The sad fact is that a lot of admins would not take action if they were not faced with the consequence of being blacklisted. Given that fact, while this solution isn't perfect, or even great, I'm not sure that there's a better one out there. In fact, it sounds like you guys may not have even been aware of the problem of running an open relay, had you not been blocked in the first place.
You've taken steps to fix the problem, which is great! I'd imagine that most of the major blacklists will begin to remove you. Some, yes, will be slower that others, but hey, consider that your penance.;-)
Some other points:
Is this making spam less of a problem, or are we trading one problem (SPAM) for another (the reliablility of proper maintenance of SPAM Blacklists)?
Absolutely not. In fact, I don't even see any trade at all. Instead, what it is doing is moving punishment from the victims (those spending time, money, cpu cycles, etc. dealing with spam) to the offenders on the shoulders of those having done wrong (flat out spammers to lesser offenses, such as yours, running an open relay).
I'm sorry if in your particular case, you're having trouble getting off lists, but I still think that's more fair than me dealing with even more spam.
The fact that your relay was never used is meaningless too, BTW. It would have happened sooner or latter, as there certainly ARE *MANY* folks out there scanning the network looking for open relays. All they have to do is wait until most folks have gone home for the day and pound the heck out of it. You come in the next morning, hopefully notice something and stop it then, but in the mean time, damage done to the rest of us.
Expecting us to wait until you're used for spam is unacceptable.
And lastly:
...isn't the bottom line that no one owns the internet e-mail system?
No. Whoever told you that is just wrong. Internet email is not the absence of a owner, but an accumulation of shared owners. Each person who owns a SMTP server on the Internet has a small piece of ownership of Internet email. Each person is free to do what they will with their hard, and want to block others because they are causing massive problems, that's their right to do so. You can chose to ignore them, if you think they're being unreasonable, or you can chose to cooperate if you think they're not. Likewise, you could decide to block every domain with a the letter 'Q' in it if you so desire. You action may not have as much strength as you might not be able to garner much support from you fellow owners, but just because of that, you can't get mad at those who do have a good argument and *do* garner support.
A *solid* book on CVS is badly needed. Yes I've seen Open Source Dev. w/ CVS, and the CVS Pocket Reference. (And I'm not even going to mention the Cederqvist -- that thing is just *awful* (IMHO).)
I want something that gives me a nonsense, cut-to-the chase, explanation on CVS. Especially one that will do when you don't have a CVS expert around. When first trying to learn CVS, I would have paid good money for a book with just this sentence alone: 'never mind checkout past setup -- and update alone is just stupid. 'update -Pd' is really what you want'.
I love CVS but it would hard to deny it's one of the more archaic programs still out there. Some may love that, but when I have serious work to do, fucking around with CVS is not high on my priority list.
Second, I would imagine it's because Larry has been employed by O'Reilly for the last couple of years, making it less of a 'need' for Larry's work to continue on via a grant.
1. Open M/K.
2. Search for anything you'd like to download.
3. Start downloading it.
4. Open a MS-DOS prompt and type "netstat -n" without the quoting marks. (This
should display all the active connections with IP numbers, not hostnames).
You should get something like 'xxx.xxx.xxx.xxx:1214" in the 'Foreign Address' column.
Where xxx.xxx.xxx.xxx is an IP Address.
5. Open your webbrowser and type in 'http://xxx.xxx.xxx.xxx:1214' and press enter.
6. Voila! You got the list of the shared files from xxx.xxx.xxx.xxx. Now you can download
any file you want, however if the user is full (meaning that he's got no more slots left)
you wont be able to download anything.
Err... isn't the same as Right Mouse Button -> Find from the same -> User built into Morpheous?
More importantly, how many of you, within two tries, could have guessed which of Slashdot's Village Idiots posted this story?
I can't help put wonder if Taco or any of the other Editors I respected would have posted this, along with the pandering Tshirt and "check your local newspaper" thing. Can't help but come up with a big-ass no.
Man, I wish Timothy and Michael would just go away.
Okay, mod me down as Flamebait/Troll/Off Topic now.
Maybe it's just me, but if people can already find the most relevant results on Google, what are the chances anyone's gonna use this service?
Umm, no. Read the damn story. To quote:
...Yahoo plans to charge consumers between $1 and $4 to retrieve files from a specialized database of some 25 million research documents culled from 7,100 publications, including academic periodicals.
Hence, most of this wouldn't be available in Google.
-Bill
Literacy on the Web.
Teach a Slashdotter to read today!
It would make a great deal of sense for AOL/Time-Warner to acquire an operating system for leverage against Microsoft - same reason they bought Netscape.
Um, which was what, again?
-Bill
Re:Slashdot Editors forgot about their comments
on
X-Box Emulated (Not)
·
· Score: 0, Offtopic
You're surprised? They don't even post their comments in the comment area anymore! (Naturally, that's what the story part is for.) Witness this.
Jamie didn't post the story. Jamie didn't find the link. Last I check, Jamie wasn't even widely recongized as Java/CLF expert. And worst of all, nobody fucking asked Jamie his fucking opinion.
But we get it anyway. A mostly mindless stupid rant, with moronic predicitions to boot.
Yay. Lucky us.
Any story posted by Timothy or Michael is hardly more than a link with a paragraph or two of badly written and poorly thought-out commentary on their part.
To be fair, however, not everyone does this. Props to CmdrTaco, CowboyNeal, Hemos, and a few of the others. I just wish we'd get more of them and less of the village idiots.
Why does Jamie feel his comments are so important that they *had* to go in the story portion itself? (Note this was another editor's story to boot.) Is he too important for his remarks to be in the comments area with all us other 'lowly' posters?
It used to be Timothy and Michael who were the worst offenders of editors using Slashdot for their own personal soapbox, but this takes the cake.
Post stories that are interesting, and if you must comment, get off your damn high-horses, and subject yourselves to the same moderation (and filtering) as everyone else.
I-Know-This-Will-Get-Mod'ed-Down-As-A-Troll-But- St ill-Annoyed,
-Bill
The University of Chicago has a year long master's program aimed at individuals who do not have a bachelors in CS. A few of my friends went through it after their BA's and had a positive experience.
That's a good idea, but why not setup our own institution to issue 'grants' ala the NEA specificly for software? As long it stayed diverse (i.e. wasn't as rigourous as Stallman's interpretation of software), non-political, and support several of the applications I use, I would certainly consider donating.
Giving customer's the service they expect isn't the hard part. Any software engineer who knows Perl, Java, or C++ should be able to implement it without much difficulty. If you think that is the hard part please do not work in e-commerce.
The hard part, the meat of the problem, is securing the data. And it's a problem who's difficult is often underestimated.
I'm assuming that all data is submitted ONLY via 'POST' (i.e. not 'GET'), and via SSL. If this is not the case, see the above comment on working e-commerce.
I had to design a system like this for the e-commerce company I used to work for. Assuming we where hacked and how, the goal was to minimize the impact it would have. E.g. if the hacker got access to our entire source tree, our database, had a network sniffer, etc. how would we stand under various scenarios. Additionally, we made as few assumptions as possible (e.g. the hacker could have access to our source code, the public key, our db, network sniffing, but did not have access to private the key).
If you're past that, some advice:
1) Place all your secure data on a separate server. Minimize the data present on that machine. This will decrease the likelihood of someone needing or asking to get access to data that will additionally expose the secure data. Additionally the server should be as stripped down as possible, as any secure server should be.
2) Setup your network with an additional zone. The server mentioned above should go in this zone. The new zone will be strictly controlled and only used for holding the server upon which the secure data will reside. This zone should be strictly controlled with it's own router. Everything disallowed and only one or two things (ssh and https) should be opened. Ideally, if your main webserver (probably the most likely spot for a penetration) you'll want to know if this part of the network has been breached as well.
3) Do not write the secure data to disk (e.g. in log files or in debugging information dump files). Do not pass the data over the network in any insecure manner. This seems obvious, but a lot of people fail to understand the entire environment, and can inadvertently weak their system's security due to this. For example, many people using a servlet container like Resin configure the session data to replicate to another server. While this is a great thing, and reduces the problems of losing any single server, the secure data can be transmitted across the local network in clear text while being replicated. Not good.
4) The web servers will most likely need to make a secure connection to secure box. This sounds bad at first, but there isn't a better away around it. Ultimately the data has to get from point A to point B. Writing it to disk for batch accumulation is not good (as stated above). Building up a queue and batch submitting jobs to the server doesn't really offer anything over individual submissions. Additionally it increases the detriment of a server crashing before the batch job has been submitted. In some cases this might also be less ideal as the business needs may call for pre-auths to take place as soon as possible, or otherwise sending the order to a distribution center as quickly as possible.
5) It's obvious to state you should encrypt the data before writing to the database. The part most people miss is HOW to encrypt. Just using a public/private key isn?t enough. Even worse, most folks will miss judge the strength of their system by gauging how long it would take to crack the key being used. While cracking the key is most likely what you would want to do to read the secret message from Alice to Bob, it?s not what someone is going to do to get your credit card numbers.
If someone wants to get your list of credit cards, it's easier to brute force the number. The average non-amex card is 16 digits. Assume you've gotten the entire database; you'll have a few hundred thousand numbers easy. Assume you're not a greedy hacker and would be happy with say only a hundred thousand numbers. Then the first four digits really aren't random as they often represent the network and bank. (Ever notice that your buddy?s Visa card also begins with a 4? Or that everyone?s Discover card is 6011?) That reduces the complexity by four orders of magnitude. Often the last four digits are show plain text to the customer. That leaves only 10^8 combinations to try. Additionally a clever hacker would do a quick mod-10 check before a more expensive encrypt-and-check call, so that's really not that long.
So what to do?
Using a one-way method isn't an option. We need to be able to get the original credit card number back. Not just because of the case cited above, but that's just a real-world need. You cannot legally charge the customer until an item has shipped. If you can't ship right away (i.e. Backorders), you're going to have to hang on to that number and use it to charge the card latter. If you have to break the order into multiple shipments, same thing.
What we is an asymmetric encryption algorithm. One that will generate a different ciphertext each time the cleartext in encrypted. There are a lot of ways to do this, some encryption even provide for it. If not, simply append a delimiter and a random number to the cleartext and encrypt it. (E.g. instead of encrypting '4111-1111-1111-1111' encrypt '4111-1111-1111-1111*4873924839432432432'.) If you have the private key, it is easy to discard the random text. If you do not have the private key, this makes it difficult to brute force the number.
6) Backup should be done separately, to separate tapes, on a separate drive connected directly to the machine. The tapes should be treated as access to the machine would be.
7) Tripwire the private key. In case of a breach, you'll need to know if this file has been accessed.
8) Use stored procedures to restrict access to the secure data. I love m(y)?sql, but this where Oracle and SQL Server's stored procedures are really nice. Basically the account through which data is being accessed by the applications should not be able to select, update, delete, or insert. Instead offer a stored procedure API to do what is MINIMALLY needed. Generally it's best to offer a minimal, but complete API. That's not the case here. Offer only what's need (e.g. do not provide an interface for updating a card number if that?s not needed, etc.)
9) Chargebacks and coupon abuse are going to be a pain in the ass. The draw back of the above method is that you cannot easily find an account by credit card number. And, in the real world, sometimes you do have to do it. Often credit card numbers are used to enforce one-per-customer offers. And for good reason -- it's probably the most effective way to do it. However, the cost (insecure data) is too high for the overall business. Slashdot bashing of Marketing be what it may, but if you can explain this to one of the higher ups in the group in an understandable way, as well as work with them to come together with a different solution, they will usually be open to it. Nobody, especially in Marketing, wants to come in one morning, and read on my.yahoo.com that their company?s credit card numbers have been stolen.
Chargebacks have one advantage over credit card abuse: they are not done one the customer?s dime (i.e. nobody is sitting there waiting for a page to load). Most likely it will be possible to queue them together, and use the first and last four digits to limit the sets of rows to be examined, and then simply start decrypting and comparing. None of the intermediate results, obviously, should be shown. This should ONLY allow to get the customer name, etc. from a valid credit card number. That normal caveats of web development apply here as well, despite it being an internal application.
10) Work with your Operations team to test the system. If you breach the zone, are there traces? If you scp off the private key, was that correctly detected as well. Remember the old scare stories of people who never tested their backup system until they needed them, only to find out they didn?t work. Make sure everything here is working as expected.
Anyway, that's all about I can bear to write for now. Hope that helps someone.
Actually, I wonder what happened to some of the older spam. I was trying to find *any* of the original Green Card Lawyers posting with no luck. (Found many responses, forwards, etc., but not the actual posts.)
Re:Subscriptions should add value
on
Slashdot Updates
·
· Score: 1
I like the NPR analogy. If I saw it in terms of paying for the ability to hide ads, I probably wouldn't sign up. (For me at least, it's easy enough to tune 'em out.)
However, if it's more explicitly given with the intent to keep Slashdot around, I'm all over it.
To go with the NPR analogy, I think special only-available-to-doner's gift should be given at each level. It'd become a badge of pride around other geeks.:-)
-Bill
Why the OSDN banner?
on
Slashdot Updates
·
· Score: 0, Redundant
Thanks for the update, CmdrTaco!
I really don't mean this in any sort of negative tone, but why add the OSDN banner if you didn't have to, and you didn't like it either?
In my opinion, Gator is a virus. It is attached to the software installations for other products, and it usually installs itself on user's systems without their permission. When you try to remove it, it creates a copy of itself so it is not deleted.
Opinions on Gator aside, calling it a virus is just ridiculous. A program is not a virus solely because it installs programs without permission and/or is difficult to delete. By that definition, my little cousins are viruses (albiet cute ones).
-Bill
FWIW, also by that definition, so is Windows when you buy a complete system and can't get the disk bare, Netscape when it installs the Free AOL trial, Internet Explorer, etc.
Soooo... because *one* industry does it, everyone does?
I have no idea who made my car. I have no idea who made the hardware behind my pilot, or my laptop, or my CPU, or my graphics card... you get the point.
Slashdot Mirror
The sad fact is that a lot of admins would not take action if they were not faced with the consequence of being blacklisted. Given that fact, while this solution isn't perfect, or even great, I'm not sure that there's a better one out there. In fact, it sounds like you guys may not have even been aware of the problem of running an open relay, had you not been blocked in the first place.
;-)
...isn't the bottom line that no one owns the internet e-mail system?
You've taken steps to fix the problem, which is great! I'd imagine that most of the major blacklists will begin to remove you. Some, yes, will be slower that others, but hey, consider that your penance.
Some other points:
Is this making spam less of a problem, or are we trading one problem (SPAM) for another (the reliablility of proper maintenance of SPAM Blacklists)?
Absolutely not. In fact, I don't even see any trade at all. Instead, what it is doing is moving punishment from the victims (those spending time, money, cpu cycles, etc. dealing with spam) to the offenders on the shoulders of those having done wrong (flat out spammers to lesser offenses, such as yours, running an open relay).
I'm sorry if in your particular case, you're having trouble getting off lists, but I still think that's more fair than me dealing with even more spam.
The fact that your relay was never used is meaningless too, BTW. It would have happened sooner or latter, as there certainly ARE *MANY* folks out there scanning the network looking for open relays. All they have to do is wait until most folks have gone home for the day and pound the heck out of it. You come in the next morning, hopefully notice something and stop it then, but in the mean time, damage done to the rest of us.
Expecting us to wait until you're used for spam is unacceptable.
And lastly:
No. Whoever told you that is just wrong. Internet email is not the absence of a owner, but an accumulation of shared owners. Each person who owns a SMTP server on the Internet has a small piece of ownership of Internet email. Each person is free to do what they will with their hard, and want to block others because they are causing massive problems, that's their right to do so. You can chose to ignore them, if you think they're being unreasonable, or you can chose to cooperate if you think they're not. Likewise, you could decide to block every domain with a the letter 'Q' in it if you so desire. You action may not have as much strength as you might not be able to garner much support from you fellow owners, but just because of that, you can't get mad at those who do have a good argument and *do* garner support.
My two cents,
-Bill
Congratulations Rob & Kathleen!
:)
Seeing how slow everything is, I guess this answer the question of what it takes to slashdots slashdot!
-Bill
I'm sure it supports ... Windows 95 ...
Actually, I'd be amazed if Win95 is supported, seeing as Windows 95 is no longer officially supported by Microsoft.
I don't believe even I.E. 6.0 or the new version of DirectX run on '95.
-Bill
A *solid* book on CVS is badly needed. Yes I've seen Open Source Dev. w/ CVS, and the CVS Pocket Reference. (And I'm not even going to mention the Cederqvist -- that thing is just *awful* (IMHO).)
I want something that gives me a nonsense, cut-to-the chase, explanation on CVS. Especially one that will do when you don't have a CVS expert around. When first trying to learn CVS, I would have paid good money for a book with just this sentence alone: 'never mind checkout past setup -- and update alone is just stupid. 'update -Pd' is really what you want'.
I love CVS but it would hard to deny it's one of the more archaic programs still out there. Some may love that, but when I have serious work to do, fucking around with CVS is not high on my priority list.
-Bill
As I posted in a different comment thread, Larry was laid off by ORA in October, and has been without work since then.
Wow!
How could the countless idoitic stories posted by Timothy and Michael be on the homepage, but *NOT* this?!
Hoping Larry Finds A Job Real Quick,
-Bill
First, it's Perl not PERL.
Second, I would imagine it's because Larry has been employed by O'Reilly for the last couple of years, making it less of a 'need' for Larry's work to continue on via a grant.
-Bill
From http://users.pandora.be/lechat/Morpheus%20Exploit. htm:
4. Exploit
Here are the steps for exploiting this hole:
1. Open M/K.
2. Search for anything you'd like to download.
3. Start downloading it.
4. Open a MS-DOS prompt and type "netstat -n" without the quoting marks. (This
should display all the active connections with IP numbers, not hostnames).
You should get something like 'xxx.xxx.xxx.xxx:1214" in the 'Foreign Address' column.
Where xxx.xxx.xxx.xxx is an IP Address.
5. Open your webbrowser and type in 'http://xxx.xxx.xxx.xxx:1214' and press enter.
6. Voila! You got the list of the shared files from xxx.xxx.xxx.xxx. Now you can download
any file you want, however if the user is full (meaning that he's got no more slots left)
you wont be able to download anything.
Err... isn't the same as Right Mouse Button -> Find from the same -> User built into Morpheous?
-Bill
More importantly, how many of you, within two tries, could have guessed which of Slashdot's Village Idiots posted this story?
I can't help put wonder if Taco or any of the other Editors I respected would have posted this, along with the pandering Tshirt and "check your local newspaper" thing. Can't help but come up with a big-ass no.
Man, I wish Timothy and Michael would just go away.
Okay, mod me down as Flamebait/Troll/Off Topic now.
-Bill
Maybe it's just me, but if people can already find the most relevant results on Google, what are the chances anyone's gonna use this service?
...Yahoo plans to charge consumers between $1 and $4 to retrieve files from a specialized database of some 25 million research documents culled from 7,100 publications, including academic periodicals.
Umm, no. Read the damn story. To quote:
Hence, most of this wouldn't be available in Google.
-Bill
Literacy on the Web.
Teach a Slashdotter to read today!
Why would AOL want to buy RedHat? What would their motivations be? I'm having trouble thinking of any good reasons.
-Bill
Hahahahaha. Richest how?
By GDP, duh.
Idoit.
-Bill
It would make a great deal of sense for AOL/Time-Warner to acquire an operating system for leverage against Microsoft - same reason they bought Netscape.
Um, which was what, again?
-Bill
You're surprised? They don't even post their comments in the comment area anymore! (Naturally, that's what the story part is for.) Witness this.
Jamie didn't post the story. Jamie didn't find the link. Last I check, Jamie wasn't even widely recongized as Java/CLF expert. And worst of all, nobody fucking asked Jamie his fucking opinion.
But we get it anyway. A mostly mindless stupid rant, with moronic predicitions to boot.
Yay. Lucky us.
Any story posted by Timothy or Michael is hardly more than a link with a paragraph or two of badly written and poorly thought-out commentary on their part.
To be fair, however, not everyone does this. Props to CmdrTaco, CowboyNeal, Hemos, and a few of the others. I just wish we'd get more of them and less of the village idiots.
-Bill
Why does Jamie feel his comments are so important that they *had* to go in the story portion itself? (Note this was another editor's story to boot.) Is he too important for his remarks to be in the comments area with all us other 'lowly' posters?
- St ill-Annoyed,
It used to be Timothy and Michael who were the worst offenders of editors using Slashdot for their own personal soapbox, but this takes the cake.
Post stories that are interesting, and if you must comment, get off your damn high-horses, and subject yourselves to the same moderation (and filtering) as everyone else.
I-Know-This-Will-Get-Mod'ed-Down-As-A-Troll-But
-Bill
If you're going to steal, steal from the best:
http://developer.apple.com/ue/
Say you want about Macs, but hard to deny they have a great user interface.
-Bill
The University of Chicago has a year long master's program aimed at individuals who do not have a bachelors in CS. A few of my friends went through it after their BA's and had a positive experience.
-Bill
U of C '97
That's a good idea, but why not setup our own institution to issue 'grants' ala the NEA specificly for software? As long it stayed diverse (i.e. wasn't as rigourous as Stallman's interpretation of software), non-political, and support several of the applications I use, I would certainly consider donating.
-Bill
Giving customer's the service they expect isn't the hard part. Any software engineer who knows Perl, Java, or C++ should be able to implement it without much difficulty. If you think that is the hard part please do not work in e-commerce.
The hard part, the meat of the problem, is securing the data. And it's a problem who's difficult is often underestimated.
I'm assuming that all data is submitted ONLY via 'POST' (i.e. not 'GET'), and via SSL. If this is not the case, see the above comment on working e-commerce.
I had to design a system like this for the e-commerce company I used to work for. Assuming we where hacked and how, the goal was to minimize the impact it would have. E.g. if the hacker got access to our entire source tree, our database, had a network sniffer, etc. how would we stand under various scenarios. Additionally, we made as few assumptions as possible (e.g. the hacker could have access to our source code, the public key, our db, network sniffing, but did not have access to private the key).
If you're past that, some advice:
1) Place all your secure data on a separate server. Minimize the data present on that machine. This will decrease the likelihood of someone needing or asking to get access to data that will additionally expose the secure data. Additionally the server should be as stripped down as possible, as any secure server should be.
2) Setup your network with an additional zone. The server mentioned above should go in this zone. The new zone will be strictly controlled and only used for holding the server upon which the secure data will reside. This zone should be strictly controlled with it's own router. Everything disallowed and only one or two things (ssh and https) should be opened. Ideally, if your main webserver (probably the most likely spot for a penetration) you'll want to know if this part of the network has been breached as well.
3) Do not write the secure data to disk (e.g. in log files or in debugging information dump files). Do not pass the data over the network in any insecure manner. This seems obvious, but a lot of people fail to understand the entire environment, and can inadvertently weak their system's security due to this. For example, many people using a servlet container like Resin configure the session data to replicate to another server. While this is a great thing, and reduces the problems of losing any single server, the secure data can be transmitted across the local network in clear text while being replicated. Not good.
4) The web servers will most likely need to make a secure connection to secure box. This sounds bad at first, but there isn't a better away around it. Ultimately the data has to get from point A to point B. Writing it to disk for batch accumulation is not good (as stated above). Building up a queue and batch submitting jobs to the server doesn't really offer anything over individual submissions. Additionally it increases the detriment of a server crashing before the batch job has been submitted. In some cases this might also be less ideal as the business needs may call for pre-auths to take place as soon as possible, or otherwise sending the order to a distribution center as quickly as possible.
5) It's obvious to state you should encrypt the data before writing to the database. The part most people miss is HOW to encrypt. Just using a public/private key isn?t enough. Even worse, most folks will miss judge the strength of their system by gauging how long it would take to crack the key being used. While cracking the key is most likely what you would want to do to read the secret message from Alice to Bob, it?s not what someone is going to do to get your credit card numbers.
If someone wants to get your list of credit cards, it's easier to brute force the number. The average non-amex card is 16 digits. Assume you've gotten the entire database; you'll have a few hundred thousand numbers easy. Assume you're not a greedy hacker and would be happy with say only a hundred thousand numbers. Then the first four digits really aren't random as they often represent the network and bank. (Ever notice that your buddy?s Visa card also begins with a 4? Or that everyone?s Discover card is 6011?) That reduces the complexity by four orders of magnitude. Often the last four digits are show plain text to the customer. That leaves only 10^8 combinations to try. Additionally a clever hacker would do a quick mod-10 check before a more expensive encrypt-and-check call, so that's really not that long.
So what to do?
Using a one-way method isn't an option. We need to be able to get the original credit card number back. Not just because of the case cited above, but that's just a real-world need. You cannot legally charge the customer until an item has shipped. If you can't ship right away (i.e. Backorders), you're going to have to hang on to that number and use it to charge the card latter. If you have to break the order into multiple shipments, same thing.
What we is an asymmetric encryption algorithm. One that will generate a different ciphertext each time the cleartext in encrypted. There are a lot of ways to do this, some encryption even provide for it. If not, simply append a delimiter and a random number to the cleartext and encrypt it. (E.g. instead of encrypting '4111-1111-1111-1111' encrypt '4111-1111-1111-1111*4873924839432432432'.) If you have the private key, it is easy to discard the random text. If you do not have the private key, this makes it difficult to brute force the number.
6) Backup should be done separately, to separate tapes, on a separate drive connected directly to the machine. The tapes should be treated as access to the machine would be.
7) Tripwire the private key. In case of a breach, you'll need to know if this file has been accessed.
8) Use stored procedures to restrict access to the secure data. I love m(y)?sql, but this where Oracle and SQL Server's stored procedures are really nice. Basically the account through which data is being accessed by the applications should not be able to select, update, delete, or insert. Instead offer a stored procedure API to do what is MINIMALLY needed. Generally it's best to offer a minimal, but complete API. That's not the case here. Offer only what's need (e.g. do not provide an interface for updating a card number if that?s not needed, etc.)
9) Chargebacks and coupon abuse are going to be a pain in the ass. The draw back of the above method is that you cannot easily find an account by credit card number. And, in the real world, sometimes you do have to do it. Often credit card numbers are used to enforce one-per-customer offers. And for good reason -- it's probably the most effective way to do it. However, the cost (insecure data) is too high for the overall business. Slashdot bashing of Marketing be what it may, but if you can explain this to one of the higher ups in the group in an understandable way, as well as work with them to come together with a different solution, they will usually be open to it. Nobody, especially in Marketing, wants to come in one morning, and read on my.yahoo.com that their company?s credit card numbers have been stolen.
Chargebacks have one advantage over credit card abuse: they are not done one the customer?s dime (i.e. nobody is sitting there waiting for a page to load). Most likely it will be possible to queue them together, and use the first and last four digits to limit the sets of rows to be examined, and then simply start decrypting and comparing. None of the intermediate results, obviously, should be shown. This should ONLY allow to get the customer name, etc. from a valid credit card number. That normal caveats of web development apply here as well, despite it being an internal application.
10) Work with your Operations team to test the system. If you breach the zone, are there traces? If you scp off the private key, was that correctly detected as well. Remember the old scare stories of people who never tested their backup system until they needed them, only to find out they didn?t work. Make sure everything here is working as expected.
Anyway, that's all about I can bear to write for now. Hope that helps someone.
-Bill
Actually, I wonder what happened to some of the older spam. I was trying to find *any* of the original Green Card Lawyers posting with no luck. (Found many responses, forwards, etc., but not the actual posts.)
Anyone else have any better luck?
-Bill
Can I nomiate notepad!?
-Bill
I like the NPR analogy. If I saw it in terms of paying for the ability to hide ads, I probably wouldn't sign up. (For me at least, it's easy enough to tune 'em out.)
:-)
However, if it's more explicitly given with the intent to keep Slashdot around, I'm all over it.
To go with the NPR analogy, I think special only-available-to-doner's gift should be given at each level. It'd become a badge of pride around other geeks.
-Bill
Thanks for the update, CmdrTaco!
I really don't mean this in any sort of negative tone, but why add the OSDN banner if you didn't have to, and you didn't like it either?
Just curious,
-Bill
FWIW, I use Netscape 6 with Bank of America's online banking. Better than Netscape 4 due to Mozilla's improved table rendering.
In my opinion, Gator is a virus. It is attached to the software installations for other products, and it usually installs itself on user's systems without their permission. When you try to remove it, it creates a copy of itself so it is not deleted.
Opinions on Gator aside, calling it a virus is just ridiculous. A program is not a virus solely because it installs programs without permission and/or is difficult to delete. By that definition, my little cousins are viruses (albiet cute ones).
-Bill
FWIW, also by that definition, so is Windows when you buy a complete system and can't get the disk bare, Netscape when it installs the Free AOL trial, Internet Explorer, etc.
Soooo... because *one* industry does it, everyone does?
I have no idea who made my car. I have no idea who made the hardware behind my pilot, or my laptop, or my CPU, or my graphics card... you get the point.
The exception does not make the rule.