How can you tell where any smtp traffic truly originates?
That's the head of the problem. We trust that our ISPs are using smtp daemons which are accurately representing the travel path of mail which they pass on to us. Many smtp daemons have built-in mechanisms to verify the authenticity of the machine which is attempting to pass mail to them. Too many times, however, sysadmins disable these mechanisms because some fly-by-night hack sysadmin can't figure out how to properly configure his VPN. There's also the issue with the registrars. There's no doubt that many registrars were set up on a shoestring to make maximum profit with minimal staffing. If the registrar can double their profit margin by hiring college interns who can process the registration requests, but may not be all that adept at properly setting up DNS tables and MX records, they will.
They are a research group but I didn't see any mention at all of hacked SMTP headers
The vast majority of the public doesn't even know what an smtp header is let alone that it can be easily rewritten. It wouldn't be newsworthy because it does nothing to increase the effect of the story in the mind of the majority of the target audience. I've heard dozens of stories of office fires sparked by someone parading around an e-mail supposedly sent from someone else who, without any initiating questions, will vehemently insist the authenticity based upon the header information. Puh-leez, like they couldn't use a text editor on it before they printed it out to send it around the office? What leaves me most disdainful of my superiors is that THEY BUY INTO IT! People with 5 times my experience in years and PhDs in my field will happily trot along lemming-like without bothering to ask,"How easy is it to forge that information?" I could create a million text files with edicts from George W. Bush and Dick Cheney themselves in a night, all with proper headers and smtp routes. Heck, with a single open relay, I could send out a million e-mails which seem to come directly from the Executive himself.
The ignorance just feeds the hamster wheel. Nothing will ever really be done about this until the government steps in and removes the profitable business interest. I hate calling for the government but, should we take the preferred route of deregulation and personal freedom, big corporations have the money and legal teams to skin us alive with their newfound freedoms long before you or I could ever realize a better life.
What is weird to me is that people keep thinking of it as communism and to me is it the purest form of democracy
You should know better.:) Government schools have sufficiently muddied the facts such that even the dictionaries don't have any objective defintions of communism or democracy. Wording is always carefully chosen such that it is impossible to separate "communism" from mental images of a dilapidated and oppressive slum while "democracy" always brings up mental images of a shining statue of liberty.
Let's face reality. Big government is here. Big government is not going anywhere. Any small victory that we win against big government will be ruthlessly exploited by big industry long before the resulting freedoms can benefit individual Americans. Our only hope is to continue to empower big government because, without it, big industry would have us all as indentured tenants.
I guess this California thing is good if the government is going to increase funding for those institutions which create open source software. If they're looking at this as nothing more than "free stuff!" then eventually they're cutting the throats of their own people.
If you recognize the existence of hijacked or trojaned machines how can you possibly begin to track where the spam originates? Any hijacked or trojaned smtpd can easily be written to rewrite the X-originating-IP to be from an arbitrary block of predefined, or even random, IP numbers.
Now we can stop all the fingerpointing at foreign nations to blame those nefarious Asians, or the socialist Europeans, or the terrorist Arabs for our spam. We can honestly stop deluding ourselves and look at the problem and say,"It really is nothing more than American business alive and well." However, I find that the analyses are always going to be flawed. If the spam passes through even one illegitimate relay along the way it's pretty safe to assume that the relay has been doctored to rewrite connections. The latest spate of spam that I've received has seemingly come from IP addresses registered to Edward's Air Force Base and the USPS. Of course, the SMTPd signatures openly acknowledge that they're "misconfigured".
Really, until a proactive approach is taken to seriously investigate the businesses whose products are being advertised then tracking spam from the mail side is an exercise in self-delusion.
...to turn your top-of-the line PC into a 286 era performer.
Puh-leez. I'd like to boot to BIOS so that I can load DOS so that I can run Windows so that I can use IE so that I can set up a VM so that I can sandbox an application so that I can use a buggy Java editor to write a self-worship web page?
As an exercise in emulating those Russian dolls that keep getting smaller and smaller, sure. As a real-world computing solution? I'll know we're in hell if this ever achieves wide-spread adoption. The current deluge of web-based Java apps is already turning my hair grey with bugs, security exploits, extremely nasty functionality, and spontaneous page refreshes which cause my recent changes to be replaced with the 5 minute old information that the server has.
On my main system before SP2, XP would not allow me to install my SATA driver
So this really isn't a compatibility or security issue. This only shows that the manufacturer of your motherboard, the manufacturer of the chip which drives the SATA, or the hard drive manufacturer finally paid their tithe to Redmond.
Oh bosh. Quit with the high-road superior morality stuff. In a perfect world I would side with you but this is REALITY. "Responsibility" has no real meaning. No one cares unless they have a personal axe to grind.
Will the -devel branch of metasploit become the central hub for 0-day exploits?
Metasploit stable : This branch has only been tested to work on unpatched machines.
Metasploit -dev ($49.95 membership and password required): This branch has been tested to work against fully up to date and patched machines.
That'd be | |_|63r-|337
Why all the negative response?
on
Point, Click, Root.
·
· Score: 3, Insightful
Has the/. community been hiding in a dark cave someplace? Back Orifice, Netbus, and Sub7 were all available YEARS ago. All three offered graphical user interfaces which allowed the exploiter to launch programs, change text, take screenshots, and many other wonderful functions (in the case of Back Orifice there was even a plugin system called Butt-Plugs). As time has passed Netbus has even become a commercial remote administration tool. The only thing that was required was a little knowledge of a network exploit which allowed the execution of remote code. In many cases it wasn't that difficult to come by. In other cases it was easy enough, especially in the early years, to send an e-card to someone. In the beginning, if any of you remember, e-cards were often self-contained.exe files and it wasn't that uncommon to receive an.exe e-card. Additionally many people who were studying computer science would write cute nifty little programs for their girl/boyfriends/family members.
So what's so bad about metasploit? It does little more than automate the installer for a concept which isn't new. If anything the public may start to see the real value of those of us who have been labeled as paranoid freaks for the last 10 years. This is the dawn of an age when the computer security expert may begin to receive the respect that we deserve. Previously we had been pooh-poohed by the general public aided in their derision by self-important sysadmins with the personality characteristics of the Simpsons' comicbookguy.
I don't think that it's a problem to demonstrate the advantages of security. Everyone knows the advantages of security. The difficulty is demonstrating impact. The vast majority of people, since they don't understand computers, feel that the basic knowledge of how to crack security is enough of a deterrant and lock in and of itself. The general need for additional security measures is perceived to be paranoia.
Unless there's a widespread and media popularized outbreak of identity theft, or computer hijacking, or people who can't check their e-mail or browse the web, then computer security will continue to be perceived as a topic of paranoia.
Currently the impact of computer insecurity is considered to be an annoyance. Extrapolated damages of corporate insecurity are given the same regard as the extrapolated damages of trading mp3s. Until authorities take a tough stance on abusive network activities (spam, browser hijacking, unwanted pop-up advertising, unauthorized collection of consumer data) then the general populance will continue to accept a loose attitude towards computer security.
The fact is that insecurity is profitable as a business. There's no real motivation to protect the consumers so why should the consumers waste effort protecting themselves?
My Motorola router (using Vonage VoIP) came with instructions that indicated that it should be first in line after the cable modem. I didn't really want to have another potential security/connectivity fault by introducing another router in my chain. Additionally, while you can tell the Motorola what address to listen to on the WAN side there's no way to change it's LAN subnet from 192.168.1.*. Buried in the back of the manual were a few pages, with conflicting information, that showed that it would be possible to shovel it behind a router. The conflicting information had to do with which port ranges needed to be forwarded for VoIP to be successfully routed.
I did manage to set the Motorola VoIP router as a subnet of my home LAN just after the cable modem. This sort of impending spam problem makes me want to investigate the possibility of putting it AFTER my first Debian Sid firewall as a subnet of the subnet. The 4-port router after the firewall becomes, essentially, an $80 prefilter to ease the crap off of the Sid firewall. If nothing else it'll be a learning excursion into additional network traffic handling and maybe I'll get into using the open source telephony software to change my Caller ID to random stuff to have fun with my friends.
There are 2 brilliant people There are 20 greedy people There are 20 gullible people There are 10 who are opposed There are 48 apathetic people
5 greedy people ambush 2 brilliant people 5 greedy people convince 20 gullible people 20 gullible people make lots of noise 38 apathetic people restrain 8 who are opposed to restore calm 5 greedy people, 20 gullible people, 10 apathetic people, and 2 who are opposed vote 5 greedy people sit back, enjoy the show, and profit.
Using copyright to quell political speech is a tactic of the greedy people perpetuated by the apathetic people who simply want things to quiet down so we can go back to trying to pay bills and keep up with rising taxes.
Countless studies prove that MS has a lower TCO than Linux, is easier to use, makes people more productive, mows your lawn, washes your cat, grooms your dog, and is a perfect substitute for Viagra.
And just why am I supposed to believe "countless studies" anymore? Everyone knows they're skewed, biased, rigged, or otherwise misrepresented.
Yes. It was denied until I forked over 10% of the value of the claim to an attorney to tell the insurance company to get their act together.
Do you have Medical Insurance and have you ever gone to a doctor?
Yes. The insurance company refused to pay the medical bill until I forked over 10% of the value of the claim to an attorney to tell the insurance company to get their act together.
_THAT_ is why insurance is a ripoff. For every one person like me there are a ten thousand who can't afford the attorney and a hundred thousand who never use the insurance.
I'm already ahead of the curve. I ditched my car and started using public transportation and the ankle express because the automotive and insurance industries had already squeezed the last drop out of this turnip.
Sure, I walk more, and get derided by my coworkers, and have to put up with horrible commuting hours, and have to carry an umbrella every time I go somewhere (just in case), and get demeaning looks from everyone in society...
But it has nothing to do with social classes, or social engineering, or rich vs. poor, because ultimately it's my choice. No one is forcing me not to have a car. No one's forcing me to walk everywhere. I still get the same opportunities that everyone else gets. I have yet to be turned down by any hot chick who has subsequently been picked up by a "responsible citizen" who owns their own transportation. There are no hidden systems at play.
Why does this get modded troll? We've got a dozen stories in Linux, Microsoft, and YRO which are outlining TCPA, DRM, DMCA, software patents, and this post gets modded "troll" for pointing out exactly how the major industry players will give this teeth?
so AFAIK software patents have the possibility of stopping the business end of linux, but can't fundamentally be a threat to its existence?
The fact that Linux users continue to use Linux, which is obviously an illegal rip off of proprietary systems, is analogous to those 12 year olds who continue to trade mp3s even after we explicitly told them that doing so was a felony. We will continue to implement hardware based DRM, we will deny a license for anything but the MS boot block, and we will continue to increase funding for the anti-piracy arm of the FBI so that we can raise multinational efforts to hunt down and prosecute, to the fullest extent of the law, anyone who continues to write this so-called "open source" software. We will use any and all available means, including invocation of the PATRIOT Act, to ensure that these hardened criminals do the maximum possible time behind bars as an example to our youth. We are continuing to lobby Congress for "three strikes and you're out" laws which make repeated "open source" violations a mandatory felony. The distribution of such "open source" code is also considered a felony. Distributing 1 kb of hardened binary code, based on open source, has a mandatory minimum of 5 years in prison and distributing more than 30 g of "open source" source code carries a mandatory minimum of 10 years in prison with up to a $50,000 fine.
With your help, and the help of other concerned citizens like yourself, we will eradicate "open source" houses from our neighborhoods. We will hunt down "open source" dealers. We will prevent our children from using "open source" code. We have already implemented measures to make the distribution of "open source" code with 500 meters of a school an automatic felony, no matter what amount or who the distribution is to.
Just like for viruses there's value to having diverse operating systems incase one of your systems gets shut down due to not only Viruses, but also IP-laws, vendors stopping support, etc.
It's quite possible that relying on such techniques will take away resources from other methods of crime detection/prevention
Pure conjecture.
Also that there are no cases of this kind of thing being used to help commit a crime
Watergate? Illegal wiretap (a la Monica Lewinsky, et al.)?
In one law it's illegal, in another law it's mandatory to be legal, and ISO audits allow documents to be backdated. Who audits the courts, anyways? Juries have no real power over the court, only over the accused. Jury nullification was stillborn.
Slashdot Mirror
How can you tell where any smtp traffic truly originates?
That's the head of the problem. We trust that our ISPs are using smtp daemons which are accurately representing the travel path of mail which they pass on to us. Many smtp daemons have built-in mechanisms to verify the authenticity of the machine which is attempting to pass mail to them. Too many times, however, sysadmins disable these mechanisms because some fly-by-night hack sysadmin can't figure out how to properly configure his VPN. There's also the issue with the registrars. There's no doubt that many registrars were set up on a shoestring to make maximum profit with minimal staffing. If the registrar can double their profit margin by hiring college interns who can process the registration requests, but may not be all that adept at properly setting up DNS tables and MX records, they will.
They are a research group but I didn't see any mention at all of hacked SMTP headers
The vast majority of the public doesn't even know what an smtp header is let alone that it can be easily rewritten. It wouldn't be newsworthy because it does nothing to increase the effect of the story in the mind of the majority of the target audience. I've heard dozens of stories of office fires sparked by someone parading around an e-mail supposedly sent from someone else who, without any initiating questions, will vehemently insist the authenticity based upon the header information. Puh-leez, like they couldn't use a text editor on it before they printed it out to send it around the office? What leaves me most disdainful of my superiors is that THEY BUY INTO IT! People with 5 times my experience in years and PhDs in my field will happily trot along lemming-like without bothering to ask,"How easy is it to forge that information?" I could create a million text files with edicts from George W. Bush and Dick Cheney themselves in a night, all with proper headers and smtp routes. Heck, with a single open relay, I could send out a million e-mails which seem to come directly from the Executive himself.
The ignorance just feeds the hamster wheel. Nothing will ever really be done about this until the government steps in and removes the profitable business interest. I hate calling for the government but, should we take the preferred route of deregulation and personal freedom, big corporations have the money and legal teams to skin us alive with their newfound freedoms long before you or I could ever realize a better life.
What is weird to me is that people keep thinking of it as communism and to me is it the purest form of democracy
:) Government schools have sufficiently muddied the facts such that even the dictionaries don't have any objective defintions of communism or democracy. Wording is always carefully chosen such that it is impossible to separate "communism" from mental images of a dilapidated and oppressive slum while "democracy" always brings up mental images of a shining statue of liberty.
You should know better.
Let's face reality. Big government is here. Big government is not going anywhere. Any small victory that we win against big government will be ruthlessly exploited by big industry long before the resulting freedoms can benefit individual Americans. Our only hope is to continue to empower big government because, without it, big industry would have us all as indentured tenants.
I guess this California thing is good if the government is going to increase funding for those institutions which create open source software. If they're looking at this as nothing more than "free stuff!" then eventually they're cutting the throats of their own people.
Hilighting where SPAM originates
If you recognize the existence of hijacked or trojaned machines how can you possibly begin to track where the spam originates? Any hijacked or trojaned smtpd can easily be written to rewrite the X-originating-IP to be from an arbitrary block of predefined, or even random, IP numbers.
Now we can stop all the fingerpointing at foreign nations to blame those nefarious Asians, or the socialist Europeans, or the terrorist Arabs for our spam. We can honestly stop deluding ourselves and look at the problem and say,"It really is nothing more than American business alive and well." However, I find that the analyses are always going to be flawed. If the spam passes through even one illegitimate relay along the way it's pretty safe to assume that the relay has been doctored to rewrite connections. The latest spate of spam that I've received has seemingly come from IP addresses registered to Edward's Air Force Base and the USPS. Of course, the SMTPd signatures openly acknowledge that they're "misconfigured".
Really, until a proactive approach is taken to seriously investigate the businesses whose products are being advertised then tracking spam from the mail side is an exercise in self-delusion.
...to turn your top-of-the line PC into a 286 era performer.
Puh-leez. I'd like to boot to BIOS so that I can load DOS so that I can run Windows so that I can use IE so that I can set up a VM so that I can sandbox an application so that I can use a buggy Java editor to write a self-worship web page?
As an exercise in emulating those Russian dolls that keep getting smaller and smaller, sure. As a real-world computing solution? I'll know we're in hell if this ever achieves wide-spread adoption. The current deluge of web-based Java apps is already turning my hair grey with bugs, security exploits, extremely nasty functionality, and spontaneous page refreshes which cause my recent changes to be replaced with the 5 minute old information that the server has.
On my main system before SP2, XP would not allow me to install my SATA driver
So this really isn't a compatibility or security issue. This only shows that the manufacturer of your motherboard, the manufacturer of the chip which drives the SATA, or the hard drive manufacturer finally paid their tithe to Redmond.
is simply not aresponsible thing to do
Oh bosh. Quit with the high-road superior morality stuff. In a perfect world I would side with you but this is REALITY. "Responsibility" has no real meaning. No one cares unless they have a personal axe to grind.
Will the -devel branch of metasploit become the central hub for 0-day exploits?
Metasploit stable : This branch has only been tested to work on unpatched machines.
Metasploit -dev ($49.95 membership and password required): This branch has been tested to work against fully up to date and patched machines.
That'd be | |_|63r-|337
Has the /. community been hiding in a dark cave someplace? Back Orifice, Netbus, and Sub7 were all available YEARS ago. All three offered graphical user interfaces which allowed the exploiter to launch programs, change text, take screenshots, and many other wonderful functions (in the case of Back Orifice there was even a plugin system called Butt-Plugs). As time has passed Netbus has even become a commercial remote administration tool. The only thing that was required was a little knowledge of a network exploit which allowed the execution of remote code. In many cases it wasn't that difficult to come by. In other cases it was easy enough, especially in the early years, to send an e-card to someone. In the beginning, if any of you remember, e-cards were often self-contained .exe files and it wasn't that uncommon to receive an .exe e-card. Additionally many people who were studying computer science would write cute nifty little programs for their girl/boyfriends/family members.
So what's so bad about metasploit? It does little more than automate the installer for a concept which isn't new. If anything the public may start to see the real value of those of us who have been labeled as paranoid freaks for the last 10 years. This is the dawn of an age when the computer security expert may begin to receive the respect that we deserve. Previously we had been pooh-poohed by the general public aided in their derision by self-important sysadmins with the personality characteristics of the Simpsons' comic book guy.
I don't think that it's a problem to demonstrate the advantages of security. Everyone knows the advantages of security. The difficulty is demonstrating impact. The vast majority of people, since they don't understand computers, feel that the basic knowledge of how to crack security is enough of a deterrant and lock in and of itself. The general need for additional security measures is perceived to be paranoia.
Unless there's a widespread and media popularized outbreak of identity theft, or computer hijacking, or people who can't check their e-mail or browse the web, then computer security will continue to be perceived as a topic of paranoia.
Currently the impact of computer insecurity is considered to be an annoyance. Extrapolated damages of corporate insecurity are given the same regard as the extrapolated damages of trading mp3s. Until authorities take a tough stance on abusive network activities (spam, browser hijacking, unwanted pop-up advertising, unauthorized collection of consumer data) then the general populance will continue to accept a loose attitude towards computer security.
The fact is that insecurity is profitable as a business. There's no real motivation to protect the consumers so why should the consumers waste effort protecting themselves?
My Motorola router (using Vonage VoIP) came with instructions that indicated that it should be first in line after the cable modem. I didn't really want to have another potential security/connectivity fault by introducing another router in my chain. Additionally, while you can tell the Motorola what address to listen to on the WAN side there's no way to change it's LAN subnet from 192.168.1.*. Buried in the back of the manual were a few pages, with conflicting information, that showed that it would be possible to shovel it behind a router. The conflicting information had to do with which port ranges needed to be forwarded for VoIP to be successfully routed.
I did manage to set the Motorola VoIP router as a subnet of my home LAN just after the cable modem. This sort of impending spam problem makes me want to investigate the possibility of putting it AFTER my first Debian Sid firewall as a subnet of the subnet. The 4-port router after the firewall becomes, essentially, an $80 prefilter to ease the crap off of the Sid firewall. If nothing else it'll be a learning excursion into additional network traffic handling and maybe I'll get into using the open source telephony software to change my Caller ID to random stuff to have fun with my friends.
There are 100 people in society
There are 2 brilliant people
There are 20 greedy people
There are 20 gullible people
There are 10 who are opposed
There are 48 apathetic people
5 greedy people ambush 2 brilliant people
5 greedy people convince 20 gullible people
20 gullible people make lots of noise
38 apathetic people restrain 8 who are opposed to restore calm
5 greedy people, 20 gullible people, 10 apathetic people, and 2 who are opposed vote
5 greedy people sit back, enjoy the show, and profit.
Using copyright to quell political speech is a tactic of the greedy people perpetuated by the apathetic people who simply want things to quiet down so we can go back to trying to pay bills and keep up with rising taxes.
Funny, I'd argue that you've already given up and they've beaten you.
Funny, I didn't know that living in America was an "us vs. them" fight. But I guess you've proven what I was trying to say...
They're fast at taking your money, but they rarely even bother to return calls when you need them
Are you talking about insurance companies, investment brokers, or the government? It all seems to run together...
Countless studies prove
Countless studies prove that MS has a lower TCO than Linux, is easier to use, makes people more productive, mows your lawn, washes your cat, grooms your dog, and is a perfect substitute for Viagra.
And just why am I supposed to believe "countless studies" anymore? Everyone knows they're skewed, biased, rigged, or otherwise misrepresented.
Have you ever had to make a claim on anything?
Yes. It was denied until I forked over 10% of the value of the claim to an attorney to tell the insurance company to get their act together.
Do you have Medical Insurance and have you ever gone to a doctor?
Yes. The insurance company refused to pay the medical bill until I forked over 10% of the value of the claim to an attorney to tell the insurance company to get their act together.
_THAT_ is why insurance is a ripoff. For every one person like me there are a ten thousand who can't afford the attorney and a hundred thousand who never use the insurance.
Problem #1 How will they enforce this?
Sue WD.
#2 He could still do work for WD as a freelance consultant.
Sue him.
I'm already ahead of the curve. I ditched my car and started using public transportation and the ankle express because the automotive and insurance industries had already squeezed the last drop out of this turnip.
Sure, I walk more, and get derided by my coworkers, and have to put up with horrible commuting hours, and have to carry an umbrella every time I go somewhere (just in case), and get demeaning looks from everyone in society...
But it has nothing to do with social classes, or social engineering, or rich vs. poor, because ultimately it's my choice. No one is forcing me not to have a car. No one's forcing me to walk everywhere. I still get the same opportunities that everyone else gets. I have yet to be turned down by any hot chick who has subsequently been picked up by a "responsible citizen" who owns their own transportation. There are no hidden systems at play.
Why does this get modded troll? We've got a dozen stories in Linux, Microsoft, and YRO which are outlining TCPA, DRM, DMCA, software patents, and this post gets modded "troll" for pointing out exactly how the major industry players will give this teeth?
You know that, to save the children, eventually these things will be mandatory by law.
Oh!
I get it!
I'm glad you did. The mods are, as usual, on crack.
so AFAIK software patents have the possibility of stopping the business end of linux, but can't fundamentally be a threat to its existence?
The fact that Linux users continue to use Linux, which is obviously an illegal rip off of proprietary systems, is analogous to those 12 year olds who continue to trade mp3s even after we explicitly told them that doing so was a felony. We will continue to implement hardware based DRM, we will deny a license for anything but the MS boot block, and we will continue to increase funding for the anti-piracy arm of the FBI so that we can raise multinational efforts to hunt down and prosecute, to the fullest extent of the law, anyone who continues to write this so-called "open source" software. We will use any and all available means, including invocation of the PATRIOT Act, to ensure that these hardened criminals do the maximum possible time behind bars as an example to our youth. We are continuing to lobby Congress for "three strikes and you're out" laws which make repeated "open source" violations a mandatory felony. The distribution of such "open source" code is also considered a felony. Distributing 1 kb of hardened binary code, based on open source, has a mandatory minimum of 5 years in prison and distributing more than 30 g of "open source" source code carries a mandatory minimum of 10 years in prison with up to a $50,000 fine.
With your help, and the help of other concerned citizens like yourself, we will eradicate "open source" houses from our neighborhoods. We will hunt down "open source" dealers. We will prevent our children from using "open source" code. We have already implemented measures to make the distribution of "open source" code with 500 meters of a school an automatic felony, no matter what amount or who the distribution is to.
'Nuff said...
Just like for viruses there's value to having diverse operating systems incase one of your systems gets shut down due to not only Viruses, but also IP-laws, vendors stopping support, etc.
So lawyers are viruses?
I'm not surprised...
It's quite possible that relying on such techniques will take away resources from other methods of crime detection/prevention
Pure conjecture.
Also that there are no cases of this kind of thing being used to help commit a crime
Watergate? Illegal wiretap (a la Monica Lewinsky, et al.)?
In one law it's illegal, in another law it's mandatory to be legal, and ISO audits allow documents to be backdated. Who audits the courts, anyways? Juries have no real power over the court, only over the accused. Jury nullification was stillborn.
Woohoo! Call my broker, I'm buyin' 10,000 shares of Corrections Corp. of America (NYSE:CXW) today
:)
The resulting fines from your conviction, in addition to the incarceration, will more than deplete those.