verifying the sender is the sender doesn't matter... that just means that the spammer has to have DNS properly configured. Big deal. That's an extra 10 seconds they have to spend before they spam.
Certs are useless. Anyone can get a cert. Requiring certs for mailing is the same thing as creating a "license to e-mail" which would be better served as calling it what it is, and that basically becomes a whitelist.
The cert companies will ultimately give certs to anyone who will pay them money. All cert companies have been compromised by the almighty buck already. I got a cert from Verisign without having to VERI'anything.
From spoofing verification won't make a difference... it'll slow down mail services and won't make a dent in spam.
Spammers are now rotating IP space all over the place... they're also beginning to NOT forge header information, so what are you left with?
Recognizing rogue relays and blacklisting them, even if they have valid header information. Any improvement to SMTP protocol won't make a bit of difference.
Most mail servers and large ISPs are already employing additional methods of header-verification. It hasn't stopped spam.
RBLs ARE working. They're making spammers scramble for un-blacklisted IP space. That's why they're running overseas; that's why they're sending out worms and viruses. Lord help us if IPv6 gets introduced... we'll never be able to stop spam then.
You need to get your ISP to use Spamcop's RBL. This is exactly what they do. They employ a real-time spam-reporting system (with checks and balances) that identifies sources of spam in real time. I have no affilliation with the company but I cannot deny that their system blocks at least 16,000 spams a day to my server. It works.
* It's a lot easier to jack into the Internet than it is to get a phone line
* It's more expensive to perform telemarketing than cybermarketing; you have to pay people and you're not nearly as anonymous - there are costs in launching telemarketing efforts, whereas with spamming, all you have to do now is jack into a network or open proxy and unload your spam.
A spam do-not-e-mail list won't work, because at the present time, the spammers can hide much more effectively on the Internet than they can using POTS.
Not to mention that you don't see telemarketers engaging in the fraudulent practices that spammers employ, so that should tell you something.
Slashdot Mirror
If you are looking to obscure your link, you can visit almost any popular site and repurpose their own redirection script. Almost all sites have this, for example, want to visit slashdot and have the referrer come from Google? Just use
THIS (http://www.google.com/url?q=http://www.msn.com)
This won't work if the site is restricting referrals to its own hosts, but otherwise it can obfusicate the referer.
The problem is not the art, it's the "artists".
Programmers are analagous to lawyers now. It used to be that passion and a genuine interest was why most people were in this business. Now most people arbitrarily pick CompSci because they think that will give them career stability, and really giving a damn about the art of programming doesn't matter much. So like lawyers, you have this new breed of people in the industry who are just there for the money and have no appreciation for the work and the accomplishment. You don't see lawyers trying to use their craft to change the world.. you see them chasing around ambulances. Likewise, you don't see programmers these days trying to make things better.. you see them promoting ASP, Java, PL-SQL, and a hoarde of other get-bys so they can collect their check and move on.
Have you seen a CERT advisory regarding the Phatbot worm yet?
Does this crash the SSL servers or merely tie them up? Anyone have any details? I assume this affects Apache with mod_SSL with an earlier version of OpenSSL, but can you disable Kerberos under Apache temporarily until the lib can be updated?
This is likely a classic profile of a spammer, not even a nutty fringe consumer. This gives you insight into the type of temperament spammers have. He is a spammer by his own admission and he also admits he hasn't made any money at it.
So what we've learned here is:
1. Spammer's like spam (duh)
2. Spammer's don't make money, and now they have to stoop to showing this dork as an example of perhaps the 11 idiots (aside form spammers) on the planet who think spam is good.
3. Spammer's are unfocused and mentally unstable.
4. WSJ has lost the last sliver of journalistic integrity it ever had.
5. Slashdot has turned into a tabloid web site, calling attention to goofy freaks in order to generate more attention, regardless of whether the article is informative or newsworthy.
6. Spammers everywhere are laughing their asses off that they have so successfully manipulated the media, as everyone from the WSJ to TechTV picked up this stupid story and made it larger than life, as well as didn't call adequate attention to the fact that this guy is a spammer and has played the media for the gullible, sensationalistic fools that they are.
Eventually, spam prompted Mr. Soto to dabble in Internet entrepreneurship himself. He's bought fancy knives, leather jackets, stuffed animals, party supplies and software, all via spam, and then created Web sites to sell the items at a profit -- a skill he learned from another piece of spam. Mr. Soto says he also has bought some adult DVDs and videos via spam, but never got around to marketing them. He says he purchased two pornography Web sites, again via spam, and ran them for a while, but then he decided they weren't worth the trouble and disabled them. Likewise, he says he procured some provocative domain names via spam. In the past, Mr. Soto says he has sent out spam himself, but he doesn't any more for fear of the increasing multitude of federal and state spam regulations now on the books.
I can see the Wall Street Journal running a troll like this, but Slashdot?
Surprise, surprise.. the guy who "likes spam" is/was a spammer himself.
This may qualify as the stupidest story Slashdot has ever called attention to. If I want to see idiots get their 15 minutes of fame for being dumbasses, I'll check the Darwin awards, fark, drudge, fox or a plethora of other lame sites. I always thought Slashdot's purpose was to talk about tech and intelligent issues. Now this site is stooping to trolling and calling attention to the 0.01% dregs of humanity in order to whore a little more traffic.
Shame on you editors! Get your shit together! Slashdot is turning into a goddam tabloid!
What? That we can cure ignorance? This is news?
There will always be a percentage of people who are just stupid and unreasonably impressionable. One needs to only look at about half the crap that's advertised these days, whether it's spam-related or not, and see that there's a lot of useless junk that some people are buying. How does calling attention this do anything other than troll and promote more abusive marketing?
I agree.
This is because we've turned into a race of people who prefer to ask "What?" or "Who?" instead of "Why?". We've been programmed to expect instant results and preemptive, pseudo-abstract ideas such as "a secure philosophy" don't seem to offer the instant gratification that blaming everything on the software does.
Exploiting people is a lot easier than exploiting hardware and software. Our entire economy is built around exploiting people, but the powers-that-be don't want this issue to be raised because if people become more aware of how their attitudes can empower their security, the powers-that-be wouldn't have much power.
As a professional in the security business, I'm responsible for handling tens of thousands of financial transactions on a regular basis. My biggest fear regarding security has more to do with the bad habits my clients have than the integrity of the software I use. When it comes to security, having proprietary software can be advantageous in these situations, as there isn't general knowledge of the system's inner workings freely available.
But the biggest security problem was and likely always will be, people who have access to sensitive information that do not act responsibly. Our systems have never been compromised, but once we transmit information to the client, that data becomes a lot less secure, whether it's from a compromised client machine, a rogue employee or a badly-chosen password.
I'm waiting for the robot that will expose its breast plate during the Supahbowl.
You don't have enough time in the day to deal with all the evidence that I have of Shaw's spamming customers. I get at least five thousand spams from them a day.
You've hit upon a very big issue.
People don't work well together the way they used to. The open source movement is not an exception. These people all work virtually and at their own schedule and desire. It's very difficult to find committed people who can see the "big picture" without having to finance their loyalty.
A good analogy can be found in the music industry. What makes a great band often has more to do with X number of guys being open-minded and ambitious AND able to work well together. They may make a lot of mistakes and suck early on, but if they hang in there, they will prevail (look at Bon Jovi - talent is obviously not a prerequisite - tolerance is).
Yea, thank you Captain Obvious.
I'm aware that if you don't like someone, splitting their head open with a pickaxe is an option, but talking about it seems pedantic and a waste of energy that could be better spent on suggesting more enlightened ideas.
Shaw is too busy spamming the rest of the world to care about cooperating with an investigation.
LAME.
Are you that ignorant or are you just trying to be funny?
I have an interesting idea to force ISPs to crack down on spamming customers...
This basically works only if the spamming ISP is from your country. Which is why blacklisting of foreign IPs is still necessary.
But for domestic ISPs who don't reign in spamming, someone should post the 800 numbers of ISPs that don't crack down on spamming. Put up a web site listing the 800 numbers of the ISPs that are top-ranked in harboring spammers. Most of them have 800 numbers.. if everyone calls these ISPs and complains, or at least takes up air time, it costs them money, and money seems to be the only thing that motivates these companies.
Oh let's not forget WANADOO - wanadoo.fr is one of the largest spamming pools of IP space on the planet now. This has been happening for more than a year.
We need all mail admins to BLACKLIST WANADOO. They've had a goddam year to stop their spamming customers. The only way to stop them is to send them a message that we WILL NOT ACCEPT MAIL FROM WANADOO. Then and only then will they get their act together. This is the way it's done.
WANADOO YOU'RE NEXT! Someone post an IP list of all WANADOO IP space so we can shut this lousy ISP off the net until they get responsible!
Amen.
Shaw is a spam haven.
Comcast is a spam haven.
Virtually all IP space in Korea.
When you start doing IPLOOKUPs of the spammers you begin to see a pattern of which ISPs don't have their shit together.
Why did Comcast start cracking down on spammers? It was probably because admins like us stopped accepting mail from their business customers because they were embedded in the DSL IP space that spammers have compromised. Do you think Comcast gives a damn about spamming? No. But if you start making their IP space unuseable by legit companies, then their buttom line is hit.
Blacklisting WORKS. Unless you run your own mail server, your opinion doesn't matter. Run your own server, deal with these sleazebags every single day, bombarding your systems with their crap, then talk to me about BS client-side filtering.
Good for you. I feel sorry for all your other neighbors who suffered because of your little "arms race."
I'd give even odds that if you try the "get back and them with the same strategy" you can just as easily end up on the receiving end of punishment by the authorities as them, probably sooner.
verifying the sender is the sender doesn't matter... that just means that the spammer has to have DNS properly configured. Big deal. That's an extra 10 seconds they have to spend before they spam.
And that reduces spam... how?
Certs are useless. Anyone can get a cert. Requiring certs for mailing is the same thing as creating a "license to e-mail" which would be better served as calling it what it is, and that basically becomes a whitelist.
The cert companies will ultimately give certs to anyone who will pay them money. All cert companies have been compromised by the almighty buck already. I got a cert from Verisign without having to VERI'anything.
From spoofing verification won't make a difference... it'll slow down mail services and won't make a dent in spam.
Spammers are now rotating IP space all over the place... they're also beginning to NOT forge header information, so what are you left with?
Recognizing rogue relays and blacklisting them, even if they have valid header information. Any improvement to SMTP protocol won't make a bit of difference.
Most mail servers and large ISPs are already employing additional methods of header-verification. It hasn't stopped spam.
RBLs ARE working. They're making spammers scramble for un-blacklisted IP space. That's why they're running overseas; that's why they're sending out worms and viruses. Lord help us if IPv6 gets introduced... we'll never be able to stop spam then.
You need to get your ISP to use Spamcop's RBL. This is exactly what they do. They employ a real-time spam-reporting system (with checks and balances) that identifies sources of spam in real time. I have no affilliation with the company but I cannot deny that their system blocks at least 16,000 spams a day to my server. It works.
There are a few problems with your comparison:
* It's a lot easier to jack into the Internet than it is to get a phone line
* It's more expensive to perform telemarketing than cybermarketing; you have to pay people and you're not nearly as anonymous - there are costs in launching telemarketing efforts, whereas with spamming, all you have to do now is jack into a network or open proxy and unload your spam.
A spam do-not-e-mail list won't work, because at the present time, the spammers can hide much more effectively on the Internet than they can using POTS.
Not to mention that you don't see telemarketers engaging in the fraudulent practices that spammers employ, so that should tell you something.