While I haven't contributed to the fund in question, paypal's amazing ability to decide when and where to steal money for their own reasons is amazing. I really hope some attorney general takes them to task for this one.
I actually submitted this other auction with a similar title early this morning... Guess my timing was bad. The Games editor was probably still asleep and someone else dunked mine. =) Ah well. =)
Even though they lost their main talents, in 'Lord British' off to NCSoft's Lineage and Raph Koster off to wreck Star Wars Galaxies, I still had hopes for them to do something good. Looks like that's over now.
Sure.. it's relatively cheap bandwidth-wise to start a comic. You can never expect when something will blow up and turn all those nice slow-growth ideas into a smoking ruin, though.
For example: I do the day-to-day work keeping megatokyo running. Last month, we did well over 1.5 terabytes of traffic. And it's not hosted for free like some other comics out there.
No one involved expected megatokyo to explode like it did. Well-timed links by Penny-Arcade and Slashdot made sure there was no room for 'slow-growth'.
Let me preface this with a disclaimer. I worked in AOL's mail and anti-spam groups for 5 years, ending back about a 2 years ago. I still keep in touch with the people back there, and I have a good idea what's up, as I still work in the anti-spam 'industry'.
Not that anyone will see this, as it's on the second page of comments...
A massive percentage of spam (well over 50%) comes from compromised windows boxes running either trojan software to open ports for spammers to proxy through, software like AnalogX that does the same, or just users who somehow manage to set up a proxy that's open to the world. There's also a big problem with a LOT of the DSL hardware on the market, that allows people to proxy through it transparently, via use of a security hole. Check Bugtraq if you want to find details.
These broadband connections are where the spammers are headed for anonymity. Yeah, sure, there's still a bunch of big-time professional spammers out there who spam away from their often-moving netblocks. That bunch isn't so hard to keep up with.
There's also the problem of Klez and other SMTP aware worms that busily want to send you lots of infected mail. Sure, *nix users don't really care about that, but companies like AOL, with a crapload of less-than-savvy users have to.
It's been this way for 56k dialups for about 3 years or so... but the noise about that only lasted a few weeks, much like this will. If your DSL company can't support your needs, vote with your feet! Switch your service to one that can. If Verizon can offer you service, you can pretty much bet that Covad can too.
(shameless plug: Check out lmi.net for that stuff.. small companies make for better service, and if you need the medium-sized company feel, go with Speakeasy.)
So what if you have a contract... if they can't get your mail to AOL with the right domain, it sounds like grounds to break it to me. =)
They don't really. Clients on the internal network talk to processes which can interface with the databases. Even IF Merlin was compromised, you would have to crawl through looking up random accounts/names and extracting billing data from those. Only people who have specific need to modify billing data can see it at all, so you'd have to compromise the right PERSON as well.
You have to have access to the DB servers themselves, in order to run queries against them. AOL's setup is really much like the one you describe here. It's as secure as it can be, while still being useful how it needs to be.
I'm doubting they got into Merlin with this method
on
AOL's Merlin Compromised?
·
· Score: 5, Informative
disclaimer: I worked at AOL for 5 years... i'm pretty familiar with the system under discussion.
One thing that hasn't beem mentioned is that the SecurID system also requires a pin number to log in, and employees are strongly trained not to give that to anyone.
Also, Merlin requires a special client, that would be a bit hard for someone using a man-in-the-middle attack to enter information into and/or see the results of.
As for the social-engineering aspect, people have been doing that all over the world, for centuries. Only a few of them are called hackers. The rest are called journalists.
I know at least for awhile, Saturn was using industrial velcro to hold on fenders/body parts to the frame. Not your mother's velcro, this stuff requires a little sheet-metal shim to break the connections and a good amount of pulling to get loose.
Not sure if they're still using it or not, but if they are, it would explain why there's no rattle.
One of the things I designed and championed while I was at AOL was a system where AOL users who use regular outbound TCP to connect to external mailservers can't just do what they want... AOL twists outbound port 25 connections to a set of AOL-run mailservers that check for spam and tag the AOL member's real AOL address into the headers of a mail that goes out that way. Really cut down the spam coming from throwaway accounts. =)
As someone who spent 5 years of his life fighting spam for AOL as part of the postmaster group, then part of the mail team, I can assure you we're much more altruistic than that.
We fight spam for 2 reasons... as the biggest target in the world for spammers, they nail the HELL out of AOL's servers trying to deliver crap. AOL users are often less savvy than other net users, so they're considered easier targets. Two, because AOL members time and time again complained more about getting spam than about anything else, and AOL likes to keep its members happy. Sure, keeping AOL's members happy improves the bottom line.. but that's the best way to do it.
They can put all the labels they like on it, but the Magnuson-Moss Warranty Act requires they prove that any problem is a result of damage caused by you. Just a sticker being broken doesn't count.
Slashdot Mirror
That tagline is from like 1999. You know you were still eating square pizzas for lunch then.
Timecube is more readable. Barely.
Maybe, just maybe.. if we're VERY lucky. We might end up with Bungie's legendary vapor-game PIMPS AT SEA!!
Regardless, the comic was at worst a vague veiled show of frustration against the establishment, not a threat to man or corporation.
As someone who is part of the organization of another major webcomic, things like this are frightening. I like to keep my jobs, personally.
Naah.. the whole 180 thing is a lie to get you to wait 'til they've managed to misappropriate your money somewhere.
Other people have waited the time and magically... no money. Not like that was a surprise.
While I haven't contributed to the fund in question, paypal's amazing ability to decide when and where to steal money for their own reasons is amazing. I really hope some attorney general takes them to task for this one.
I actually submitted this other auction with a similar title early this morning... Guess my timing was bad. The Games editor was probably still asleep and someone else dunked mine. =) Ah well. =)
Remember that a pace is TWO steps. Not one. Still, I doubt anyone but Andre the Giant would get near a mile.
Even though they lost their main talents, in 'Lord British' off to NCSoft's Lineage and Raph Koster off to wreck Star Wars Galaxies, I still had hopes for them to do something good. Looks like that's over now.
Sure.. it's relatively cheap bandwidth-wise to start a comic. You can never expect when something will blow up and turn all those nice slow-growth ideas into a smoking ruin, though.
For example: I do the day-to-day work keeping megatokyo running. Last month, we did well over 1.5 terabytes of traffic. And it's not hosted for free like some other comics out there.
No one involved expected megatokyo to explode like it did. Well-timed links by Penny-Arcade and Slashdot made sure there was no room for 'slow-growth'.
Ah well.. I'll go keep an eye on the MT server and make sure it doesn't keel over. =)
Sides... Slashdot runs MT ads... what's a few hundred thousand more hits?! =)
cortana (at) megatokyo
There's trojans out there now that disable anti-virus protection, and disable/reconfigure zone alarm to let themselves in and out.
Cheap, mass-market software firewalls will not protect you.
Only common sense and not opening mails/attachments and downloading files from untrusted sources will.
Unfortunately, far too many users are lacking in the common sense part.
AOL is also their own registrar, so it's pretty much impossible for them to ever lose their domain. =)
Let me preface this with a disclaimer. I worked in AOL's mail and anti-spam groups for 5 years, ending back about a 2 years ago. I still keep in touch with the people back there, and I have a good idea what's up, as I still work in the anti-spam 'industry'.
Not that anyone will see this, as it's on the second page of comments...
A massive percentage of spam (well over 50%) comes from compromised windows boxes running either trojan software to open ports for spammers to proxy through, software like AnalogX that does the same, or just users who somehow manage to set up a proxy that's open to the world. There's also a big problem with a LOT of the DSL hardware on the market, that allows people to proxy through it transparently, via use of a security hole. Check Bugtraq if you want to find details.
These broadband connections are where the spammers are headed for anonymity. Yeah, sure, there's still a bunch of big-time professional spammers out there who spam away from their often-moving netblocks. That bunch isn't so hard to keep up with.
There's also the problem of Klez and other SMTP aware worms that busily want to send you lots of infected mail. Sure, *nix users don't really care about that, but companies like AOL, with a crapload of less-than-savvy users have to.
It's been this way for 56k dialups for about 3 years or so... but the noise about that only lasted a few weeks, much like this will. If your DSL company can't support your needs, vote with your feet! Switch your service to one that can. If Verizon can offer you service, you can pretty much bet that Covad can too.
(shameless plug: Check out lmi.net for that stuff.. small companies make for better service, and if you need the medium-sized company feel, go with Speakeasy.)
So what if you have a contract... if they can't get your mail to AOL with the right domain, it sounds like grounds to break it to me. =)
They don't really. Clients on the internal network talk to processes which can interface with the databases. Even IF Merlin was compromised, you would have to crawl through looking up random accounts/names and extracting billing data from those. Only people who have specific need to modify billing data can see it at all, so you'd have to compromise the right PERSON as well.
You have to have access to the DB servers themselves, in order to run queries against them. AOL's setup is really much like the one you describe here. It's as secure as it can be, while still being useful how it needs to be.
disclaimer: I worked at AOL for 5 years... i'm pretty familiar with the system under discussion.
One thing that hasn't beem mentioned is that the SecurID system also requires a pin number to log in, and employees are strongly trained not to give that to anyone.
Also, Merlin requires a special client, that would be a bit hard for someone using a man-in-the-middle attack to enter information into and/or see the results of.
As for the social-engineering aspect, people have been doing that all over the world, for centuries. Only a few of them are called hackers. The rest are called journalists.
I know at least for awhile, Saturn was using industrial velcro to hold on fenders/body parts to the frame. Not your mother's velcro, this stuff requires a little sheet-metal shim to break the connections and a good amount of pulling to get loose.
Not sure if they're still using it or not, but if they are, it would explain why there's no rattle.
There's also a nice big honking side-impact beam in your Corvette's fiberglas-shod door. That's the real longitudinal reinforcement.
One of the things I designed and championed while I was at AOL was a system where AOL users who use regular outbound TCP to connect to external mailservers can't just do what they want... AOL twists outbound port 25 connections to a set of AOL-run mailservers that check for spam and tag the AOL member's real AOL address into the headers of a mail that goes out that way. Really cut down the spam coming from throwaway accounts. =)
well... aol owns mapquest.. not too surprising. aol.com runs on it, though.. and that's no small amount of load.
As someone who spent 5 years of his life fighting spam for AOL as part of the postmaster group, then part of the mail team, I can assure you we're much more altruistic than that.
We fight spam for 2 reasons... as the biggest target in the world for spammers, they nail the HELL out of AOL's servers trying to deliver crap. AOL users are often less savvy than other net users, so they're considered easier targets. Two, because AOL members time and time again complained more about getting spam than about anything else, and AOL likes to keep its members happy. Sure, keeping AOL's members happy improves the bottom line.. but that's the best way to do it.
Wrong.
The GameCube came out a few days before the Xbox, officially, but was not actually seen in most stores until the weekend after the Xbox had launched.
Nintendo made a weak announcement to stores that they should "Go ahead and sell the Gamecubes you already have", when most stores had none yet.
I use my mod chip to play games imported from Japan. Which I pay for. my mod, as it stands won't even play a burned disc.
They can put all the labels they like on it, but the Magnuson-Moss Warranty Act requires they prove that any problem is a result of damage caused by you. Just a sticker being broken doesn't count.
Definitely not always safe to assume. When I was 13 or so, the SSA sent my SSN to ~4000 people, including the sister of a friend of mine.
And they were even nice enough to refuse to grant me a new one, changing all the mis-sent ones instead.
I always wonder when I'm going to find like 200 names on my credit record. Then again, my credit sucks. I'm probably screwing them all over. =)