---
On my opinion SPAM is occuring as abuse of ability to send mail to multiple recipients. So here is an idea how to fight spam:
1. We need to limit number of users in messages in To: Cc: and Bcc: for a reasonable amount (about 30) ---
As you say below, the solution 'should' be on the client side (ie: filtering when receiving). The client, doesn't care, that's the point. Joe Public doesn't want to manage filters, and crap like that, they would rather complain about it, yell at their ISP and then curse the senders.
As far as client software (send & receive), if clients such as Eudora, Outlook, Mozilla, Pine, 'mail', etc. were to limit the numbers of mailings that could be sent (which it is doubtful they would) the spammer would just continue to use another software product. If software limitations were imposed (within sendmail, qmail, exchange, etc.) they (spammers and the below stated) would just go elsewhere.
In that case, the only limitations would be on people that had a legitimate reason for sending mass eMails, ie: family when someone is in the hospital, soccer moms & coaches, people continuing hoax's... (ok, we can get rid of them)
---
2. All messages that bear more addresses in To: Cc: and Bcc: should be junked on servers automatic ally. ---
First, See above.
Second, have you taken a look at your spam mail recently? Look at all of the headers, many (most) of the spam that comes through now-a-days has one address in it... yours, in the To: header. The amature spammers use massive Cc:/Bcc:/To:'s, but most of the effective spam will get past simple filters by putting your name in the To:.
Third, a problem that you will run into is that this will not be adopted due to the chance that some soccer mom, jehovah's witness, or someone in a Senator's office will lobby against this and will start an anti-spam-blocking-league as soon as they get's criticised for not putting someone on a mass mailing list.
---
3. If you have a legitimate need to use mass mailing - you should use DIFFERENT system. Not mail system. Better to use news for that purpose, but current NNTP-based newsgroups are way to hard to maintain and adding new group is a nightmare for "regular user" ---
"They" (spammer scum of the earth) are one step ahead of you. In fact, they already use a very different system for spamming. In many situations, spammers use open relays, one-time-use accounts (AOL Free 1000 hours, hotmail.com, yahoo.com, etc.), and established spam domains. The use of these is actually fully automated at this point, and when they don't use those, they send it from their own domain with a "You opted in to this mailing" or "You are receiving this due to our business partners" etc, etc...
--- I see that mailing lists that have only your "to" will go through this filter - but that proposed measures will junk a lot of spam already! The remaining should be a task for intellectual mail filters on a client side. ---
Not surprisingly, spam filtering falls under three items of the title 'computer security', information security, network security, and system security. And just as a company should not have -only- a firewall, a company should not -only- have a single spam filtering method. The method should be multi-tier with checks for who the mailing is addressed to, which content checks, blackhole/open relay lists checked, verifying the validity of the mailing user, etc.
Lastly, users need to take responsibility and be properly trained. Putting your eMail address on mailing lists, signing up for porn with a frequently used eMail address, and general stupidity help these scum harvest eMail addresses and users need to take action also [See Prevention].
I know they have been listed before, but I haven't seen a comprehensive list of resources on here recently so here one is:
Anti-Spam Manifestos and Organizations The IETF Anti Spam Recommendations - ftp://ftp.isi.edu/in-notes/bcp/bcp30.txt Fight Spam on the Internet! - http://spam.abuse.net/ The Coalition Against Unsolicited Commercial Email - http://www.cauce.org/ SpamCon Law Foundation Center - http://law.spamcon.org/ SpamHaus - http://spamhaus.org/
Blacklists - Blacklists Compared - http://www.sdsc.edu/~jeff/spam/Blacklists_Compared . tml Google List of Blacklists - http://directory.google.com/Top/Computers/Internet / buse/Spam/Blacklists/ SpamCop Blocking List - http://spamcop.net/bl.shtml Open Relay Black List (ORBL) (Currently Appears Down)- http://www.orbl.org/ Open Relay Database (ORDB) - http://www.ordb.org OpenRBL DNS Lookup - http://openrbl.org/ Distributed Sender Boycott List - http://dsbl.org/ OsiruSoft's Open Relay Spam Stopper - http://relays.osirusoft.com/ MAPS (Mail Abuse Prevention System, RBL/RSS/DUL/NML) - http://mail-abuse.org/dul/ Vipul's Razor - http://razor.sourceforge.net/ (a distributed, collaborative, spam detection and filtering network.) SpamAssassin - http://www.spamassassin.org SpamBouncer - http://www.spambouncer.org/ Spam Cop - http://spamcop.net/ Abuse.net - http://www.abuse.net/ & http://www.abuse.net/tools.html
Since the late 90's, the US Govt (Specifically the NSA, CIA, and NRO) along with other govts have showed increased interest in IRC. The original problem with monitoring IRC was the ability to correlate the packets (through Eschelon, JID, misc. sniffers) to the handles, DCC sessions, and misc. queries. Once scripts were established to correlate time stamps, and do active session recreation/replay the data was a bit more reliable, however there were large gaps in the data where netsplits occurred, or handles changed, dynamic IP's, etc. Since running analysts through abstract sessions of data was counterproductive, the data was dropped. So in public channels, bots and live agents (*cough*analysts*cough*) were placed to idle and log, however groups started catching on to the idlers and kicking, in addition, since all of the operations were done w/o the knowledge of IRCops, K-Lines started being put up and times got a bit harder.
So starting in late 2000, when reliable/substantiated information started comming across about possible Electronic Warfare, under cover company names, IRC servers started getting funding and/or being provided by agencies with an active tcpdump w/ ssl netcat (or scheduled ssh dumps depending) running on them (yes, that simple) which was then reprocessed and sessions recreated through a series of parsing scripts and dumped into databases that track handles, IPs, session data, keyword recognition (including handles, group names, and a series of acronyms/extensions), along with the ability to grab code snippets.
OPN, DAL, IRCNet and EFNet all participate in monitoring, EF and IRCNet remain the least cooperative, DAL and OPN actively participate and support the process. LiloFree, SuidNet, Conclave, and others are extremely difficult to track, however have their faults.
I won't get into IM protocols since we all know the inherant problems. AOL has not been entirely supportive of US Govt efforts to setup monitoring devices, however the Time Warner side of AOL/Time Warner has been a bit more agreeable. ICQ/Mirabilis gave in a -long- time ago, LICQ over SSL is great though.
The quotes below are great, however in times like these, the famous line "Do not disclose, sources or methods" from our spook friends applies quite well.
Reply to:
...except that the Govt. can already monitor e-mail (with Carnivore), phone conversations (with Echelon) and snail mail. So
basically they need to whip up some way of controlling IRC as well, and CNN is only happy to oblige in preparing the national psyche for that (since AOL will make more money if people are forced to use corporate chat services). The sad thing is that, since 9/11, a lot of people seem willing to forego their hard-won civil liberties for security (or at least the illusion of).
This reminds me of two famous (and nearly identical) quotes:
They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
-- Benjamin Franklin (1706-1790), Letter to Josiah Quincy, Sept. 11, 1773.
Those who desire to give up freedom in order to gain security will not have, nor do they deserve, either one.
-- President Thomas Jefferson.
1743-1826
From the bottom of my cold lead filled heart...
Congrats... Welcome to the first day, of the rest of your life... marriage.. now that brings back memories.
A poem for you and yours...
Hearts and Roses and Kisses galore
What the hell is all that shit for?
People get mushy and start acting queer
It is definately the most annoying day of the year
This day needs to get the hell over with and pass
Before I shove a dozen roses up Cupid's ass
I'll spend the day so drunk that I can't speak
And wear all black for the rest of the week
Guys act all sweet, but soon it will fade
For all they are trying to do is get laid
The arrow Cupid shot at me must not have hit
Because I think love is a crock of shit
So here is my congratulations...
What else can I say...
Love bits my ass... Fuck Valentines Day!!!
First and foremost, if you once had the "umph!" to do what you love, then get it back? How you ask!? (oh yah, you did...) Find a challenge, you're flipping through "off by one" bugs and getting rid of them, then maybe you need more of a challenge. Don't expect the University to give you those challenges, go out and find them yourself. What is it about technology that you like, or should I ask what -did- you like? I like Security, I'm a paranoid asshole by nature, computer geek by trade, being trained as a Volunteer EMS (Fire Fighter / Paramedic) and Private Investigator as a hobby. Honestly, I can't stand computers, but it allows me to do what I really like, security.
My recommendation is to find out what it is that you REALLY enjoy, don't leave school, and enjoy your summer break - but make sure you come back. If you find that what you are doing bores you, then look for new challenges. I used to want to do nothing but sit at a console, pour through i86ASM and C looking for flaws and documenting them (it was like being a private investigator, but smaller) or respond to 3AM calls when some executive is freaking out because some skr1pt kidddie defaced his website to show a picture of his bare ass screwing a woman that wasn't his wife then send that picture off to allemp@host, however that even got boring after a while.
Starting in the spring, my company is going to start sending me to school, and the want me to get a CS. However I know that a CS is not going to help me that much in my career, and it is probably going to bore the living shit out of me. So, I'll toss in some psychology/sociology classes, some extra writing classes, maybe some chemistry, hell - maybe some basket weaving and cross stitching! At least I'll be in school doing something with the possibility of learning more.
To finish my ramble, when you start getting good at what you do, you reach a plateau. It's when you get to that plateau, that you have to look for the next mountain range and keep climbing. Each time, you find a higher moutain.
Although my post-work Halloween sucked ass (something about putting a nail through your foot 24hrs before Halloween makes going dancing, walking, or anything a bit difficult) my time at work was fun. I put on an old bright orange jumpsuit I had custom made, on the front left above the pocket it had my name written out in block letters, and on the back "CYOTE FLATS FEDERAL PRISON."
I decided to test my luck and go to the DMV after work, no problems. Passed over a dozen police, no problems. Went into a gas station, no problems. Pump gas, no problems. Sit outside at a park bench and smoke a cigarette while looking at the moon, get interrogated, hand cuffed, and thrown in the back of a cop car while he runs my ID. Hows that for ironic?
I'll have to put on my leg shackles, hand cuffs, and go rolling around in the dirt before I go out next year.
Just as Rome stored their documents in massive distributed libraries, we will eventually store all of our documents on massive distributed digital networks.
Unfortunately, one of the things I did not see in the article, was the problems of war. As many of the massive libraries in Rome were burned and records lost, an EMP (Electro-Magnetic Pulse) would wipe out many of our records.
Those who do not learn from their past are doomed to repeat it.
The United States has liquified all of its previous assets. Forestry, oil, farming, technology, etc. Take a look at the rest of the world, most countries are self-sufficient. But not the United States. In a country that ranked 47th(?) in education, we are ignorant enough to beleive that we have the best minds in the world. Therefor, we are entitled to put a copyright/patent/restriction on everything that we think of or do.
The book Snow Crash by Neal Stephenson was actually pretty close when stated that the United States is going to hell in a handbasket. The US really doesn't 'produce' anything anymore except for technology. That's about to change, and the US is scared shitless.
Over the years I have seen many a people brought down by the lack of a job, the stress of downsizing, or deciding that they hated their job and had a great offer but the offer fell through and they already told their boss to go fuck himself (see the first problem, lack of a job.)
In all of these situations, there have been several major problems: Lack of Forsight, and Lack of Redundancy. People spend hours upon hours hardening routing tables and installing IDS sensors into a network, or putting on tripwire and patching the latest overflows, but no one takes the time to harden their own mind. People seem to think that their job will always be there, that maybe - they can go to their boss or a co-worker and explain a problem.
Unfortunately in todays Tech society and in many parts of our society, comming by a company that has as much dedication to its employees as most Geek employees have to their job is something that is few and far inbetween.
As many of you, I decided to try and get a new job at the wrong time. However now I love my job beyond all belief, but it doesn't pay what I want. So instead of cashing in my chips and getting a new one, I decided to start several small side businesses hoping one or two of them would prosper. All of them require only a little bit of effort and have the potential to develop residual income. If anyone is in need of another opportunity, feel free to contact me at auto222418@hushmail.com, I will respond from a named account just tired of web spiders grabbing my real addresses. In the mean time, you can check out a similar project, http://www.excelir.com/chno and a side project of Mind Hardening at http://www.octanoid.org/hardening/.
Best of luck! People have made it through worse, I know I have and will give advice at any time.
If you look at the filmography of Star Trek over the years, you will see a big change in the way that the actors have been cast.
Conventional fresh actor background (stage acting) is being substituted with pop culture crap. One of the big things that Paramount screwed up with this time around (Andromeda and Star Trek : Enterprise), is they took a couple established actors, and put them into Star Trek roles. Rehashing dead careers is NOT a Good Thing (TM). Yah, I've watched Andromeda. Lexa Doig is a good actor, attractive, and has a snappy sense of humor. She's about the only good thing in the series. I'm getting tired of predicting that Tyr is once again going to have everyone thinking that he's going to betray the crew, and then come back to their side at the last minute. Plus the adverts for the next show, showing half way through the middle of the first show is kind of annoying. Especially when it's at a climax point, the ship is about to blow up, and they show a preview of the next show and the ship is fine.
Lessons that should be learned by ST:VOY and Andromeda - rehashing old careers, especially into careers that geeks will watch - is a bad idea. Get some fresh actors in there, quit looking at the pop culture looking icons and get some new people with acting ability in.
Why did ST:TNG and ST:TOS kick ass? It brought in people that were not known for their old roles. They were people fresh in their acting career. Some never really got out of the Star Trek arena, some went on to do better things. However, you never hear someone say "Man, I can't look at Patrick Stewart and not think of Picard!" Anymore, I look at William Shatner and think of Priceline, not Kirk, but that's another story. Of course, who could forget Denise Crosby (Tasha Yar) in her Red Shoe Diaries playing a cop... but...
Only thing I have to say to Scott Bakula in ST:ENT is that if ANY "To be continued..." episode ends with him saying "Oh boy!" I'm going to shoot some script writer at Paramount. It was bad enough with Kevin Sorbo getting "He looks like some kind of greek god!" jokes.
Re:But Microsoft will decide to invent their own..
on
New Mail RFCs Released
·
· Score: 1
No no no... see... We had something good, RFC822, now there is RFC2822, now Microsoft will come out with their own standard (RFC2822MS) that doesn't support any other standard, but then some ticked off OpenSource/GNU loving sysadmin will come out with OpenRFC2822 that uses both and the world will be a better place.
But... it will contain a piece of GNU text, and Richard Stallman will insist that we call is GNU/RFC2822 =)
-SAFH
Although I was short employed with Telocity, Inc. (that is the NASDAQ symbol "TLCT" [amuzing]) I found my termination to be rather amuzing.
My position was as a Security Analyst, the direct interperetation being "Someone who analyses security", saving the company from a IPO Web Deface Hack and implementing security policies that previously did not exist.
While doing a "screen lock" check, jotting down the workstations that were not locked, I came across an office in HR, on the screen - open - in Word, was my termination letter. I printed out a copy, and took it to my Exit Interview that I found out about two hours later, along with my badge and cellphone. Needless to say, HR was rather - stunned. My boss was impressed, smirked, and stated "Hey, I hired him because he was good.", while the HR bitch just stared at me.
Funny thing, they didn't pay any of my relocation which cost me out of pocket over $7.5k and gave me none of my hiring bonus.
My boss (only other person there who did security) was terminated a couple weeks later. Leading to the "passive/reactive" approach to security.
Tried to eMail this to you, however your address failed.
It was nice to read your posting on Slashdot regarding your past and how you have progressed to your current place in life. Slightly in reverse, I now am paying my dues - going on twenty, having accomplished much of what I desired in life through alternate means. Short of my life, dropped out of high school my Junior year, got my GED and jumped into the Security Industry. Was very successful, ran a small mid-west ISP for a couple years (part of the reason I dropped out) and then moved across the country for contracts.
Now however, those years of success are catching up to me. Once companies found out what my age was while performing my duties as a consultant (ie: auditing Fortune 50 companies, performing post-mortem network forensics for a Fortune 100, redeveloping and engineering new methodologies and auditing automation for an "up and coming" security company) the same things started to happen as when I was in high school. My salary was actually cut post-hire $20k because I was 19 and had a shaved head and goatee, later I was terminated due to not going out drinking with "the guys" which was coined "not properly integrating [myself] into the company." Now that I have taken the time to re-evaluate my life and want to go -back- to school (North Seattle Community College), finding a company willing to be flexible with a full/partial load is a nightmare. Even agreeing to long term employment commitments while I get my transfer credits out of the way and then pursue a CS and PsyD while developing an InfoSec Curriculum doesn't seem to be understood.
In the end, it boils down to people being afraid of what they do not understand (even if it could be a Good Thing[tm]) and as has been proven through out the years - what is not understood must be classified as weird and evil. Perhaps this is what Nostradamus was refering to when he said that evil would conquer and a new world order would reign?:)
Best wishes, I hope some day if you visit your Seattle office that we could do coffee or lunch and swap stories.
Don't know if any of you noticed, but only the advertising banner shows up... the rest of the page? Network Problems. But works hard to load www.do-not-sleep.com. Funny.
Yes, anyone can decode the Zip+4, the +2 at the end is quite different. However, the point is - what would be difficult. Going to a street addres, or dragging the Zipcode, delivery route, side of the street, and house from corner out of the USPS.
As a matter of fact, that type of "anonymity" is possible today.
Take a close look at your mail, your zip code. Five numbers + 4 numbers, there are actually two more there + 2. With those 11 numbers, the mail can be delivered to your door. They don't like doing it, but it can be done.
Take into consideration, if you live in an apartment building, you may still have to attach your apartment number to it. But a 5-6 line address, taken down to #542 01021-9024 24, would be pretty cool.
It's close to what you are looking for, an anonymous remailer for snail-mail, but it is a bit more cryptic and a bit more difficult to backtrack.
Looks like until then, we'll just have to enjoy Mail Boxes Etc. =)
I will for once agree that the charges of posession of "L0phtCrack" for malicious purposes.
As well stated, posessing a lockpick set is not illegal and can be a valuable tool! Posessing a lockpick set after you broke into someone car, house, or facilities - is dumb, and is considered a tool of criminal activity.
I'm definately going to have to keep up on this story, being that I am located in Roseville, Minnesota I'll keep slashdot updated.
There have been a series of views on the state of geeks today. I personally have become so confused at the differing stances on "Geeks" "Nerds" "Hackers" and "Crackers" that I just classify myself as a Geek because I have become so tired at explaining what a Hacker is.
The point being, this study has actually begun to hit the surface of how geeks work. Most of these studies are funded because most of the individuals who in high school were austracised (sp) from any social clique are maturing into indispensable members of society. The "jocks" and "preps" are getting out of college and thrown into the fire. Most of them come out of the fire scorched and bleeding from not having to deal with abuse. However the pre-scorched pre-beaten Geeks and Nerds who drop out of high school, or leave high school having been through the fire learn to cope.
And survive..
Study high-school and you will find your answer to how "socially inept" individuals survive.
Study us... and you will find that we've been studying you much longer.
Slashdot Mirror
---
d . tml t / buse/Spam/Blacklists/
t cp - http://cr.yp.to/ucspi-tcp.htmld - http://cr.yp.to/ucspi-tcp/rblsmtpd.htmlo ftware
n et / buse/Spam/Preventing/. html
On my opinion SPAM is occuring as abuse of
ability to send mail to multiple recipients.
So here is an idea how to fight spam:
1. We need to limit number of users in messages in To: Cc: and Bcc: for a reasonable amount (about 30)
---
As you say below, the solution 'should' be on the client side (ie: filtering when receiving). The client, doesn't care, that's the point. Joe Public doesn't want to manage filters, and crap like that, they would rather complain about it, yell at their ISP and then curse the senders.
As far as client software (send & receive), if clients such as Eudora, Outlook, Mozilla, Pine, 'mail', etc. were to limit the numbers of mailings that could be sent (which it is doubtful they would) the spammer would just continue to use another software product. If software limitations were imposed (within sendmail, qmail, exchange, etc.) they (spammers and the below stated) would just go elsewhere.
In that case, the only limitations would be on people that had a legitimate reason for sending mass eMails, ie: family when someone is in the hospital, soccer moms & coaches, people continuing hoax's... (ok, we can get rid of them)
---
2. All messages that bear more addresses in To: Cc: and Bcc: should be junked on servers automatic ally.
---
First, See above.
Second, have you taken a look at your spam mail recently? Look at all of the headers, many (most) of the spam that comes through now-a-days has one address in it... yours, in the To: header. The amature spammers use massive Cc:/Bcc:/To:'s, but most of the effective spam will get past simple filters by putting your name in the To:.
Third, a problem that you will run into is that this will not be adopted due to the chance that some soccer mom, jehovah's witness, or someone in a Senator's office will lobby against this and will start an anti-spam-blocking-league as soon as they get's criticised for not putting someone on a mass mailing list.
---
3. If you have a legitimate need to use mass mailing - you should use DIFFERENT system. Not mail system. Better to use news for that purpose, but current NNTP-based newsgroups are way to hard to maintain and adding new group is a nightmare for "regular user"
---
"They" (spammer scum of the earth) are one step ahead of you. In fact, they already use a very different system for spamming. In many situations, spammers use open relays, one-time-use accounts (AOL Free 1000 hours, hotmail.com, yahoo.com, etc.), and established spam domains. The use of these is actually fully automated at this point, and when they don't use those, they send it from their own domain with a "You opted in to this mailing" or "You are receiving this due to our business partners" etc, etc...
---
I see that mailing lists that have only your "to" will go through this filter - but that proposed measures will junk a lot of spam already! The remaining should be a task for intellectual mail filters on a client side.
---
Not surprisingly, spam filtering falls under three items of the title 'computer security', information security, network security, and system security. And just as a company should not have -only- a firewall, a company should not -only- have a single spam filtering method. The method should be multi-tier with checks for who the mailing is addressed to, which content checks, blackhole/open relay lists checked, verifying the validity of the mailing user, etc.
Lastly, users need to take responsibility and be properly trained. Putting your eMail address on mailing lists, signing up for porn with a frequently used eMail address, and general stupidity help these scum harvest eMail addresses and users need to take action also [See Prevention].
I know they have been listed before, but I haven't seen a comprehensive list of resources on here recently so here one is:
Anti-Spam Manifestos and Organizations
The IETF Anti Spam Recommendations - ftp://ftp.isi.edu/in-notes/bcp/bcp30.txt
Fight Spam on the Internet! - http://spam.abuse.net/
The Coalition Against Unsolicited Commercial Email - http://www.cauce.org/
SpamCon Law Foundation Center - http://law.spamcon.org/
SpamHaus - http://spamhaus.org/
Blacklists -
Blacklists Compared - http://www.sdsc.edu/~jeff/spam/Blacklists_Compare
Google List of Blacklists - http://directory.google.com/Top/Computers/Interne
SpamCop Blocking List - http://spamcop.net/bl.shtml
Open Relay Black List (ORBL) (Currently Appears Down)- http://www.orbl.org/
Open Relay Database (ORDB) - http://www.ordb.org
OpenRBL DNS Lookup - http://openrbl.org/
Distributed Sender Boycott List - http://dsbl.org/
OsiruSoft's Open Relay Spam Stopper - http://relays.osirusoft.com/
MAPS (Mail Abuse Prevention System, RBL/RSS/DUL/NML) - http://mail-abuse.org/dul/
Vipul's Razor - http://razor.sourceforge.net/ (a distributed, collaborative, spam detection and filtering network.)
SpamAssassin - http://www.spamassassin.org
SpamBouncer - http://www.spambouncer.org/
Spam Cop - http://spamcop.net/
Abuse.net - http://www.abuse.net/ & http://www.abuse.net/tools.html
Tools -
QMail - http://www.qmail.org
QMail Anti-Spam Sectionhttp://www.qmail.org/top.html#spam
ucspi-
tcpserver - http://cr.yp.to/ucspi-tcp/tcpserver.html
rblsmtp
Procmail - http://www.procmail.org/
RBL Check Script - http://rblcheck.sourceforge.net/
Tagged Message Sender (TMS) - http://www.deepeddy.com/tms
tcp_wrappers - ftp://ftp.porcupine.org/pub/security/index.html#s
Preventing (Slowing) -
http://directory.google.com/Top/Computers/Inter
Five Easy Ways to Spam Prevention - http://www4.zdnet.com/anchordesk/story/story_1180
Sugarplum - (Generates fake eMail addresses for harvesters) http://www.devin.com/sugarplum/
Sneakemail - (Disposable eMail addresses) http://sneakemail.com
Emailias - (Disposable eMail addresses) http://www.emailalias.com
Credit to: Chris Hardie of chris@[X]sault.com insert 'summer' at [X] and everyone that is
an active member of the anti-spam groups around the world.
Since the late 90's, the US Govt (Specifically the NSA, CIA, and NRO) along with other govts have showed increased interest in IRC. The original problem with monitoring IRC was the ability to correlate the packets (through Eschelon, JID, misc. sniffers) to the handles, DCC sessions, and misc. queries. Once scripts were established to correlate time stamps, and do active session recreation/replay the data was a bit more reliable, however there were large gaps in the data where netsplits occurred, or handles changed, dynamic IP's, etc. Since running analysts through abstract sessions of data was counterproductive, the data was dropped. So in public channels, bots and live agents (*cough*analysts*cough*) were placed to idle and log, however groups started catching on to the idlers and kicking, in addition, since all of the operations were done w/o the knowledge of IRCops, K-Lines started being put up and times got a bit harder.
So starting in late 2000, when reliable/substantiated information started comming across about possible Electronic Warfare, under cover company names, IRC servers started getting funding and/or being provided by agencies with an active tcpdump w/ ssl netcat (or scheduled ssh dumps depending) running on them (yes, that simple) which was then reprocessed and sessions recreated through a series of parsing scripts and dumped into databases that track handles, IPs, session data, keyword recognition (including handles, group names, and a series of acronyms/extensions), along with the ability to grab code snippets.
OPN, DAL, IRCNet and EFNet all participate in monitoring, EF and IRCNet remain the least cooperative, DAL and OPN actively participate and support the process. LiloFree, SuidNet, Conclave, and others are extremely difficult to track, however have their faults.
I won't get into IM protocols since we all know the inherant problems. AOL has not been entirely supportive of US Govt efforts to setup monitoring devices, however the Time Warner side of AOL/Time Warner has been a bit more agreeable. ICQ/Mirabilis gave in a -long- time ago, LICQ over SSL is great though.
The quotes below are great, however in times like these, the famous line "Do not disclose, sources or methods" from our spook friends applies quite well. Reply to:
s,"Valentines Day","Black Thursday",
From the bottom of my cold lead filled heart...
Congrats... Welcome to the first day, of the rest of your life... marriage.. now that brings back memories.
A poem for you and yours...
Hearts and Roses and Kisses galore
What the hell is all that shit for?
People get mushy and start acting queer
It is definately the most annoying day of the year
This day needs to get the hell over with and pass
Before I shove a dozen roses up Cupid's ass
I'll spend the day so drunk that I can't speak
And wear all black for the rest of the week
Guys act all sweet, but soon it will fade
For all they are trying to do is get laid
The arrow Cupid shot at me must not have hit
Because I think love is a crock of shit
So here is my congratulations...
What else can I say...
Love bits my ass... Fuck Valentines Day!!!
This was written by a friend of mine, Matthew.
First and foremost, if you once had the "umph!" to do what you love, then get it back? How you ask!? (oh yah, you did...) Find a challenge, you're flipping through "off by one" bugs and getting rid of them, then maybe you need more of a challenge. Don't expect the University to give you those challenges, go out and find them yourself. What is it about technology that you like, or should I ask what -did- you like? I like Security, I'm a paranoid asshole by nature, computer geek by trade, being trained as a Volunteer EMS (Fire Fighter / Paramedic) and Private Investigator as a hobby. Honestly, I can't stand computers, but it allows me to do what I really like, security.
My recommendation is to find out what it is that you REALLY enjoy, don't leave school, and enjoy your summer break - but make sure you come back. If you find that what you are doing bores you, then look for new challenges. I used to want to do nothing but sit at a console, pour through i86ASM and C looking for flaws and documenting them (it was like being a private investigator, but smaller) or respond to 3AM calls when some executive is freaking out because some skr1pt kidddie defaced his website to show a picture of his bare ass screwing a woman that wasn't his wife then send that picture off to allemp@host, however that even got boring after a while.
Starting in the spring, my company is going to start sending me to school, and the want me to get a CS. However I know that a CS is not going to help me that much in my career, and it is probably going to bore the living shit out of me. So, I'll toss in some psychology/sociology classes, some extra writing classes, maybe some chemistry, hell - maybe some basket weaving and cross stitching! At least I'll be in school doing something with the possibility of learning more.
To finish my ramble, when you start getting good at what you do, you reach a plateau. It's when you get to that plateau, that you have to look for the next mountain range and keep climbing. Each time, you find a higher moutain.
JUST STAY IN SCHOOL DAMN IT.
-SC
Although my post-work Halloween sucked ass (something about putting a nail through your foot 24hrs before Halloween makes going dancing, walking, or anything a bit difficult) my time at work was fun. I put on an old bright orange jumpsuit I had custom made, on the front left above the pocket it had my name written out in block letters, and on the back "CYOTE FLATS FEDERAL PRISON."
I decided to test my luck and go to the DMV after work, no problems. Passed over a dozen police, no problems. Went into a gas station, no problems. Pump gas, no problems. Sit outside at a park bench and smoke a cigarette while looking at the moon, get interrogated, hand cuffed, and thrown in the back of a cop car while he runs my ID. Hows that for ironic?
I'll have to put on my leg shackles, hand cuffs, and go rolling around in the dirt before I go out next year.
Just as Rome stored their documents in massive distributed libraries, we will eventually store all of our documents on massive distributed digital networks.
Unfortunately, one of the things I did not see in the article, was the problems of war. As many of the massive libraries in Rome were burned and records lost, an EMP (Electro-Magnetic Pulse) would wipe out many of our records.
Those who do not learn from their past are doomed to repeat it.
The book Snow Crash by Neal Stephenson was actually pretty close when stated that the United States is going to hell in a handbasket. The US really doesn't 'produce' anything anymore except for technology. That's about to change, and the US is scared shitless.
In all of these situations, there have been several major problems: Lack of Forsight, and Lack of Redundancy. People spend hours upon hours hardening routing tables and installing IDS sensors into a network, or putting on tripwire and patching the latest overflows, but no one takes the time to harden their own mind. People seem to think that their job will always be there, that maybe - they can go to their boss or a co-worker and explain a problem.
Unfortunately in todays Tech society and in many parts of our society, comming by a company that has as much dedication to its employees as most Geek employees have to their job is something that is few and far inbetween.
As many of you, I decided to try and get a new job at the wrong time. However now I love my job beyond all belief, but it doesn't pay what I want. So instead of cashing in my chips and getting a new one, I decided to start several small side businesses hoping one or two of them would prosper. All of them require only a little bit of effort and have the potential to develop residual income. If anyone is in need of another opportunity, feel free to contact me at auto222418@hushmail.com, I will respond from a named account just tired of web spiders grabbing my real addresses. In the mean time, you can check out a similar project, http://www.excelir.com/chno and a side project of Mind Hardening at http://www.octanoid.org/hardening/.
Best of luck! People have made it through worse, I know I have and will give advice at any time.
Conventional fresh actor background (stage acting) is being substituted with pop culture crap. One of the big things that Paramount screwed up with this time around (Andromeda and Star Trek : Enterprise), is they took a couple established actors, and put them into Star Trek roles. Rehashing dead careers is NOT a Good Thing (TM). Yah, I've watched Andromeda. Lexa Doig is a good actor, attractive, and has a snappy sense of humor. She's about the only good thing in the series. I'm getting tired of predicting that Tyr is once again going to have everyone thinking that he's going to betray the crew, and then come back to their side at the last minute. Plus the adverts for the next show, showing half way through the middle of the first show is kind of annoying. Especially when it's at a climax point, the ship is about to blow up, and they show a preview of the next show and the ship is fine.
Lessons that should be learned by ST:VOY and Andromeda - rehashing old careers, especially into careers that geeks will watch - is a bad idea. Get some fresh actors in there, quit looking at the pop culture looking icons and get some new people with acting ability in.
Why did ST:TNG and ST:TOS kick ass? It brought in people that were not known for their old roles. They were people fresh in their acting career. Some never really got out of the Star Trek arena, some went on to do better things. However, you never hear someone say "Man, I can't look at Patrick Stewart and not think of Picard!" Anymore, I look at William Shatner and think of Priceline, not Kirk, but that's another story. Of course, who could forget Denise Crosby (Tasha Yar) in her Red Shoe Diaries playing a cop... but...
Only thing I have to say to Scott Bakula in ST:ENT is that if ANY "To be continued..." episode ends with him saying "Oh boy!" I'm going to shoot some script writer at Paramount. It was bad enough with Kevin Sorbo getting "He looks like some kind of greek god!" jokes.
No no no... see... We had something good, RFC822, now there is RFC2822, now Microsoft will come out with their own standard (RFC2822MS) that doesn't support any other standard, but then some ticked off OpenSource/GNU loving sysadmin will come out with OpenRFC2822 that uses both and the world will be a better place. But... it will contain a piece of GNU text, and Richard Stallman will insist that we call is GNU/RFC2822 =) -SAFH
Although I was short employed with Telocity, Inc. (that is the NASDAQ symbol "TLCT" [amuzing]) I found my termination to be rather amuzing.
My position was as a Security Analyst, the direct interperetation being "Someone who analyses security", saving the company from a IPO Web Deface Hack and implementing security policies that previously did not exist.
While doing a "screen lock" check, jotting down the workstations that were not locked, I came across an office in HR, on the screen - open - in Word, was my termination letter. I printed out a copy, and took it to my Exit Interview that I found out about two hours later, along with my badge and cellphone. Needless to say, HR was rather - stunned. My boss was impressed, smirked, and stated "Hey, I hired him because he was good.", while the HR bitch just stared at me.
Funny thing, they didn't pay any of my relocation which cost me out of pocket over $7.5k and gave me none of my hiring bonus.
My boss (only other person there who did security) was terminated a couple weeks later. Leading to the "passive/reactive" approach to security.
Tim,
:)
e arch=0x5356461C
Tried to eMail this to you, however your address failed.
It was nice to read your posting on Slashdot regarding your past and how you have progressed to your current place in life. Slightly in reverse, I now am paying my dues - going on twenty, having accomplished much of what I desired in life through alternate means. Short of my life, dropped out of high school my Junior year, got my GED and jumped into the Security Industry. Was very successful, ran a small mid-west ISP for a couple years (part of the reason I dropped out) and then moved across the country for contracts.
Now however, those years of success are catching up to me. Once companies found out what my age was while performing my duties as a consultant (ie: auditing Fortune 50 companies, performing post-mortem network forensics for a Fortune 100, redeveloping and engineering new methodologies and auditing automation for an "up and coming" security company) the same things started to happen as when I was in high school. My salary was actually cut post-hire $20k because I was 19 and had a shaved head and goatee, later I was terminated due to not going out drinking with "the guys" which was coined "not properly integrating [myself] into the company." Now that I have taken the time to re-evaluate my life and want to go -back- to school (North Seattle Community College), finding a company willing to be flexible with a full/partial load is a nightmare. Even agreeing to long term employment commitments while I get my transfer credits out of the way and then pursue a CS and PsyD while developing an InfoSec Curriculum doesn't seem to be understood.
In the end, it boils down to people being afraid of what they do not understand (even if it could be a Good Thing[tm]) and as has been proven through out the years - what is not understood must be classified as weird and evil. Perhaps this is what Nostradamus was refering to when he said that evil would conquer and a new world order would reign?
Best wishes, I hope some day if you visit your Seattle office that we could do coffee or lunch and swap stories.
http://pgp5.ai.mit.edu:11371/pks/lookupop=get&s
http://security.sysadmins.com/0600/resume.html
Don't know if any of you noticed, but only the advertising banner shows up... the rest of the page? Network Problems. But works hard to load www.do-not-sleep.com. Funny.
Take a close look at your mail, your zip code. Five numbers + 4 numbers, there are actually two more there + 2. With those 11 numbers, the mail can be delivered to your door. They don't like doing it, but it can be done.
Take into consideration, if you live in an apartment building, you may still have to attach your apartment number to it. But a 5-6 line address, taken down to #542 01021-9024 24, would be pretty cool.
It's close to what you are looking for, an anonymous remailer for snail-mail, but it is a bit more cryptic and a bit more difficult to backtrack.
Looks like until then, we'll just have to enjoy Mail Boxes Etc. =)
As well stated, posessing a lockpick set is not illegal and can be a valuable tool! Posessing a lockpick set after you broke into someone car, house, or facilities - is dumb, and is considered a tool of criminal activity.
I'm definately going to have to keep up on this story, being that I am located in Roseville, Minnesota I'll keep slashdot updated.
Anyone have links to more information?
There have been a series of views on the state of geeks today. I personally have become so confused at the differing stances on "Geeks" "Nerds" "Hackers" and "Crackers" that I just classify myself as a Geek because I have become so tired at explaining what a Hacker is.
The point being, this study has actually begun to hit the surface of how geeks work. Most of these studies are funded because most of the individuals who in high school were austracised (sp) from any social clique are maturing into indispensable members of society. The "jocks" and "preps" are getting out of college and thrown into the fire. Most of them come out of the fire scorched and bleeding from not having to deal with abuse. However the pre-scorched pre-beaten Geeks and Nerds who drop out of high school, or leave high school having been through the fire learn to cope.
And survive..
Study high-school and you will find your answer to how "socially inept" individuals survive.
Study us... and you will find that we've been studying you much longer.