And neither is used by a significant portion of the Internet on a regular basis.
If AOL really wants to redeem themselves in geeks' eyes, they should include PGP support in the next version of AOL (say that using PGP will reduce the spam in your mailbox and is ideal for protecting yourself from identity theft, yadda, yadda, yadda).
This is exactly why I think that SoBig is the perfect spamming mechanism. AFAICT, it essentially gets around nearly every non-content-based spam filter (ie Bayesian and SpamAssassin et al).
By sending spam from an amazing depth and breadth of compromised networks, it forces blacklist operators to go into "block everything" mode, which is so draconian that users of the blacklists will disable them.
As I posted in another story, if ISPs start blocking outbound port 25, the next iteration of the worm simply uses the Outlook SMTP settings to relay through the official MXs of the ISP. Given the flood of abuse reports, many ISPs (especially larger ones) are simply going to/dev/null abuse reports; they can be reasonably sure that their servers aren't going to end up in blacklists used by a lot of people (because heads will start to roll among the admins who use the blacklists).
By pretending to come from an address that has at most two degrees of separation from the recipient, they will get around a fair amount of whitelisting (this is exploiting the greatest flaw in TMDA and the like: trust of the From: address).
I'd like to see a Qubit-based version of Qubert, myself...
Re:This is why ISPs are changing their SMTP rules?
on
P2P Spam?
·
· Score: 1
Blocking outgoing SMTP probably won't do much... if it becomes a problem, then the zombies will get a new version of SoBig that grabs the SMTP server configuration from Outlook and route it through those relays. The ISPs get a flood of abuse complaints (moreso than currently), which increases the odds that the big ISPs will simply say, "Fuck it" and/dev/null abuse emails (maybe even do an auto-reply to make everyone think that it's working). By turning enough of the ISPs customers into unwitting spammers, ISPs aren't going to kill 10% of their accounts; since this problem will be more pronounced at the AOLs and Comcasts of the world, no one's going to block their SMTP servers (save for tiny pockets who probably already do). If you're an ISP, you don't want customers who suddenly can't get emails from grandma@aol.com. If you're a business admin, if you try blocking Comcast, you'll be raked over hot coals by senior management who can't send mail to fellow employees from their cable modems at home.
Re:Could be just be a way to harness email address
on
P2P Spam?
·
· Score: 1
It doesn't just scan the address book; it scans the mail folders (which means that if you post to a mailing list or usenet, it can get your address). I wouldn't be too surprised if it scans IE's cache for addresses on web pages that have been visited.
Admittedly, CI Host would have trouble claiming tortious interference (unless they're unable to mail a customer who uses AOL). However, a user of CI Host may well be able to successfully go for tortious interference, especially if they can show to the court's satisfaction that their IP doesn't spam.
customers might be entitled to sue AOL for the loss of service (doubt it).
It's called "tortious interference in a business relationship". In some states, AOL may be forced to pay triple damages plus law fees (note, triple damages would cover lost business).
I've been thinking lately that SpamAssassin might have the best Bayesian implementation, with only a slight change.
AFAIK, most/all Bayesian scanners out there simply tokenize the mail and then use the tokens as the basis of the rating system.
However, SpamAssassin adds an X-Spam-Status header to all mails (by default), which contains a list of the various tests (regex, network, or Bayesian) that the mail triggered. If SA were to move the Bayesian scan to after all other tests have completed, then this list of tests passed could be (or might already be) considered by the tokenizer for the Bayesian algorithm.
The benefit to this is that regex's can discern more patterns in the code (or more correctly, equate patterns) and the network tests are fairly reliable. In a large sense, this is using Bayesian techniques to develop a self-adjusting rating scheme the tests. Using this, one could assess, for instance, how much having a host in the relay chain in an RBL influences the spamminess of an email (for instance, a large amount of email originating from SPEWS-listed IPs is not spam; this would imply that SPEWS would have a lower confidence rating in picking out a spam).
SpamAssassin can also auto-learn; a message that scores sufficiently high will be fed to the Bayesian system as a spam and something that scores sufficiently low will be fed to the Bayesian system as ham. This in turn allows SA to develop other tests.
As much as a hardship as it was for me, imagine paying that much cash to get a degree in Art History or a similar discipline, where about all you can do is teach. NOW imagine how long it would take you to pay off that debt on a teacher's salary... Yikes.
These may have been cut in budget woes by most states, but many states have setups where, in return for signing a contract to be a teacher for 5-10 years, they'll forgive all state/federal student loans you might have taken out.
Also, the military will, depending on where your degree is (MD, meteorology, etc.; I wouldn't be surprised if they extend it to MSCS and so forth) forgive all federal and state student loans in return for a few (3, IIRC) years of service.
There are advantages to DirecTiVo. For instance, if you subscribe to NFL Sunday Ticket, DirecTiVo will record on Sunday night highlight reels of the 10-14 Sunday afternoon games.
Nope. The subpoena is part of the discovery phase which is used to gather pertinent facts to the case. If you're sued by the RIAA, you have every right to demand (and get, unless you can't make a case that it's a relevant issue to the case) subpoenas for internal documents of the RIAA and so forth. They then have to submit the documents and so forth you request or risk being found in contempt of court.
These suits are being brought under the civil code; there's no criminal records involved. The judgements probably would be recorded on credit records, though.
However, if the RIAA brings it before a civil, not a criminal court, then it's a civil case and only the penalties prescribed in the civil code can be rendered.
Ignorance of the law is no excuse, but ignorance of the activity almost always is.[1] It goes to intent, it goes to motive, it goes to opportunity. If someone buries a body on your property without your knowledge, you are generally not tried for collusion with the murderer. If you are, and you can demonstrate that you didn't know it was happening, you are most certainly acquitted.
In a criminal case, ignorance of the activity is a defense. In a civil case (which, afaik, all of these are), that may or may not be the case.
Slashdot Mirror
He's referring to a system a la TMDA, where individual users maintain their own whitelists for personal use.
And neither is used by a significant portion of the Internet on a regular basis.
If AOL really wants to redeem themselves in geeks' eyes, they should include PGP support in the next version of AOL (say that using PGP will reduce the spam in your mailbox and is ideal for protecting yourself from identity theft, yadda, yadda, yadda).
This is exactly why I think that SoBig is the perfect spamming mechanism. AFAICT, it essentially gets around nearly every non-content-based spam filter (ie Bayesian and SpamAssassin et al).
By sending spam from an amazing depth and breadth of compromised networks, it forces blacklist operators to go into "block everything" mode, which is so draconian that users of the blacklists will disable them.
As I posted in another story, if ISPs start blocking outbound port 25, the next iteration of the worm simply uses the Outlook SMTP settings to relay through the official MXs of the ISP. Given the flood of abuse reports, many ISPs (especially larger ones) are simply going to /dev/null abuse reports; they can be reasonably sure that their servers aren't going to end up in blacklists used by a lot of people (because heads will start to roll among the admins who use the blacklists).
By pretending to come from an address that has at most two degrees of separation from the recipient, they will get around a fair amount of whitelisting (this is exploiting the greatest flaw in TMDA and the like: trust of the From: address).
That should allow you travel through time even faster...
I have a Compuserve pamphlet from the mid-1980s touting the ability to buy all sorts of merchandise from them.
I'd like to see a Qubit-based version of Qubert, myself...
Blocking outgoing SMTP probably won't do much... if it becomes a problem, then the zombies will get a new version of SoBig that grabs the SMTP server configuration from Outlook and route it through those relays. The ISPs get a flood of abuse complaints (moreso than currently), which increases the odds that the big ISPs will simply say, "Fuck it" and /dev/null abuse emails (maybe even do an auto-reply to make everyone think that it's working). By turning enough of the ISPs customers into unwitting spammers, ISPs aren't going to kill 10% of their accounts; since this problem will be more pronounced at the AOLs and Comcasts of the world, no one's going to block their SMTP servers (save for tiny pockets who probably already do). If you're an ISP, you don't want customers who suddenly can't get emails from grandma@aol.com. If you're a business admin, if you try blocking Comcast, you'll be raked over hot coals by senior management who can't send mail to fellow employees from their cable modems at home.
It doesn't just scan the address book; it scans the mail folders (which means that if you post to a mailing list or usenet, it can get your address). I wouldn't be too surprised if it scans IE's cache for addresses on web pages that have been visited.
Admittedly, CI Host would have trouble claiming tortious interference (unless they're unable to mail a customer who uses AOL). However, a user of CI Host may well be able to successfully go for tortious interference, especially if they can show to the court's satisfaction that their IP doesn't spam.
It's called "tortious interference in a business relationship". In some states, AOL may be forced to pay triple damages plus law fees (note, triple damages would cover lost business).
Because of the tax benefits, most business equipment is leased. By LAN, they probably mean all LAN-related equipment.
That's probably it... Never The Same Color and all that...
Also, with various mail servers being swamped with SoBig mail, I don't think much spam can get through.
And I can always tell when I'm watching, for example, a show from Europe... it's just something with the color balance or something.
I've been thinking lately that SpamAssassin might have the best Bayesian implementation, with only a slight change.
AFAIK, most/all Bayesian scanners out there simply tokenize the mail and then use the tokens as the basis of the rating system.
However, SpamAssassin adds an X-Spam-Status header to all mails (by default), which contains a list of the various tests (regex, network, or Bayesian) that the mail triggered. If SA were to move the Bayesian scan to after all other tests have completed, then this list of tests passed could be (or might already be) considered by the tokenizer for the Bayesian algorithm.
The benefit to this is that regex's can discern more patterns in the code (or more correctly, equate patterns) and the network tests are fairly reliable. In a large sense, this is using Bayesian techniques to develop a self-adjusting rating scheme the tests. Using this, one could assess, for instance, how much having a host in the relay chain in an RBL influences the spamminess of an email (for instance, a large amount of email originating from SPEWS-listed IPs is not spam; this would imply that SPEWS would have a lower confidence rating in picking out a spam).
SpamAssassin can also auto-learn; a message that scores sufficiently high will be fed to the Bayesian system as a spam and something that scores sufficiently low will be fed to the Bayesian system as ham. This in turn allows SA to develop other tests.
These may have been cut in budget woes by most states, but many states have setups where, in return for signing a contract to be a teacher for 5-10 years, they'll forgive all state/federal student loans you might have taken out.
Also, the military will, depending on where your degree is (MD, meteorology, etc.; I wouldn't be surprised if they extend it to MSCS and so forth) forgive all federal and state student loans in return for a few (3, IIRC) years of service.
There are advantages to DirecTiVo. For instance, if you subscribe to NFL Sunday Ticket, DirecTiVo will record on Sunday night highlight reels of the 10-14 Sunday afternoon games.
I don't think the word you're using means what you think it means... I think you're looking for "objective".
"DoS" is the verb...
Think, McFly, think.
Nope. The subpoena is part of the discovery phase which is used to gather pertinent facts to the case. If you're sued by the RIAA, you have every right to demand (and get, unless you can't make a case that it's a relevant issue to the case) subpoenas for internal documents of the RIAA and so forth. They then have to submit the documents and so forth you request or risk being found in contempt of court.
Answer me this: how can you subpoena someone without identifying them (so that the server knows whom to deliver it to)?
Good God, you're an idiot, as is whatever crack-smoker who modded this up.
These suits are being brought under the civil code; there's no criminal records involved. The judgements probably would be recorded on credit records, though.
That is true.
However, if the RIAA brings it before a civil, not a criminal court, then it's a civil case and only the penalties prescribed in the civil code can be rendered.
In a criminal case, ignorance of the activity is a defense. In a civil case (which, afaik, all of these are), that may or may not be the case.