-Everyone has experienced this first hand across many industries. -Sometimes the extra surcharges are mandated by law.
How can we stop ourselves from being "nickel-and-dimed to death" by the industries which we pay for? Tell the politicians to get out of bed with the executives, line them all up against the wall and... beat them naked with wet noodles and toilet paper until they finally start treating us like humans rather than cattle to be harvested one surcharge at a time.
Thanks for clearing that I up. I see that I had some of the story correct in principle but with a few facts rearranged or out of place. I've always wanted to know what was in that entire deal.
The question still remains: Is the h/w FAT licensing a reiteration of this sort of event where MS is looking for a quick influx of cash to attempt to leverage deals down the road which could reinstroduce its stranglehold on the world market?
I think this is a reinvention of Microsoft indicating that the company, as a corporate entity, is beginning to see the end of the easy days when they had a stranglehold on the world, unlimited resources, no immediate debt, and no competition.
Correct me if I'm wrong. This is what I remember happening:
Bill Gates' first real business deal was with a hard drive maker (who?) supplying IBM. This was the business deal which put the money in his hands to make the rest of the MS phenomenon happen. IBM had received a huge, taxpayer funded, government contract to provide computer systems for some initiative. The hard drive maker (XYZ) had the contract to supply the drives for these systems. The defining requirement for the hd contract was that the drives come preinstalled with an OS. What the OS was made no difference since the systems would be revamped when they got wherever they were going. Bill Gates was somehow in the social circles who were making this happen. Bill immediately took QDOS, from his programming project at college, and offered it to XYZ. In return, XYZ and IBM both signed the paperwork which acknowledged QDOS as being sole property of Bill Gates. From what I understand, Bill contributed only the bare minimum to the research group that wrote QDOS. As a member of the group he let others do the work to make the grade and kept a copy of the finished product.
Bill took the money from this sort of licensing and made Microsoft with it. Our politicians sold us to Bill Gates from the very beginning.
This move to license FAT looks like the same sort of maneuver. Microsoft is hoping that this will give them the financial leverage to propel themselves into the next few years until they can work over enough hardware manufacturers to restructure the architecture, make it MS dependent, and once again achieve a stranglehold on the world.
----- It's blocked 100% of spam that would have originated from servers running on computers connected to an ISP that blocks port 25 ----- Which is 0.00000001% of the total spam anyways. No one in their right mind actually sends spam from their own smtp server on their own machine. No one has sent spam from their native localhost since the earliest days of spamming USENET. Everyone knows that it'd be too easy track. Spam originating from port 25 hasn't been an issue for nearly a decade and ISPs first started blocking off port 25 in the last year or two (at _most_). The real reason is because they want an excuse to run a filter on the ISP smtp relays and justify the purchase of a few new pieces of hardware to handle it. There is also the promotion for the idiot-stick yuppie admin who proposed the ground breaking idea of port 25 blocking. Puh-leez.
The only spammers that you're going to catch by blocking port 25 are the little old grandmothers who've pieced together an e-mail list so that they can sell their hand-made Christmas tree ornaments. Who are you really targeting?
There is no real reason to block port 25 unless you're a pitiable control freak who obsesses about watching your neighbor. Nonconsentual voyeurism is also illegal.
----- However, when Windows has a bug, everybody knows about it because it affects just about everybody. ----- Bugs I can handle as long as it's not turned into an exploit. Exploits are *bad*. Microsoft tends to outright ignore or cover up exploits.
We hear so much more about Microsoft because the overbloated, inefficient, buggy code was the only thing that would meet corporate marketing deadlines. Shareholders don't know jack about structured programming. What they do know about is sales, profits, and number of new products this year.
Let's not be talked into a dreamlike trance by the silver tongue of the corporate snake.
----- It's not about getting the spammer. It's about PREVENTING spam in the first place ----- I've heard this argument before and it's not working.
We can't prevent murder by regulating guns. That feeds the black market in firearms. We can't prevent assault by regulating knives. Regulating knives would be a nasty blow to any illusion of a free society.
Blocking port 25 to prevent spam as a preemptive measure isn't working. It's feeding the industry in underground spam and it's leaving a bad mark on any illusion of free computing.
I'm not paranoid about my ISP monitoring my email. They can monitor me all day long. What I don't like is my ISP raising rates so that they can pay some high school dropout to stalk me when I start emailing my date plans to girlfriends (I'm a geek, it doesn't happen often, but it could). In all reality my ISP doesn't need to watch me. If the guy next door starts sending spam from his computer then it's easy enough for the ISP to start watching/tracking him without blocking port 25.
Am I to believe that ISPs don't have bandwidth monitors and triggers on every active connection? Puh-leez. What would the IC cost to do such a thing? $0.05/pop to see a burst of activity that isn't associated with loading a Star Wars page?
----- "To me this has sounded good but never adds up if you spend a moment thinking about it." Next time, try 5 minutes. ----- That is inconsiderate, disrespectful, and flamebait--especially since blocking port 25 has not prevented spam at all.
----- Cox and other port 25 blocking ISPs don't want to be responsible for your mail server. ----- To me this has sounded good but never adds up if you spend a moment thinking about it.
If you're sending spam directly from your IP then you're easy enough to catch and prosecute.
If someone else is sending spam from their IP but spoofing as yours it's easy enough to compare MAC addresses or follow the email back through the various smtp contact points.
If you're sending spam directly from your IP but spoofing everything then the investigators need to track you by more technical means (MAC address). Current investigations of spam routed through multiple smtp bouncers requires this anyways.
Someone please tell me how blocking port 25 solves anything? I see only that it gives the ISP IT departments an excuse to request more funds to begin sifting through everyone's email.
----- What I don't get is why no one is bothering to follow the money trail here ----- I agree but I think I have an insight to the answer.
Banking institutions and credit card companies make money on three things: legitimate transactions, illegitimate transactions that the consumer doesn't contest, and collections departments for consumers that do contest. Collection departments, banks, and credit agencies lose money on the following efforts: transaction verification.
As long as they can continue to post net profit through legitimate transactions and bullying harassment of people who won't pay then there's no reason to implement a system which might call their integrity into question.
I've configured sendmail, and exim, and postfix. There are spamproof email solutions. It's not any different from securing a wireless router. For an smtp server, no mail is forwarded except for internal communications. It's easy to block forged addresses by simply not allowing outside connections from the internet.
With this in mind then the spam issue is really elementary. Spam is being sent one of three ways. 1) Through smtp servers which are run by incompetent sysadmins who don't know how to lock their services. The executive board of any such company should be jailed. The sysadmin should be demoted to help desk. 2) Through smtp bouncers installed on hacked Windows boxes. MS and the executive board which failed to utilize a more secure solution should be jailed. 3) Sent by a desktop advertising agency which is funded by a taxpayer subsidized small business loan.
I rank the probability spectrum 3,2,1. The problem isn't being solved because the people making money off of the spam are the same people who lobbied the politicians to set aside the funds in the first place.
"No. No. We're not doing anything wrong. This isn't spam. You wrote the bill. You know that there's a loophole right there in subpart a, section 3, subpoint n which says that as long as we're a 'desktop advertising agency' we're not spammers."
What do you propose doing when the malicious spammer is using an smtp bouncer on port 25356 which they were able to install because of a security hole in the Windows server which MS hasn't bothered to address yet?
Blocking port 25, or any other port, isn't going to solve the problem. What it will do is start a degenerating spiral which will result in complete uselessness of the TCP/IP protocol when, after 5 years, every port on every machine is blocked except for the ones specifically authorized by MS and/or your ISP.
"Oh great. I can only connect on port 80 and that's being actively monitored at every moment. It's time to ditch the computer and lace up the shoes for a walk to the bank, and the grocery store to pay the bills, and there's no sense in sending that joke to my sister 'cuz my ISP will probably misconstrue it as some sort of online harassment because the monitor doesn't like it."
I've tried to do this. The admins that I've contacted never bother to write back. They never bother to check their smtp logs. In all reality it's quite possible that they don't even know. So many of the smtp portals are running Windows that it's logical to think that the boxes may be running smtp forwarding services without the admins knowledge or consent. At the same time the admin doesn't care (too busy collecting the paycheck) or can't do anything about it. Can you imagine a sysadmin telling his executive board that he needs to take down their entire intranet for a few weeks while he rebuilds this system?
"And to think that rat b**t**d suggested we migrate to Linux. Doesn't he realize the kickbacks we get from those MS contracts?"
Until the world as a whole smartens up there's really nothing that we can do but watch in dismay.
This is precisely why I don't buy into the whole idea of malicious hacker spam. I really think that spam is sent out simply to feed the industry of generating lists (like the Nazis did) or to boost numbers for desktop advertising agencies who receive funding from taxpayer subsidized small business loans. Billions of dollars have been allocated for technology development, the only requirement for which is involvement in an internet business. Desktop advertising agencies could easily spin their purpose as helping to accelerate the economy by connecting consumers with products that they need. No one really double-checks to see that their productivity numbers are laced to the hilt with spam.
Perhaps people will start advocating smaller government once they realize that their tax dollars are being used to destroy e-mail and fund spammers.
----- "So many Internet users are flooding us with complaints about these child porn CDs that we supposedly ordered for them," said Linford, adding that he was cooperating with police ----- You're right. I was reading in pan and scan mode and didn't see the paragraph about this one in it's entirety.
We love guys like you. Guys like you raised us and fed us and changed our diapers. Guys like you bought our first computers for us and looked on in wonderment when we started writing programs on loose-leaf paper around the Christmas tree at age eleven.
Guys like you need to put pressure on other guys like you to let guys like me migrate the world to secure Linux distributions and let guys like me manage the security aspect.
Nothing against guys like you, we love you. But guys like you should not be in charge of internet security no matter how many certifications or political connections you have.
I'm not blaming you but I'm doing the same thing that you did to guys like me when we were growing up: "See, if you would've listened to me in the first place this wouldn't have happened. Now you're stuck with it so quit whining."
Agreed. How the heck do people in an anti-spamming organization get caught up on this? They should really know better. If this article is true then I wouldn't be surprised to find out that the anti-spamming organization is staffed by tech-ignorant do-gooders who, meaning well, only further pave the road to hell.
If there really is child pornography being sent on CD through the mail then the FBI should really be involved in tracking this down. Using the postal service to commit a crime is a federal offense in itself. Certainly the attackers can be fudging their return addresses on the packages but there are so many other ways of approaching the problem. ISPs already track users that visit such websites. CDs are imprinted with media identifiers. Are there lot numbers which can be tracked to distributors and regions? What about imprints left behind by the burning hardware and software? What about identifiers embedded in the pictures themselves?
Why aren't existing security admins cooperating on this? A few years ago I spent a couple months making a concerted effort to track down the spam that made its way to my inboxes. I would look at the e-mail trail, run WHOIS and DNS lookups on the servers, find the last known good smtp portal, and try mailing the admin to ask him to help stop the spam. Typically I received no response leading me to believe that the operator was an absentee sysadmin who collects his paycheck but doesn't care about his job. Additionally, so many of the smtp servers were running Windows that it isn't unthinkable that the admin can really do nothing about it--his box is backdoored and the executive board would fire him if he took it down to reinstall. That same executive board probably insists, for contract skim purposes, that he continue to use a Windows platform.
On the issue of funding I don't believe that these people really and truly make the majority of their money from stolen credit cards. I feel that has got to be nothing more than scare tactics and hype to direct attention away from the real source of funding. I believe the majority of their money comes from taxpayer subsidized small business loans and tech-ignorant investors. I've traced a large amount of my spam back to addresses associated with "desktop advertising agencies". "We sent out one million e-mails today. It's technically not spam--don't ask questions. There's a loophole in the definition which makes this not spam. This will look great on the quarterly report and on the small business report to the bank. It will also bump us up into the 'productive' category so that we can qualify for an additional $X million in taxpayer subsidized small business loans."
If we want competent sysadmins we need to hire people who really have a passion for the systems that they work on. Companies are free to hire me but I'm always given the critical eye of scrutiny because I didn't spend the $15k to get night-school certifications.
Install with NOTHING but the most basic system possible just so that you can have a working system. Upgrade the kernel manually, install Xfree86 4.latest manually, and add packages using dselect.
It's a very basic principle: lay the groundwork before building the entire house. Your problem sounds like it arose because you wanted to try and install the full system right out of the box.
Doesn't sound crazy to me at all. I've seen it before. It could be a boot sector gremlin (virus/monkeywrench). Have you tried zero-filling the first 1024 bytes of the drive and reinstalling another OS?
I also have another possibility for the problem. If the BIOS of the drive is flasheable then perhaps the BIOS was cleared by a malicious attacker. While this may render the drive useless from bootup it is possible that Windows contains enough software code to be able to make low-level calls to the drive which are understood inherently by the existing circuits.
For example: After installing Win98 and Debian on my drive (on a mobo with an Apollo MVP/3 chipset and UDMA/33 capable) Win2k-install refuses to acknowledge the drive due to some issue between the ide-scsi emulation identified by Win98 in the configuration of the C:\ drive and the ide-scsi emulation that the Win2k installer wants to use. It has something to do with the nature of the MVP/3 chipset. If I use the HD utils to disable UDMA/33 on the HD then Win2k is able to access the drive fine, though using much slower, more primitive access routines (I forget what it's called). Once Win2k is installed (at an obnoxiously slow rate) then I can go back, reenable UDMA, boot Win2k, let it update it's chipset HD access driver, and it works. It will continue to complain about some driver/chipset mismatch every time it boots. This is the only way that I've been able to get Win98, Debian, and Win2k Adv. Serv. to coexist on the same HD. After all of that rigamarole I still can use cfdisk under Linux to make secondary partitions all day long so LILO can boot other Linux installs.
I'm not a hardware engineer but technology for controlling hard drive mechanisms has been around so long that it's not unthinkable that some of the chips have overlapping tasks. "The BIOS may be cleared but the signal coming in through that wire goes into this other chip which makes use of the signal correctly anyways."
As for your clicking HD problem I would suspect that someone was watching you.:-)
The moderators have got to be on crack. To rate the original post as "Troll" is to deny reality.
Security for computers is like security in society: the more money you spend on it from a centralized level the worse it gets. The only way to really increase security is for each individual to work on it, individually. At the end of the day if someone really really wants to break into your house it doesn't matter how many locks, entry systems, or guard dogs you have.
Advocating a consortium of experts to make recommendations on security is similar to asking a group of politicians to make recommendations on improving society. They'll come up with some grand recommendations but we, the people, aren't going to see any benefit from it. If anything it will make life more cumbersome and less fulfilling. Most of us should be familiar with the cumbersome secure computing (formerly Palladium) initiative that the industry is embarking on.
Corporate security and safe sex
on
Real Security?
·
· Score: 1
Security no longer means security. Security is just another cog in the corporate wheel with budget numbers to satisfy thousands of shareholders who wouldn't know security from a coaster tray. With that in mind then there is no surprise that security has become a useless industry of productivity-killing gadgets directed by people whose certifications on their resume make up for their mediocrity on the job.
Most security departments try to fix security problems by implementing safety nets (netwatchers, redundant firewalls, active real-time scanners) rather than implementing prevention. Prevention means educating people about safe computer practices--like safe sex. The safest sex is abstinence--keep your clothes on, all zippers closed, and don't kiss people who've been around the block. The safest computer use is to view only the documents that you need and don't open documents from people who are frivolous with their computer use. Sex is acceptable (at your own risk) once married. Unsafe computer practices are acceptable (at your own risk) once you're on your home computer.
To illustrate how safe computer use is effective: I run my Debian, LFS, and Win98 all without any firewalls or active virus scanners (I scan once every few months when I get bored). My only remote security measure is a 4-port router connected to the cable modem. Three years since my last complete rebuild I still have no viruses and have not been rooted or compromised even once.
----- I'm sure you would take the necessary measures to counter this. ----- Don't be naive. You're not living in an ideal world. While everyone would like to take the necessary measures to protect their intellectual property they are, in reality, no match for large corporate entities with massive legal budgets.
----- Oh please, you sound like a wannabe revolutionist who is blinded by your own agenda ----- Ummm, no. The author is quite correct. In the 80s peoples' entire houses were confiscated with nothing more than an FCC suspicion that they might have a copied disk of "Space Invaders" or some other Activision game lying around. In the 90s entire dorm rooms were carted away because some student linked his page to an Eaglesoft, Inc. site. In the 2000s we're now watching computers get carted off because Britney_Spears_Another_Corporate_Tune.mp3 was made available.
----- I would think the people would be losers if they chose to use Diebold machines knowing about the flaw. Diebold isn't putting a gun to anyone's head forcing them to use Diebold machinery ----- Again, naive and idealistic. The people never know. The decisions are made by executives and politicians who are more interested in the skim percentage that they'll receive from signing the deal. The "people" never even see the paperwork.
----- Voting does make a difference ----- You're on crack. There was no real difference between Bush and Gore. It's a dog (elephant) and pony (donkey) show. In any election less than presidential the average voting percentage drops off to less than 20%. With 90% of monetary resources controlled by 10% of the people, this gives the rich (who have all the time in the world to hang out at voting booths) an easy advantage.
If one considers the millions of dollars that are poured into developing electronic voting systems, and the millions of dollars spent on half-baked propaganda attempting to convince an ignorant public that such things are inherently secure, and the millions of dollars that are spent covering up for any flaws found in the system...
Well, all those millions sound pretty draconian to me. Additionally, if it takes that much money to convince someone of something then it can't be a pure honest fact.
Bully-boy tactics don't stop here. Even if the EFF continues to pursue Diebold eventually everything will come to a grinding halt in legal maneuvers. Ten years from now you'll hear that the EFF ran out of funding and that Diebold has scored a new fat government contract, conveniently funded with taxpayer dollars.
The best you can do is hope to be buying massive amounts of Diebold stock just before they receive that contract.
----- There is no moral justification for granting exclusive ownership to someone ----- Pardon me but I disagree. I spent 4 years working for a major pharmaceutical company as the FNG (fsckin' new guy). I'm a gunner, an alpha, an overachiever. My management picked up on this very quickly. Every time I had a new idea which addressed a problem on a project or outlined a method of designing a pharmaceutical I was wholistically beat down. I was verbally harassed, told to mind my own business, and bitz-slapped because,"We have PhDs. You have a BS. What can you possibly know."
Time and again, two or three months down the road, those same PhDs would be pitching my ideas as their own and using it to influence the direction of the project. At the same time they would gladly accept the social benefits of coming up with ways to advance and direct projects.
I would really like to have had an opportunity to have exclusive ownership of my ideas. If I wrote the ideas down in my notebook to be cross-signed then they were company property. If I didn't write them down then I was criticized for not participating with the group. If I kept my ideas to myself then I was harassed as feeling isolated, being a sullen lazy slacker, and any number of other unpleasantries. I watched my boss score two promotions in three years while he was allowed to blacklist my career.
The burden of proof in any situation always rests on the person with the lesser resources. Resources, in this case, being defined as the combination of political influence, legal representation, and money.
Slashdot Mirror
It has been pointed out that:
... beat them naked with wet noodles and toilet paper until they finally start treating us like humans rather than cattle to be harvested one surcharge at a time.
-Everyone has experienced this first hand across many industries.
-Sometimes the extra surcharges are mandated by law.
How can we stop ourselves from being "nickel-and-dimed to death" by the industries which we pay for? Tell the politicians to get out of bed with the executives, line them all up against the wall and
Thanks for clearing that I up. I see that I had some of the story correct in principle but with a few facts rearranged or out of place. I've always wanted to know what was in that entire deal.
The question still remains: Is the h/w FAT licensing a reiteration of this sort of event where MS is looking for a quick influx of cash to attempt to leverage deals down the road which could reinstroduce its stranglehold on the world market?
I think this is a reinvention of Microsoft indicating that the company, as a corporate entity, is beginning to see the end of the easy days when they had a stranglehold on the world, unlimited resources, no immediate debt, and no competition.
Correct me if I'm wrong. This is what I remember happening:
Bill Gates' first real business deal was with a hard drive maker (who?) supplying IBM. This was the business deal which put the money in his hands to make the rest of the MS phenomenon happen. IBM had received a huge, taxpayer funded, government contract to provide computer systems for some initiative. The hard drive maker (XYZ) had the contract to supply the drives for these systems. The defining requirement for the hd contract was that the drives come preinstalled with an OS. What the OS was made no difference since the systems would be revamped when they got wherever they were going. Bill Gates was somehow in the social circles who were making this happen. Bill immediately took QDOS, from his programming project at college, and offered it to XYZ. In return, XYZ and IBM both signed the paperwork which acknowledged QDOS as being sole property of Bill Gates. From what I understand, Bill contributed only the bare minimum to the research group that wrote QDOS. As a member of the group he let others do the work to make the grade and kept a copy of the finished product.
Bill took the money from this sort of licensing and made Microsoft with it. Our politicians sold us to Bill Gates from the very beginning.
This move to license FAT looks like the same sort of maneuver. Microsoft is hoping that this will give them the financial leverage to propel themselves into the next few years until they can work over enough hardware manufacturers to restructure the architecture, make it MS dependent, and once again achieve a stranglehold on the world.
What is Gentoo anyways? Package management like Debian with the option to LFS everything and some neat marketing and graphics to boot.
I'll stick with LFS and Debian.
-----
It's blocked 100% of spam that would have originated from servers running on computers connected to an ISP that blocks port 25
-----
Which is 0.00000001% of the total spam anyways. No one in their right mind actually sends spam from their own smtp server on their own machine. No one has sent spam from their native localhost since the earliest days of spamming USENET. Everyone knows that it'd be too easy track. Spam originating from port 25 hasn't been an issue for nearly a decade and ISPs first started blocking off port 25 in the last year or two (at _most_). The real reason is because they want an excuse to run a filter on the ISP smtp relays and justify the purchase of a few new pieces of hardware to handle it. There is also the promotion for the idiot-stick yuppie admin who proposed the ground breaking idea of port 25 blocking. Puh-leez.
The only spammers that you're going to catch by blocking port 25 are the little old grandmothers who've pieced together an e-mail list so that they can sell their hand-made Christmas tree ornaments. Who are you really targeting?
There is no real reason to block port 25 unless you're a pitiable control freak who obsesses about watching your neighbor. Nonconsentual voyeurism is also illegal.
-----
However, when Windows has a bug, everybody knows about it because it affects just about everybody.
-----
Bugs I can handle as long as it's not turned into an exploit. Exploits are *bad*. Microsoft tends to outright ignore or cover up exploits.
We hear so much more about Microsoft because the overbloated, inefficient, buggy code was the only thing that would meet corporate marketing deadlines. Shareholders don't know jack about structured programming. What they do know about is sales, profits, and number of new products this year.
Let's not be talked into a dreamlike trance by the silver tongue of the corporate snake.
-----
It's not about getting the spammer. It's about PREVENTING spam in the first place
-----
I've heard this argument before and it's not working.
We can't prevent murder by regulating guns. That feeds the black market in firearms. We can't prevent assault by regulating knives. Regulating knives would be a nasty blow to any illusion of a free society.
Blocking port 25 to prevent spam as a preemptive measure isn't working. It's feeding the industry in underground spam and it's leaving a bad mark on any illusion of free computing.
I'm not paranoid about my ISP monitoring my email. They can monitor me all day long. What I don't like is my ISP raising rates so that they can pay some high school dropout to stalk me when I start emailing my date plans to girlfriends (I'm a geek, it doesn't happen often, but it could). In all reality my ISP doesn't need to watch me. If the guy next door starts sending spam from his computer then it's easy enough for the ISP to start watching/tracking him without blocking port 25.
Am I to believe that ISPs don't have bandwidth monitors and triggers on every active connection? Puh-leez. What would the IC cost to do such a thing? $0.05/pop to see a burst of activity that isn't associated with loading a Star Wars page?
-----
"To me this has sounded good but never adds up if you spend a moment thinking about it."
Next time, try 5 minutes.
-----
That is inconsiderate, disrespectful, and flamebait--especially since blocking port 25 has not prevented spam at all.
-----
Cox and other port 25 blocking ISPs don't want to be responsible for your mail server.
-----
To me this has sounded good but never adds up if you spend a moment thinking about it.
If you're sending spam directly from your IP then you're easy enough to catch and prosecute.
If someone else is sending spam from their IP but spoofing as yours it's easy enough to compare MAC addresses or follow the email back through the various smtp contact points.
If you're sending spam directly from your IP but spoofing everything then the investigators need to track you by more technical means (MAC address). Current investigations of spam routed through multiple smtp bouncers requires this anyways.
Someone please tell me how blocking port 25 solves anything? I see only that it gives the ISP IT departments an excuse to request more funds to begin sifting through everyone's email.
-----
What I don't get is why no one is bothering to follow the money trail here
-----
I agree but I think I have an insight to the answer.
Banking institutions and credit card companies make money on three things: legitimate transactions, illegitimate transactions that the consumer doesn't contest, and collections departments for consumers that do contest. Collection departments, banks, and credit agencies lose money on the following efforts: transaction verification.
As long as they can continue to post net profit through legitimate transactions and bullying harassment of people who won't pay then there's no reason to implement a system which might call their integrity into question.
I've configured sendmail, and exim, and postfix. There are spamproof email solutions. It's not any different from securing a wireless router. For an smtp server, no mail is forwarded except for internal communications. It's easy to block forged addresses by simply not allowing outside connections from the internet.
With this in mind then the spam issue is really elementary. Spam is being sent one of three ways.
1) Through smtp servers which are run by incompetent sysadmins who don't know how to lock their services. The executive board of any such company should be jailed. The sysadmin should be demoted to help desk.
2) Through smtp bouncers installed on hacked Windows boxes. MS and the executive board which failed to utilize a more secure solution should be jailed.
3) Sent by a desktop advertising agency which is funded by a taxpayer subsidized small business loan.
I rank the probability spectrum 3,2,1. The problem isn't being solved because the people making money off of the spam are the same people who lobbied the politicians to set aside the funds in the first place.
"No. No. We're not doing anything wrong. This isn't spam. You wrote the bill. You know that there's a loophole right there in subpart a, section 3, subpoint n which says that as long as we're a 'desktop advertising agency' we're not spammers."
What do you propose doing when the malicious spammer is using an smtp bouncer on port 25356 which they were able to install because of a security hole in the Windows server which MS hasn't bothered to address yet?
Blocking port 25, or any other port, isn't going to solve the problem. What it will do is start a degenerating spiral which will result in complete uselessness of the TCP/IP protocol when, after 5 years, every port on every machine is blocked except for the ones specifically authorized by MS and/or your ISP.
"Oh great. I can only connect on port 80 and that's being actively monitored at every moment. It's time to ditch the computer and lace up the shoes for a walk to the bank, and the grocery store to pay the bills, and there's no sense in sending that joke to my sister 'cuz my ISP will probably misconstrue it as some sort of online harassment because the monitor doesn't like it."
I've tried to do this. The admins that I've contacted never bother to write back. They never bother to check their smtp logs. In all reality it's quite possible that they don't even know. So many of the smtp portals are running Windows that it's logical to think that the boxes may be running smtp forwarding services without the admins knowledge or consent. At the same time the admin doesn't care (too busy collecting the paycheck) or can't do anything about it. Can you imagine a sysadmin telling his executive board that he needs to take down their entire intranet for a few weeks while he rebuilds this system?
"And to think that rat b**t**d suggested we migrate to Linux. Doesn't he realize the kickbacks we get from those MS contracts?"
Until the world as a whole smartens up there's really nothing that we can do but watch in dismay.
This is precisely why I don't buy into the whole idea of malicious hacker spam. I really think that spam is sent out simply to feed the industry of generating lists (like the Nazis did) or to boost numbers for desktop advertising agencies who receive funding from taxpayer subsidized small business loans. Billions of dollars have been allocated for technology development, the only requirement for which is involvement in an internet business. Desktop advertising agencies could easily spin their purpose as helping to accelerate the economy by connecting consumers with products that they need. No one really double-checks to see that their productivity numbers are laced to the hilt with spam.
Perhaps people will start advocating smaller government once they realize that their tax dollars are being used to destroy e-mail and fund spammers.
-----
"So many Internet users are flooding us with complaints about these child porn CDs that we supposedly ordered for them," said Linford, adding that he was cooperating with police
-----
You're right. I was reading in pan and scan mode and didn't see the paragraph about this one in it's entirety.
Please turn your flame mode off.
We love guys like you. Guys like you raised us and fed us and changed our diapers. Guys like you bought our first computers for us and looked on in wonderment when we started writing programs on loose-leaf paper around the Christmas tree at age eleven.
Guys like you need to put pressure on other guys like you to let guys like me migrate the world to secure Linux distributions and let guys like me manage the security aspect.
Nothing against guys like you, we love you. But guys like you should not be in charge of internet security no matter how many certifications or political connections you have.
I'm not blaming you but I'm doing the same thing that you did to guys like me when we were growing up: "See, if you would've listened to me in the first place this wouldn't have happened. Now you're stuck with it so quit whining."
Agreed. How the heck do people in an anti-spamming organization get caught up on this? They should really know better. If this article is true then I wouldn't be surprised to find out that the anti-spamming organization is staffed by tech-ignorant do-gooders who, meaning well, only further pave the road to hell.
If there really is child pornography being sent on CD through the mail then the FBI should really be involved in tracking this down. Using the postal service to commit a crime is a federal offense in itself. Certainly the attackers can be fudging their return addresses on the packages but there are so many other ways of approaching the problem. ISPs already track users that visit such websites. CDs are imprinted with media identifiers. Are there lot numbers which can be tracked to distributors and regions? What about imprints left behind by the burning hardware and software? What about identifiers embedded in the pictures themselves?
Why aren't existing security admins cooperating on this? A few years ago I spent a couple months making a concerted effort to track down the spam that made its way to my inboxes. I would look at the e-mail trail, run WHOIS and DNS lookups on the servers, find the last known good smtp portal, and try mailing the admin to ask him to help stop the spam. Typically I received no response leading me to believe that the operator was an absentee sysadmin who collects his paycheck but doesn't care about his job. Additionally, so many of the smtp servers were running Windows that it isn't unthinkable that the admin can really do nothing about it--his box is backdoored and the executive board would fire him if he took it down to reinstall. That same executive board probably insists, for contract skim purposes, that he continue to use a Windows platform.
On the issue of funding I don't believe that these people really and truly make the majority of their money from stolen credit cards. I feel that has got to be nothing more than scare tactics and hype to direct attention away from the real source of funding. I believe the majority of their money comes from taxpayer subsidized small business loans and tech-ignorant investors. I've traced a large amount of my spam back to addresses associated with "desktop advertising agencies". "We sent out one million e-mails today. It's technically not spam--don't ask questions. There's a loophole in the definition which makes this not spam. This will look great on the quarterly report and on the small business report to the bank. It will also bump us up into the 'productive' category so that we can qualify for an additional $X million in taxpayer subsidized small business loans."
If we want competent sysadmins we need to hire people who really have a passion for the systems that they work on. Companies are free to hire me but I'm always given the critical eye of scrutiny because I didn't spend the $15k to get night-school certifications.
Installing Debian is simple.
Install with NOTHING but the most basic system possible just so that you can have a working system. Upgrade the kernel manually, install Xfree86 4.latest manually, and add packages using dselect.
It's a very basic principle: lay the groundwork before building the entire house. Your problem sounds like it arose because you wanted to try and install the full system right out of the box.
Doesn't sound crazy to me at all. I've seen it before. It could be a boot sector gremlin (virus/monkeywrench). Have you tried zero-filling the first 1024 bytes of the drive and reinstalling another OS?
:-)
I also have another possibility for the problem. If the BIOS of the drive is flasheable then perhaps the BIOS was cleared by a malicious attacker. While this may render the drive useless from bootup it is possible that Windows contains enough software code to be able to make low-level calls to the drive which are understood inherently by the existing circuits.
For example: After installing Win98 and Debian on my drive (on a mobo with an Apollo MVP/3 chipset and UDMA/33 capable) Win2k-install refuses to acknowledge the drive due to some issue between the ide-scsi emulation identified by Win98 in the configuration of the C:\ drive and the ide-scsi emulation that the Win2k installer wants to use. It has something to do with the nature of the MVP/3 chipset. If I use the HD utils to disable UDMA/33 on the HD then Win2k is able to access the drive fine, though using much slower, more primitive access routines (I forget what it's called). Once Win2k is installed (at an obnoxiously slow rate) then I can go back, reenable UDMA, boot Win2k, let it update it's chipset HD access driver, and it works. It will continue to complain about some driver/chipset mismatch every time it boots. This is the only way that I've been able to get Win98, Debian, and Win2k Adv. Serv. to coexist on the same HD. After all of that rigamarole I still can use cfdisk under Linux to make secondary partitions all day long so LILO can boot other Linux installs.
I'm not a hardware engineer but technology for controlling hard drive mechanisms has been around so long that it's not unthinkable that some of the chips have overlapping tasks. "The BIOS may be cleared but the signal coming in through that wire goes into this other chip which makes use of the signal correctly anyways."
As for your clicking HD problem I would suspect that someone was watching you.
The moderators have got to be on crack. To rate the original post as "Troll" is to deny reality.
Security for computers is like security in society: the more money you spend on it from a centralized level the worse it gets. The only way to really increase security is for each individual to work on it, individually. At the end of the day if someone really really wants to break into your house it doesn't matter how many locks, entry systems, or guard dogs you have.
Advocating a consortium of experts to make recommendations on security is similar to asking a group of politicians to make recommendations on improving society. They'll come up with some grand recommendations but we, the people, aren't going to see any benefit from it. If anything it will make life more cumbersome and less fulfilling. Most of us should be familiar with the cumbersome secure computing (formerly Palladium) initiative that the industry is embarking on.
Security no longer means security. Security is just another cog in the corporate wheel with budget numbers to satisfy thousands of shareholders who wouldn't know security from a coaster tray. With that in mind then there is no surprise that security has become a useless industry of productivity-killing gadgets directed by people whose certifications on their resume make up for their mediocrity on the job.
Most security departments try to fix security problems by implementing safety nets (netwatchers, redundant firewalls, active real-time scanners) rather than implementing prevention. Prevention means educating people about safe computer practices--like safe sex. The safest sex is abstinence--keep your clothes on, all zippers closed, and don't kiss people who've been around the block. The safest computer use is to view only the documents that you need and don't open documents from people who are frivolous with their computer use. Sex is acceptable (at your own risk) once married. Unsafe computer practices are acceptable (at your own risk) once you're on your home computer.
To illustrate how safe computer use is effective: I run my Debian, LFS, and Win98 all without any firewalls or active virus scanners (I scan once every few months when I get bored). My only remote security measure is a 4-port router connected to the cable modem. Three years since my last complete rebuild I still have no viruses and have not been rooted or compromised even once.
-----
I'm sure you would take the necessary measures to counter this.
-----
Don't be naive. You're not living in an ideal world. While everyone would like to take the necessary measures to protect their intellectual property they are, in reality, no match for large corporate entities with massive legal budgets.
-----
Oh please, you sound like a wannabe revolutionist who is blinded by your own agenda
-----
Ummm, no. The author is quite correct. In the 80s peoples' entire houses were confiscated with nothing more than an FCC suspicion that they might have a copied disk of "Space Invaders" or some other Activision game lying around. In the 90s entire dorm rooms were carted away because some student linked his page to an Eaglesoft, Inc. site. In the 2000s we're now watching computers get carted off because Britney_Spears_Another_Corporate_Tune.mp3 was made available.
-----
I would think the people would be losers if they chose to use Diebold machines knowing about the flaw. Diebold isn't putting a gun to anyone's head forcing them to use Diebold machinery
-----
Again, naive and idealistic. The people never know. The decisions are made by executives and politicians who are more interested in the skim percentage that they'll receive from signing the deal. The "people" never even see the paperwork.
-----
Voting does make a difference
-----
You're on crack. There was no real difference between Bush and Gore. It's a dog (elephant) and pony (donkey) show. In any election less than presidential the average voting percentage drops off to less than 20%. With 90% of monetary resources controlled by 10% of the people, this gives the rich (who have all the time in the world to hang out at voting booths) an easy advantage.
If one considers the millions of dollars that are poured into developing electronic voting systems, and the millions of dollars spent on half-baked propaganda attempting to convince an ignorant public that such things are inherently secure, and the millions of dollars that are spent covering up for any flaws found in the system...
Well, all those millions sound pretty draconian to me. Additionally, if it takes that much money to convince someone of something then it can't be a pure honest fact.
Bully-boy tactics don't stop here. Even if the EFF continues to pursue Diebold eventually everything will come to a grinding halt in legal maneuvers. Ten years from now you'll hear that the EFF ran out of funding and that Diebold has scored a new fat government contract, conveniently funded with taxpayer dollars.
The best you can do is hope to be buying massive amounts of Diebold stock just before they receive that contract.
-----
There is no moral justification for granting exclusive ownership to someone
-----
Pardon me but I disagree. I spent 4 years working for a major pharmaceutical company as the FNG (fsckin' new guy). I'm a gunner, an alpha, an overachiever. My management picked up on this very quickly. Every time I had a new idea which addressed a problem on a project or outlined a method of designing a pharmaceutical I was wholistically beat down. I was verbally harassed, told to mind my own business, and bitz-slapped because,"We have PhDs. You have a BS. What can you possibly know."
Time and again, two or three months down the road, those same PhDs would be pitching my ideas as their own and using it to influence the direction of the project. At the same time they would gladly accept the social benefits of coming up with ways to advance and direct projects.
I would really like to have had an opportunity to have exclusive ownership of my ideas. If I wrote the ideas down in my notebook to be cross-signed then they were company property. If I didn't write them down then I was criticized for not participating with the group. If I kept my ideas to myself then I was harassed as feeling isolated, being a sullen lazy slacker, and any number of other unpleasantries. I watched my boss score two promotions in three years while he was allowed to blacklist my career.
The burden of proof in any situation always rests on the person with the lesser resources. Resources, in this case, being defined as the combination of political influence, legal representation, and money.