Use DNS Blocklists. There's a few of them out there that allow you to reject SMTP servers on Dynamic IPs. I use dul.dnsbl.sorbs.net and dynablock.njabl.org since sometimes an IP will be on one, but not the other. Even better, use these ones as well.
relays.ordb.org
bl.spamcop.net
list.dsbl.org
xbl.spamhaus.org
I've got all six of them running on my company's mail server. It's set up to respond to rejected emails with instructions for contacting me via phone in case there's a false positive. That way, I can whitelist the sender and sometimes help them if they have an open relay and didn't know it. I've had one false positive in the last year. That's for 50 users in my company, some of which post their email address everywhere and use it in Banzai Buddy forms. ~90% of spam destined for valid mailboxes is blocked. Not bad considering it's free, easy to set up, and maintenance free.
"Unfortunately, some news organizations have misinterpreted what the film says. Some have said Fahrenheit 9/11 alleges that these flights out of the country took place when commercial airplanes were still grounded. The film does not say this. The film states clearly that these flights left after September 13 (the day the FAA began to slowly lift the ban on air traffic)."
I started listening to the audio book version of Moore's book, _Dude, Where's My Country_. I liked "Bowling for Columbine" and thought his other work might be equally intelligent. I definitely got caught off guard and stopped listening to it early on due to the constant lies, name calling, and hypocrisy. One of the things he rants about is how the US government got Bin Laden's family out of the States during the grounding.
My opinion is that his work simply preaches to the choir. Someone else commented that everyone in the theater was under the age of 30. I'm not surprised. I pictured that his main following would be a bunch of idealistic, cynical pacifists (Usually younger people that love pointing fingers). Sorry for the generalization, but that's how I see it!
How the hell did you get modded up? Oh, that's right. Another "Our government sucks" post that gets instant Insightful moderations from ignorant, cynical peers.
The least you could do is back up your accusation with some proof.
There are VERY few DOS and 9x apps that don't work with XP (Probably less than 1% don't work). It really isn't that large of an issue. How many apps don't work with SP2 is yet to be seen and it's unfair to judge them for it. Also, I would be pissed if the Microsoft product lifecycle was as short as Apple's. With Apple, they abandon prior OSes with the release of the new OS. I'm sorry, but that's just terrible support.
And if you were a company with shareholders, which market would you be going after? I'd be going after the $50/game market that makes up the majority of gamers.
Take the surface of earth, then add onto that because the circumference of their orbit will be greater than the circumference of Earth. Now multiply that by several fold since the debris and space station aren't at the same distance. Toss 2,000 relatively small debris objects into orbit along with the space station. Different orbits, distances, velocities, etc.. What are the odds of getting hit? Pretty damned small.
"There used to be a site called alldas.de where crackers submitted links to the sites they defaced. Apache had, and still has, at least three sites in the web for each site based on a Microsoft server. Yet, when I checked, Microsoft had four defaced sites for each defaced Apache site in alldas. So, the practical reality says Microsoft is about twelve times more insecure than Apache."
Practical reality says that your conclusion is idiotic. The only thing that comparison shows is that there's an unproportional number of hacked IIS servers compared to the market share. There are so many variables involved in figuring out which is more secure, it's not even agreed upon. I'll display some common arguments.
Apache boxes are more secure than IIS boxes because of the hacked/market share ratio.
So all the servers have the same level of administrative effort and security precautions taken? Both platforms are targeted by script kiddies equally? I honestly doubt it. In fact, most of the defaced sites are a result of a script kiddies scanning boxes for recently released IIS vulnerabilities. I look in my firewall syslogs and see LOTS of scanning for Windows specific ports and zero for *nix. My IIS logs are full of attempts to exploit known IIS vulnerabilities. From my logs, I conclude that Windows is simply targeted 100x more than Apache.
Apache is more secure than IIS because of the number of patches released.
How many people are combing for vulnerabilities in Apache? How many for IIS? How talented are they and how much time are they putting into it? I don't know and I don't think you do either. But based on the number of zero-day exploits released for each product, I'd say they're both equally safe so long as it's kept patched up and the rest of the network is secure. In my eyes, a zero-day exploit really only becomes a concern if you are specifically targeted due to a gigantic hack factor rating. If there were super hackers targeting me, I'd prefer they don't have the source code. Now if IIS had something like 10x more patches released on a regular basis than Apache, I would swing the other way. Good thing that situation isn't real. So here we are in the real world. I would pick IIS and set up the site in such a way that the IIS box itself doesn't have access to the valuable data. It's just a front end and doesn't have unrestricted, rampant access to the data. Now the hacker needs a zero-day exploit for IIS and a zero-day exploit for the communications channel that is used to retrieve data because of the firewall between one DMZed IIS box and the backend server in the other DMZ. Good luck.
Apache is more secure because everone can see and review the code.
Yup, but not everyone is. See my explaination above.
There is only one conclusion that can be made without knowing all the variables. A properly patched and locked down install of Apache has zero unpatched known vulnerabilities. The same can be said for IIS. Bickering over which is more secure is pointless because the biggest dangers are poor administration, network security, security policies, and training.
Someone else mentioned that the boxes are display only. I'm not sure if this is true since I rarely go to the store to by my computer goods, but it makes sense.
"I want to shop where you shop. Cause over here you can't move at times with all the people restocking the shelves constantly. And it is not exactly rare to see something sold out either."
I shop at Whole Foods in AZ and People's Market (Same company, different name) when I lived in Chicago. They don't get as much traffic as the mainstream grocery stores, so the constant aisle block isn't as overwhelming.
"Windows 95 -> 98 was slightly different because 95 was a total piece of shit so people were glad to upgrade. But 98 or 2000 are 'good' enough for most people and the upgrade to XP comes when they buy a new PC, wich happens less in a down economy, or is pirated by 'kiddies' who want to run the latest.
You don't even understand the families of Microsoft operating systems. 95, 98, and ME are all one buggy, POS family not suitable for businesses or anyone that values the content on their computer. FAT and FAT32 constantly need correcting, there is no HAL to protect the system and as a result, there's lots of crap that takes down the whole computer. Their ability to participate in a domain environment is minimal. I personally have seen several dozens of copies of 2000, and XP purchased to replace the 9x system that was included with computers and I don't work for any reseller. These are just acquaintances I'm referring to. There are also a lot of small business owners that didn't know any better when they bought all their computers and thought ME was better than 2000 or 98 was better than NT because of the release year. I've done dozens of upgrades myself for employers just like that. When 2000 launched, I was doing support for MS and we had plenty of calls to keep us busy from people that upgraded. All of them are valid owners. Customer service verifies before they send them over to support. What you said may be more true going from 2000 to XP since the version numbers are 5 to 5.1, but I still see multiple people upgrade to use new features (Remote Desktop is very popular) and because XP is faster. They use it at work and upgrade their home systems from 2000 to XP because it is noticeably better.
"Ask yourselve this question, what really is the reason to upgrade to the latest software for the average home user except a faint hope that the next version will be less bugged? What has really changed that is of any use?"
They talk to their friends and are told about the wonderful 2000 or the wonderful XP and how they don't have any of the problems now like they had with 9x/ME. Or they use 2000/XP at work and have first hand experience. Again, I see these scenarios happen constantly.
1000baseT uses all four wire pairs and will run on most CAT5. Advertising says that it requires CAT5e, but that's just the lowest spec they can guarantee will work because it's got higher requirements that crappy CAT5 can't meet. CAT5 has been around since 1991 and because the University upgraded their network six years ago, I'd imagine that it's good quality.
According to their VP of IS, they were future proofing to save money in the long term. I just hope they tested their current CAT5 for 1000baseT operation and it failed (I doubt it). If it was good enough, 1000baseT would have carried them through at least another six years and they would have only needed to upgrade the switches. Something tells me that this VP was just spending for the bling-bling and is a non-technical, overpaid, PHB. If I'm right, the fucker should be fired for wasting school and student money. A friend of mine working at a pretty big company just went through the same ordeal with his PHB. She (The PHB) got featured in an article because she upgraded to the buzzword "Fiber".
Check out theselinks for some good information and specs. Also, I managed to dig up some information provided by the company that installed the fiber.
So what you're saying is that the next time my girlfriend is actually interested in playing Halo with me and I see a rocket launcher lying on the ground, I should make a sacrafice and let her pick it up even though she'll just blow herself up while I provide cover fire?
I don't think he was lying. The very next line in the original radio broadcast is Arthur saying, "I always knew there was something fundamentally wrong about the universe."
Microsoft addressed the major concerns of PPTP in 1998 with a post NT4 SP3 hotfix and DUN 1.3 for Windows 9x. The RC4 key blunder was one of the problems fixed. Check out this informative article.
There's still some minor issues, but unless you're protecting something that multiple, highly technical government spies with uber elite access are trying to get at, PPTP is good enough. Hell, if someone were that determined, I doubt they would choose PPTP as their point of attack. The odds that everything else is more secure are pretty freaking slim.
I disagree that Microsoft can't implement encryption techniques these days. I'm confident that since Microsoft first coded their implementation of PPTP, they've learned to pay more attention to security related features. Back then, vulnerabilities weren't nearly as big of an issue as they are today. Windows Server 2003 is proof that they're making a sincere effort now that the desire for "Secure out of the box" is high on the average customer's list of features. And what about L2TP (Another VPN protocol introduced with Windows 2000)? Know of any weaknesses in it? I can't find any articles with complaints about it and it's been around for several years.
How would you like it if you made a mistake 9 years ago, fixed it, and people still referenced it when arguing why you suck today?
"The other group is people who want to use a mail server other than the one provided by their connectivity provider."
The perfect example is the army of corporate workers that come home with a laptop. If their corporate mail is just plain smtp and pop3, they'll be unable to send email from home. That's a lot more tech support calls from angry customers for the ISP and the help desk for their company.
My personal opinion is to just do it. We need to tighten the noose on email to help make a dent in the spam and virus problems.
Back when I actually participated in the spam hunt, I would contact those responsble for the source of the Internet connection of the spammer, the mail servers used, the web servers, mail servers advertised on the web page (The ones for "buying"), and any credit card transaction companies used. I would then save the email and confirm that each pice was shut down before moving it to my "terminated" folder. If a particular service didn't get shut down within three contact attempts, I would forward them all with a note to the upstream provider indicating the inaction and referring to their own terms of service. If that didn't work, I resorted to guerilla tactics. Sending email to all the email addresses I could find for the company. A few times, I called the network operations center of the ISP if I saw the email right when it hit my inbox. Within a few months, I had direct email addresses to several ISPs and hosting providers so that I could get them reliable info that they knew wouldn't be a false alarm.
My main beef with Zone Alarm is that by default, it blocks outbound VPN sessions and doesn't inform you like it loves to do when it blocks inbound session attempts. You can add the VPN server to the trusted zone, but that's after you realize what's going on. When troubleshooting connectivity issues, you never expect that the client computer is blocking its own outbound connections and it takes a while longer to realize that the client you're troubleshooting over the phone has this software installed. IMHO (And most security professionals agree), a personal firewall shouldn't block outbound sessions unless it's working at the application layer and has pattern definitions for known viruses. My second beef with it is that it announces every inbound session attempt it blocks in a way that makes it sound like it's stopping puppy rapists from doing their thing. Sure, you can change this behavior, but they intentionally set the defaults this way to take advantage of the uneducated users (The majority of the people that would install their software). When I did support for a local ISP, I had plenty of calls from people that were getting "hacked" by our DSL equipment. The software had them scared shitless of the Internet and all the background noise that came with it.
BlackIce has the same behavior.
So here we have two firewalls that block outbound sessions (WTF!?!) and like to prey on n00bs.
"Sorry, but I just don't have time to figure out the settings needed to fix this when Zone Alarm is the real fix."
Sorry, but Zone Alarm, Black Ice, etc. are all PIECES OF SHIT. You have no idea how many times I've been troubleshooting broken internet apps only to find out that Zone Alarm/Black Ice is installed. One of my first questions now is to find out if those things are installed. The sole purpose of those software packages is to annoy you every time it blocks a connection and try and convince you to pay money for the enhanced version of the nagware.
You declare that the SP2 firewall broke your ability to print, but you do not know why. You just take a reactive stance and jump back to what works now instead of finding the underlying problem and solving it. I'm sorry, but I just don't believe that the firewall broke your ability to print unless there was an underlying reason. Outbound connections are not blocked by the firewall. The same statement goes for seeing others on the network. Maybe you were just impatient and didn't wait for browsing to stabalize which takes up to something like 15 minutes in a single broadcast domain. If you're really that anxious to connect to another computer and can't wait for the browse list, do a start | run | \\COMPUTERNAME.
If you want the computer to be seen on the network, create an exception list in the firewall configuration! It already has a preset for file and print sharing one tab over from where you enabled the firewall for crying out loud!
God I hate seeing ignorant fucks blaming the software vendor for their own ignorance, then getting modded up for it. It's not Microsoft's fault that you don't RTFM or open your eyes to see that there's other configuration options when you use a feature. Blaming Microsoft may be fun, but it's not always the answer.
Slashdot Mirror
relays.ordb.org
bl.spamcop.net
list.dsbl.org
xbl.spamhaus.org
I've got all six of them running on my company's mail server. It's set up to respond to rejected emails with instructions for contacting me via phone in case there's a false positive. That way, I can whitelist the sender and sometimes help them if they have an open relay and didn't know it. I've had one false positive in the last year. That's for 50 users in my company, some of which post their email address everywhere and use it in Banzai Buddy forms. ~90% of spam destined for valid mailboxes is blocked. Not bad considering it's free, easy to set up, and maintenance free.
-Lucas
-Lucas
-Lucas
I started listening to the audio book version of Moore's book, _Dude, Where's My Country_. I liked "Bowling for Columbine" and thought his other work might be equally intelligent. I definitely got caught off guard and stopped listening to it early on due to the constant lies, name calling, and hypocrisy. One of the things he rants about is how the US government got Bin Laden's family out of the States during the grounding.
My opinion is that his work simply preaches to the choir. Someone else commented that everyone in the theater was under the age of 30. I'm not surprised. I pictured that his main following would be a bunch of idealistic, cynical pacifists (Usually younger people that love pointing fingers). Sorry for the generalization, but that's how I see it!
-Lucas
-Lucas
The least you could do is back up your accusation with some proof.
-Lucas
Best seller lists.
-Lucas
-Lucas
-Lucas
Practical reality says that your conclusion is idiotic. The only thing that comparison shows is that there's an unproportional number of hacked IIS servers compared to the market share. There are so many variables involved in figuring out which is more secure, it's not even agreed upon. I'll display some common arguments.
Apache boxes are more secure than IIS boxes because of the hacked/market share ratio.
So all the servers have the same level of administrative effort and security precautions taken? Both platforms are targeted by script kiddies equally? I honestly doubt it. In fact, most of the defaced sites are a result of a script kiddies scanning boxes for recently released IIS vulnerabilities. I look in my firewall syslogs and see LOTS of scanning for Windows specific ports and zero for *nix. My IIS logs are full of attempts to exploit known IIS vulnerabilities. From my logs, I conclude that Windows is simply targeted 100x more than Apache.
Apache is more secure than IIS because of the number of patches released.
How many people are combing for vulnerabilities in Apache? How many for IIS? How talented are they and how much time are they putting into it? I don't know and I don't think you do either. But based on the number of zero-day exploits released for each product, I'd say they're both equally safe so long as it's kept patched up and the rest of the network is secure. In my eyes, a zero-day exploit really only becomes a concern if you are specifically targeted due to a gigantic hack factor rating. If there were super hackers targeting me, I'd prefer they don't have the source code. Now if IIS had something like 10x more patches released on a regular basis than Apache, I would swing the other way. Good thing that situation isn't real. So here we are in the real world. I would pick IIS and set up the site in such a way that the IIS box itself doesn't have access to the valuable data. It's just a front end and doesn't have unrestricted, rampant access to the data. Now the hacker needs a zero-day exploit for IIS and a zero-day exploit for the communications channel that is used to retrieve data because of the firewall between one DMZed IIS box and the backend server in the other DMZ. Good luck.
Apache is more secure because everone can see and review the code.
Yup, but not everyone is. See my explaination above.
There is only one conclusion that can be made without knowing all the variables. A properly patched and locked down install of Apache has zero unpatched known vulnerabilities. The same can be said for IIS. Bickering over which is more secure is pointless because the biggest dangers are poor administration, network security, security policies, and training.
-Lucas
-Lucas
-Lucas
I shop at Whole Foods in AZ and People's Market (Same company, different name) when I lived in Chicago. They don't get as much traffic as the mainstream grocery stores, so the constant aisle block isn't as overwhelming.
"Windows 95 -> 98 was slightly different because 95 was a total piece of shit so people were glad to upgrade. But 98 or 2000 are 'good' enough for most people and the upgrade to XP comes when they buy a new PC, wich happens less in a down economy, or is pirated by 'kiddies' who want to run the latest.
You don't even understand the families of Microsoft operating systems. 95, 98, and ME are all one buggy, POS family not suitable for businesses or anyone that values the content on their computer. FAT and FAT32 constantly need correcting, there is no HAL to protect the system and as a result, there's lots of crap that takes down the whole computer. Their ability to participate in a domain environment is minimal. I personally have seen several dozens of copies of 2000, and XP purchased to replace the 9x system that was included with computers and I don't work for any reseller. These are just acquaintances I'm referring to. There are also a lot of small business owners that didn't know any better when they bought all their computers and thought ME was better than 2000 or 98 was better than NT because of the release year. I've done dozens of upgrades myself for employers just like that. When 2000 launched, I was doing support for MS and we had plenty of calls to keep us busy from people that upgraded. All of them are valid owners. Customer service verifies before they send them over to support. What you said may be more true going from 2000 to XP since the version numbers are 5 to 5.1, but I still see multiple people upgrade to use new features (Remote Desktop is very popular) and because XP is faster. They use it at work and upgrade their home systems from 2000 to XP because it is noticeably better.
"Ask yourselve this question, what really is the reason to upgrade to the latest software for the average home user except a faint hope that the next version will be less bugged? What has really changed that is of any use?"
They talk to their friends and are told about the wonderful 2000 or the wonderful XP and how they don't have any of the problems now like they had with 9x/ME. Or they use 2000/XP at work and have first hand experience. Again, I see these scenarios happen constantly.
-Lucas
And when I go to the grocery store, eveything appears to be fully stocked. I guess nobody buys groceries. *grin*
-Lucas
According to their VP of IS, they were future proofing to save money in the long term. I just hope they tested their current CAT5 for 1000baseT operation and it failed (I doubt it). If it was good enough, 1000baseT would have carried them through at least another six years and they would have only needed to upgrade the switches. Something tells me that this VP was just spending for the bling-bling and is a non-technical, overpaid, PHB. If I'm right, the fucker should be fired for wasting school and student money. A friend of mine working at a pretty big company just went through the same ordeal with his PHB. She (The PHB) got featured in an article because she upgraded to the buzzword "Fiber".
Check out these links for some good information and specs. Also, I managed to dig up some information provided by the company that installed the fiber.
-Lucas
-Lucas
-Lucas
Sorry, 8 years ago.
-Lucas
There's still some minor issues, but unless you're protecting something that multiple, highly technical government spies with uber elite access are trying to get at, PPTP is good enough. Hell, if someone were that determined, I doubt they would choose PPTP as their point of attack. The odds that everything else is more secure are pretty freaking slim.
I disagree that Microsoft can't implement encryption techniques these days. I'm confident that since Microsoft first coded their implementation of PPTP, they've learned to pay more attention to security related features. Back then, vulnerabilities weren't nearly as big of an issue as they are today. Windows Server 2003 is proof that they're making a sincere effort now that the desire for "Secure out of the box" is high on the average customer's list of features. And what about L2TP (Another VPN protocol introduced with Windows 2000)? Know of any weaknesses in it? I can't find any articles with complaints about it and it's been around for several years.
How would you like it if you made a mistake 9 years ago, fixed it, and people still referenced it when arguing why you suck today?
-Lucas
-Lucas
The perfect example is the army of corporate workers that come home with a laptop. If their corporate mail is just plain smtp and pop3, they'll be unable to send email from home. That's a lot more tech support calls from angry customers for the ISP and the help desk for their company.
My personal opinion is to just do it. We need to tighten the noose on email to help make a dent in the spam and virus problems.
-Lucas
-Lucas
My main beef with Zone Alarm is that by default, it blocks outbound VPN sessions and doesn't inform you like it loves to do when it blocks inbound session attempts. You can add the VPN server to the trusted zone, but that's after you realize what's going on. When troubleshooting connectivity issues, you never expect that the client computer is blocking its own outbound connections and it takes a while longer to realize that the client you're troubleshooting over the phone has this software installed. IMHO (And most security professionals agree), a personal firewall shouldn't block outbound sessions unless it's working at the application layer and has pattern definitions for known viruses. My second beef with it is that it announces every inbound session attempt it blocks in a way that makes it sound like it's stopping puppy rapists from doing their thing. Sure, you can change this behavior, but they intentionally set the defaults this way to take advantage of the uneducated users (The majority of the people that would install their software). When I did support for a local ISP, I had plenty of calls from people that were getting "hacked" by our DSL equipment. The software had them scared shitless of the Internet and all the background noise that came with it.
BlackIce has the same behavior.
So here we have two firewalls that block outbound sessions (WTF!?!) and like to prey on n00bs.
-Lucas
Sorry, but Zone Alarm, Black Ice, etc. are all PIECES OF SHIT. You have no idea how many times I've been troubleshooting broken internet apps only to find out that Zone Alarm/Black Ice is installed. One of my first questions now is to find out if those things are installed. The sole purpose of those software packages is to annoy you every time it blocks a connection and try and convince you to pay money for the enhanced version of the nagware.
You declare that the SP2 firewall broke your ability to print, but you do not know why. You just take a reactive stance and jump back to what works now instead of finding the underlying problem and solving it. I'm sorry, but I just don't believe that the firewall broke your ability to print unless there was an underlying reason. Outbound connections are not blocked by the firewall. The same statement goes for seeing others on the network. Maybe you were just impatient and didn't wait for browsing to stabalize which takes up to something like 15 minutes in a single broadcast domain. If you're really that anxious to connect to another computer and can't wait for the browse list, do a start | run | \\COMPUTERNAME.
If you want the computer to be seen on the network, create an exception list in the firewall configuration! It already has a preset for file and print sharing one tab over from where you enabled the firewall for crying out loud!
God I hate seeing ignorant fucks blaming the software vendor for their own ignorance, then getting modded up for it. It's not Microsoft's fault that you don't RTFM or open your eyes to see that there's other configuration options when you use a feature. Blaming Microsoft may be fun, but it's not always the answer.
-Lucas