Finnish telco Sonera, which is nowadays part of Swedish TeliaSonera moved recently their email servers back to Finland from Sweden because of this. Apparently their customers were concerned enough.
Script kiddie can often gain access to world readable files in the system for example via buggy web apps, at least with the default configuration. But it doesn't help much if they are unable to run any commands and even if they are, they still don't have root privileges before they can exploit some local vulnerability.
In this case if the computer in question has sshd installed and the original password for the first user, there's full root access for any cracker to use for whatever he/she wants. Spamming, using as a lauchpad for future attacks, hosting phishing sites, you name it.
Just having read-only access to files isn't nearly as bad.
That's why they implemented a small delay into the system. I don't remember is it 30 seconds or one minute. And you have to have the "ticket" before you enter the train or tram.
Still not foolproof but there has always been many easy ways to ride the trams, train, and subway free in Helsinki. Even the fine you get if caught, is relatively low, 66 euros nowadays.
Konqueror 3.5 passes ACID2 test. It's included in KDE 3.5 which is currently in Release Candidate stage and should be released shortly. Older versions don't pass.
There's quite many poor bastards who upgraded their Debian Woody boxes to Sarge with apt-get dist-upgrade without reading the Sarge's release notes first.
I use netcat too, especially in scripts. But it is not always installed and if I just need to check SMTP-connection, or something like that, it is not always really worth installing.
And the main point was that SSH doesn't do everything.
I's Google that uses browser specific JavaScript hacks, and it's up to them to do it right.
I've had some luck with Google Maps with 3.4.1. Sometimes you need to change browser identification to Safari. Right now it works with default identification too. It is little buggy and much slower than with Firefox but you get the images. It seems that they update the code quite often.
Accelerated 3D eye candy are AFAIK still in early development, but overall the new versions of KDE have felt faster than older ones.
Even if the amended version would not be final, the basis of negotiations would be the original bad proposal. And based on history of this proposal, if amendment is hard to fit into it, it would have been ignored or watered down.
It was already amended once, and after negotiations, most of the amendments were more or less ignored. And I suspect the reason for that was that to implement those amendments correctly, they would have had to rewrite the whole proposal practically from scratch.
Now they have to rewrite the whole thing anyway, and there's a hope that the new basis of negotiations is more reasonable.
Problem with amending a bad proposal to make it better is that you never know which amendments will pass and the outcome is very likely to be hard to interpret and illogical at best.
Hopefully the next proposal which is going to happen sooner or later is better from the beginning. I hope that in next time, SME's and OSS-community are represented when the initial drafts for the directive are made.
This time the rejection of the whole proposal was better than amending it into lawyers' wet dream.
I don't know about recent issues, but for last year or even two years of Woody being stable version, there were many security problems in Woody which were resolved very slowly or not at all, while the unstable was usually fixed in reasonable time.
Of course, unstable is what it says. You get new features, different behavior and even broken software all the time. Not very good thing in production enviroment. And right now there's some major changes going on in the unstable (C++ ABI and Xorg transition) and I would be extremely cautios using it. But if the release of Etch takes as long as Sarge, the unstable will be the way to go again in 2007 at the latest.
And most of those packages are for eleven different architectures. Yes, I know that they don't neccessary wait ARM-version to compile before releasing the fix for i386, but it still adds lots of work to testing.
And many of those packages are not really supported by anyone. And there is no good way to track, what is the status of support in packages you are using. Of course you can check a bug database, and if you find security bug filed and not fixed in six months or more, you can draw your own conclusions.
The current situation, however, can be taken care of by making sure that there are enough trusted people authorized to issue security fixes as soon as they are fixed and tested.
There was a discussion a while ago about dropping some of the architectures to "second class". I don't know what was the result of it (if anything) but maybe they should divide the packages into two groups as well. It could be helpful for the release process as well, and if there were smaller number of "premium" packages which are more or less guaranteed to be actively maintained, it would help users to assess the security status of their Debian installations more easily.
MX records don't always tell where the mail is sent from. In fact it is good idea to have separate server for sending mail. For example if your MX in some situation sends bounces to forged aol-addresses, it gets very easily blacklisted temporarily by AOL. But sending mail directly from server which hosts multiple webpages in same ip is not a good idea. But I don't thing Graham does that either.
From TFA and from parent article I got impression that he suffers from people having spam filters which run URL's in the email body through blacklists. And I think that spam filter which gives too much points for that is more broken than the concept of DNSBLs.
Practically nobody uses BLARS, so I wouldn't worry about it. Among other things, BLARS lists/16 netblocks which are allocated to different providers in different countries as one listing. But I wouldn't worry about it.
About spam and run. Yes sometimes it is just quick spam and run. But sometimes they use the same ip-address for months. While ago I received a lot of annoying spam to different role accounts from one ip-address, which wasn't blocked by any blacklist I use (It was blocked by SPEWS because of the same spammer), and I placed a manual block on it. I periodically check all my manually blocked IP's because I don't want to keep them listed forever. That one went on for months, though it was finally listed by SBL too.
Spammers use different methods to get by different types of blocking. And AOL-style dynamic blocking isn't very effective for smaller providers or smaller companies. Unless someone creates a trusted network of admins and good infrastructure to collect enough spam to judge which ip's should be dynamically blocked.
Yes they do. According to Opera Software's first quarter earnings, they get three times more revenue from licensing their browser for various pocket devices, than from selling the desktop version for Windows and Linux.
SPEWS is not a "anti-spam firm". Check their website at http://spews.org/ for more explanation. And anyone too conserned about false positives should do their due dilligence when picking the DNSBLs they use and notice that SPEWS blocks fairly large netblocks. And there probably will be a lot of legitimate mail sent from bad neighborhoods. SPEWS is a very good tool for blocking spam and educating ignorant ISPs, but it's not suited for everyone.
The problem is not that those people blocking all APNIC or whatever get a lot of spam marketing things from Asia, but the problem is that there are too many ISPs in China and Korea who are even worse than US ISPs in regards of reacting to spam complaints.
And many of american spammers have noticed this and started to use APNIC-area ISPs services for spamming.
Usually there is information about the country where the ip is assigned in the registries' whois-records. And there are compiled lists which quite accurately tells in which country ip-address is located. On of these is http://countries.nerd.dk/. Of course they aren't 100% accurate, but enough for purposes like this.
Umm, zombies nowadays typically don't use any further mail realys, they just send direct to receiving MX. Or if they do use realys, it is the isp's smtp-server the zombified machine uses for legitimate uses too.
Norway is energywise blessed with its geographics. Mountains with steep slopes and heavy rainfall equals more cheap hydro-power they can consume, even with plenty of power-consuming industry.
My knowledge is based on what I can remember what a patent attorney told me when I was involved with a patent process in Finland with my former employer. (It was pretty much a software patent, though they were supposed to be illegal, and it passed) The process is supposed to be pretty similar in all members of EPO.
They do not only search other patent registries, but they also do searches from various scientific journals and databases, in case there is prior art that has not been patented. What I've been told by US system, the search for prior art is much more extensive in Europe, but naturally it cannot be foolproof process.
I guess only the time will tell, but I do have high hopes that software patents won't be such a big nuisance in Europe as in US because of more demanding patenting process.
Slashdot Mirror
Finnish telco Sonera, which is nowadays part of Swedish TeliaSonera moved recently their email servers back to Finland from Sweden because of this.
Apparently their customers were concerned enough.
Script kiddie can often gain access to world readable files in the system for example via buggy web apps, at least with the default configuration. But it doesn't help much if they are unable to run any commands and even if they are, they still don't have root privileges before they can exploit some local vulnerability.
In this case if the computer in question has sshd installed and the original password for the first user, there's full root access for any cracker to use for whatever he/she wants. Spamming, using as a lauchpad for future attacks, hosting phishing sites, you name it.
Just having read-only access to files isn't nearly as bad.
That's why they implemented a small delay into the system. I don't remember is it 30 seconds or one minute. And you have to have the "ticket" before you enter the train or tram.
Still not foolproof but there has always been many easy ways to ride the trams, train, and subway free in Helsinki. Even the fine you get if caught, is relatively low, 66 euros nowadays.
Konqueror 3.5 passes ACID2 test. It's included in KDE 3.5 which is currently in Release Candidate stage and should be released shortly. Older versions don't pass.
There's quite many poor bastards who upgraded their Debian Woody boxes to Sarge with apt-get dist-upgrade without reading the Sarge's release notes first.
I use netcat too, especially in scripts. But it is not always installed and if I just need to check SMTP-connection, or something like that, it is not always really worth installing.
And the main point was that SSH doesn't do everything.
I's Google that uses browser specific JavaScript hacks, and it's up to them to do it right.
I've had some luck with Google Maps with 3.4.1. Sometimes you need to change browser identification to Safari. Right now it works with default identification too. It is little buggy and much slower than with Firefox but you get the images. It seems that they update the code quite often.
Accelerated 3D eye candy are AFAIK still in early development, but overall the new versions of KDE have felt faster than older ones.
Even if the amended version would not be final, the basis of negotiations would be the original bad proposal. And based on history of this proposal, if amendment is hard to fit into it, it would have been ignored or watered down.
It was already amended once, and after negotiations, most of the amendments were more or less ignored. And I suspect the reason for that was that to implement those amendments correctly, they would have had to rewrite the whole proposal practically from scratch.
Now they have to rewrite the whole thing anyway, and there's a hope that the new basis of negotiations is more reasonable.
Problem with amending a bad proposal to make it better is that you never know which amendments will pass and the outcome is very likely to be hard to interpret and illogical at best.
Hopefully the next proposal which is going to happen sooner or later is better from the beginning. I hope that in next time, SME's and OSS-community are represented when the initial drafts for the directive are made.
This time the rejection of the whole proposal was better than amending it into lawyers' wet dream.
I don't know about recent issues, but for last year or even two years of Woody being stable version, there were many security problems in Woody which were resolved very slowly or not at all, while the unstable was usually fixed in reasonable time.
Of course, unstable is what it says. You get new features, different behavior and even broken software all the time. Not very good thing in production enviroment. And right now there's some major changes going on in the unstable (C++ ABI and Xorg transition) and I would be extremely cautios using it. But if the release of Etch takes as long as Sarge, the unstable will be the way to go again in 2007 at the latest.
And most of those packages are for eleven different architectures. Yes, I know that they don't neccessary wait ARM-version to compile before releasing the fix for i386, but it still adds lots of work to testing.
And many of those packages are not really supported by anyone. And there is no good way to track, what is the status of support in packages you are using. Of course you can check a bug database, and if you find security bug filed and not fixed in six months or more, you can draw your own conclusions.
The current situation, however, can be taken care of by making sure that there are enough trusted people authorized to issue security fixes as soon as they are fixed and tested.
There was a discussion a while ago about dropping some of the architectures to "second class". I don't know what was the result of it (if anything) but maybe they should divide the packages into two groups as well. It could be helpful for the release process as well, and if there were smaller number of "premium" packages which are more or less guaranteed to be actively maintained, it would help users to assess the security status of their Debian installations more easily.
MX records don't always tell where the mail is sent from. In fact it is good idea to have separate server for sending mail. For example if your MX in some situation sends bounces to forged aol-addresses, it gets very easily blacklisted temporarily by AOL. But sending mail directly from server which hosts multiple webpages in same ip is not a good idea. But I don't thing Graham does that either.
From TFA and from parent article I got impression that he suffers from people having spam filters which run URL's in the email body through blacklists. And I think that spam filter which gives too much points for that is more broken than the concept of DNSBLs.
Practically nobody uses BLARS, so I wouldn't worry about it. Among other things, BLARS lists /16 netblocks which are allocated to different providers in different countries as one listing. But I wouldn't worry about it.
About spam and run. Yes sometimes it is just quick spam and run. But sometimes they use the same ip-address for months. While ago I received a lot of annoying spam to different role accounts from one ip-address, which wasn't blocked by any blacklist I use (It was blocked by SPEWS because of the same spammer), and I placed a manual block on it. I periodically check all my manually blocked IP's because I don't want to keep them listed forever. That one went on for months, though it was finally listed by SBL too.
Spammers use different methods to get by different types of blocking. And AOL-style dynamic blocking isn't very effective for smaller providers or smaller companies. Unless someone creates a trusted network of admins and good infrastructure to collect enough spam to judge which ip's should be dynamically blocked.
Yes they do. According to Opera Software's first quarter earnings, they get three times more revenue from licensing their browser for various pocket devices, than from selling the desktop version for Windows and Linux.
Nokia ships lots of phones with Opera as a web browser. See http://www.opera.com/products/mobile/products/
If Nokia is serious with their own KHTML-based browser for their phones, it could be major financial blow for Opera Software.
SPEWS is not a "anti-spam firm". Check their website at http://spews.org/ for more explanation. And anyone too conserned about false positives should do their due dilligence when picking the DNSBLs they use and notice that SPEWS blocks fairly large netblocks. And there probably will be a lot of legitimate mail sent from bad neighborhoods. SPEWS is a very good tool for blocking spam and educating ignorant ISPs, but it's not suited for everyone.
The problem is not that those people blocking all APNIC or whatever get a lot of spam marketing things from Asia, but the problem is that there are too many ISPs in China and Korea who are even worse than US ISPs in regards of reacting to spam complaints.
And many of american spammers have noticed this and started to use APNIC-area ISPs services for spamming.
Usually there is information about the country where the ip is assigned in the registries' whois-records. And there are compiled lists which quite accurately tells in which country ip-address is located. On of these is http://countries.nerd.dk/. Of course they aren't 100% accurate, but enough for purposes like this.
Umm, zombies nowadays typically don't use any further mail realys, they just send direct to receiving MX. Or if they do use realys, it is the isp's smtp-server the zombified machine uses for legitimate uses too.
So what does Norway do with its oil?
They sell it to others.
Norway is energywise blessed with its geographics. Mountains with steep slopes and heavy rainfall equals more cheap hydro-power they can consume, even with plenty of power-consuming industry.
My knowledge is based on what I can remember what a patent attorney told me when I was involved with a patent process in Finland with my former employer. (It was pretty much a software patent, though they were supposed to be illegal, and it passed)
The process is supposed to be pretty similar in all members of EPO.
They do not only search other patent registries, but they also do searches from various scientific journals and databases, in case there is prior art that has not been patented. What I've been told by US system, the search for prior art is much more extensive in Europe, but naturally it cannot be foolproof process.
I guess only the time will tell, but I do have high hopes that software patents won't be such a big nuisance in Europe as in US because of more demanding patenting process.
Yes there is. European patent offices actually search for prior art before granting the patent.