Comcast has every right to make rules as they see fit and if they decide you shouldn't use their network to steal then you aren't using their network to steal.
Comcast has every right to make the rules as they see fit. And I have every right to choose a different ISP.
after reading this on the/. front page, i runned the windows update, that i don't visit for more than a year...
For the love of all that is holy, I hope you're joking. Any windows machine that hasn't been patched in over a year has probably already been rode hard and put back wet. You may wanna install the blaster patch too while you're at it.
and after some time, a windows pops up with the text:
"The software you are instaling has not passed the Windows Logo testing to verify its compatibility with Windows XP. bla bla bla"
"This software will *not be instaled*. Contact your system administrator."
I'm gonna go out on a limb here and guess that if you haven't patched it in over a year, you haven't installed SP1? You need SP1 to install the patch. Would it really kill you to enable the Automatic Updates and be done with it?
IT PUTS THE PATCH ON ITS BOX. IT DOES THIS WHEN IT'S TOLD.
You know, normally these updates are available a good 3 or 4 months before the worm becomes available. This one was updated about 3 days ago.Not to defend Microsoft, but this worm had to be pathetically easy to write. Code already existed to exploit the RPC DCOM vulnerability that blaster used, so once someone posted exploit code for this vulnerability it was probably just a copy & paste job.
On a related note, I'd just like to point out that anyone who opens port 445 on their network deserves to get infected. I almost have some sympathy for the clueless who are running windows machines sans firewall, but really they should've learned by now. A $50 linksys box makes this worm go away. And while I'm ranting, Linksys/Cisco can feel free to put a half decent ACL interface on their home routers any freakin time now.
I just got hit with wone of these lsass viruses a few weeks ago.
Who'd you report it to? CERT? The ISC? The LSASS vulnerability was reported just over 2 weeks ago, and the sasser worm first showed up Friday night. If you truly had a machine that had the LSASS vulnerability exploited days after it was announced, the least you could've done is report it to someone.
the luxury of being behind a nat box with all ports off and not having to deal with such nonsense
That's great for a home or SOHO network. In an enterprise network, it only takes one assclown bringing his unpoatched laptop into work on Monday after having it plugged into a naked cable/DSL connection all weekend to hose your network. At that point, any unpatched windows box is fair game, and the only thing your firewall's good for is scouring the logs to find infected machines trying to go out.
Any network that doesn't practice defense in depth is like a tootsy roll pop: hard on the outside, but soft and chewy in the middle.
Don't know about the status quo, but I remember a year or 3 ago stolen credit card numbers factored into this trade as well. Makes the paper trail pretty otugh to follow...
You speak the truth. Consider the existence of trojans like phatbot, which spread by exploiting poor administration practices (weak admin account passwords, weak MS-SQL sa account passwords, etc), the back doors opened by netsky, bagle, and mydoom, as wells as every major windows vulnerability announced in the last two years.
Blaster brought networks to a standstill by exploiting one vulnerability. This thing has the potential to wreak some serious havoc. In fact, imo if so many admins hadn't gotten burned by blaster, this worm's impact would have been much worse. Regardless, this trojan and its variants could easily be modified to become worms (such build in an algorithm to self-propagate and voila) and could bring every network running windows machines to a standstill.
Distributed DDOS on an organization's servers IS NOT TERRORISM already
But that nice man Mr. Ashcroft already told me that selling the pot was domestic terrorism...
Actually, what I'm waiting for is not only for DDOS attacks to count as cyberterrorism, but for downloading pr0n to be considered "moral terrorism".
One add-on though, I would assert that cracking or DDOSing that results in intentional harm to someone (bringing a 911 center down or targeting a hospital network, for example) can pretty easily be considered terrorism. Blackmailing an online casino? Not so much.
Don't know if anyone will se this at this point, but why the hell wasn't this posted on the front page? It certainly seems newsworthy enough to make it up there to me. Who knows, maybe there actually could've been some worthwhile conversation about it...
...access to the whole or any part of a computer system without right. A Party may require that the offence be committed by infringing security measures, with the intent of obtaining computer data or other dishonest intent, or in relation to a computer system that is connected to another computer system.
Ha, a loophole! Rooting a server doesn't qualify as "obtaining computer data". Rather, it's placing additional data on the server. And there's nothing dishonest about the act... malicious, yes, but certainly not dishonest.
Sorry, but RBLs are far from perfect. As such, I won't rely on them. But thanks for trying to force your opinion of software onto me.
So you're holding every blacklist maintainer accountable for the actions of one. While you're at it, why don't you boycott operating systems because you don't like windows. If you employ an RBL that you consider trustworthy and have your mail server set up so that blacklisted IP's can still send mail to your postmaster and abuse accounts you're good to go. And if that isn't good enough for you, you can run spamassassin and have a hit on an RBL count as part of the overall SA score. Either way, it seems foolish to me to ignore a useful tool because of one bad experience.
Re:Fight back!
on
Paid To Spam
·
· Score: 2, Interesting
A powerful computer to pump out spam quickly and a decent firewall to block it will pay for themselves quickly if you keep them running 24/7.
Forget the firewall (Well, don't forget it. Just don't block the outgoing mail) Instead, just report your IP to the major blacklists. Everyone who uses an RBL wil be unaffected, and the people who don't will have more pressure put on them to use blacklists. Problem solved...
Dude, wtf is up with software companies in UT? Are there any software companies in the state whose business model doesn't involve prosecuting|compromising|raping their customers?
The main reason spam is prevalent is because SPAMMERS STEAL BANDWIDTH WITHOUT PAYING FOR IT. When you force them to operate from a single location, then they have to act ethically and then they have to pay premium money to spam, and then they go out of business because it's only economical when they steal resources
So the RBL's keep them running from IP to IP, or serving spam off of compromised machines (Gotta love the spamhaus XBL). Personally, I view this as a progression of RBL's: make it so that, not only do they have to hop mail servers, with this they also have to hop web servers.
I did some work for a day trading outfit to setup a spam server for them. Of course, they didn't call it a spam server, but basically it was a mail server setup to deliver several hundred thousand emails a day to email addresses they purchased in bulk. This is a legitamate company, and they lease a legitimate T1 line from AT&T and are thinking of getting a fractional T3 (6mbs) further on down the road.
A few years ago I would've expressed my best wishes hoping that you die a wretched death from a nasty VD you got from having bad sex with an ugly woman. Work's hard to come by these days though, so I don't really hold that against you personally. Besides, if they abuse their paid-for bandwidth by not honoring removal requests then their ISP will drop them, problem solved.
However, in the long run, the security industry is a very profitable one, and one way to get a head start is to be prolific and vocal in releasing high-quality exploits
And quoth the article:
"There will be about 10 academics and serious researchers who may find this interesting and about 10,000 kiddies who will blow each other's virtual brains out, with enterprise security folks caught in the middle," said Peter Lindstrom, the director of research for security consultancy Spire Security.
Apparently established security consulting companies feel that they too stand to gain something by being vocal and prolific. Yes we know, booga booga, the sky is falling, my megahurtz have been stole through the interweb. I'm sure Spire Security's condemnation of these tools has nothing to do with the fact that they help admins run their own pen tests without paying the exorbitant rates for an outside audit.
If cracking tools are widely available, they will be used to more quickly exploit whatever vulnerabilities exist, giving the author less time to patch. It's better for everyone if these tools are hard to come by.
I disagree. If those tools are available to whitehats then security professionals can run them in lab environments and develop countermeasures like Layer 7 firewall filters and IDS rules. Furthermore, if I'm aware of an exploit that's serious enough of a risk, I have the option of killing a port on the firewalls until the risk has been mitigated. But I can't do any of those things if I'm not aware of the vulnerability andif don't know how the tool works. Not only that, but if these cats have made good on their promise to communicate with IDS vendors about ways to detect metasploit in action, then I honestly don't see how someone could make a more benign tool. I haven't seen anything on snort.org yet, but then again I'd imagine many of the exploits run by metasploit already have signatures available.
Security professionals are inherently disadvantaged compared to blakhats. They have more time on their hands, and they have more numbers. At the end of the day, if security professionals don't have access to tools like this, then we're at even more of a disadvantage.
I think the key difference is that this is a White Hat tool, while PHLAK is meant for people weariing Black Hats...
I disagree. The only "black hat tools" imo are rootkits and the like. Everything else, to and including password crackers and vulnerability scanners, is just as much an auditing tool as it is a cracking tool.
Having used both distros, PHLAK has a little bit more style to it. I don't get the impresion that they made it for black hat uses, but wannabe blackhats may gravitate to it. You gotta admit, there's something to be said for tux wearing a kevlar. On the other hand, LAS goes so far as to publish exploit code on their site, so if you want to throw around the blackhat moniker it's not like they're angels. The LAS guys seem to update more often though, and the miniCD does add to the convenience factor.
So? Nearly every program my company writes does all of those as well. And our customers love us for it.
More power to them. The fact that they love you for it implies that they know that you do it. As a consumer, I have a right to know how my machine is going to change when I click setup.exe. How many people do you think would have installed bonzi buddy if they knew all the different crap it did?
You're exactly right. I was referring to a dismissal w/ prejudice in the IBM case, but I didn't say as much. My point was, SCO's demise alone isn't a desirable endgame. The IBM case being dismissed with prejudice, or some other OSS-friendly decision that establishes a precedent, is the most desirable outcome.
Just as long as SCO goes under in the end, does it really matter?
Yes, it does. What will prevent this from ever/ihappening again is a dismissal with prejudice, meaning that not only does the court view the case as meritless, but SCO could never try to resurrect the case. It's kinda the courtroom equivalent of lopping of Darl's head, impaling it on a halberd, and planting said halberd right next to the "Welcome to Lindon" sign for all to see.
You're right, there are some problems that would have to be overcome to implement an effective solution. The master of all challenges here is that the spammers are legion, and they are motivated by cash.
any spammer URLs contain a code that identifies your email address (and maybe the spammer), so the wget tells the spammer that they've got a valid email address for you. Sometimes it's encoded in the subdomain name, sometimes in the path, often in query contents.
I don't see that as too big of a challenge. Incorporate code to remove or substitute email addresses from the URL prior to the wget and you're good to go. I'm thinking something along the lines of defining your domain(s) when installing the software, then stripping out username@yourdomain.tld before the wget. For added fun, username@yourdomain.tld could be replaced with uce@ftc.gov.
Then again, is it such a bad thing if your email addy shows up in a list of addresses that are DOSing the spammers? The internet connections at my job add up to 24 Mbps (18 if you don't count the committed burst on the frame relay connection) so really, if I've got an email address that bites back, they're welcome to send me all the spam they want. Hell, I'd even put a QOS policy on the switch I plug into just to make sure none of my http packets get dropped on their way to our border routers. My email address gets sent to them, they send more spam, I send more DOS, they send more spam, ad nauseam. Get a dozen or so enterprise networks running something like that on their perimeter mail servers for every incoming piece of mail and that's an arms race the spammers are guaranteed to lose. Likewise, a distributed network of spam honeypots on DSL lines could scale even better.
Another is that these addresses are often redirects, so there might be queries to a simple redirector URL, which don't burn much bandwidth, that point to some free web site (or at least handle the images from the free web site) which does the heavy lifting. If the wget attack becomes popular, there'll be lots more of this, and spammers will play tricks to make it hard for the wget to automatically get the real site.
Good point. Prior to the output being redirected to dev/null, the output could be parsed for html redirects. There is room for html obfuscation, so some html preprocessing code may be necessary. (If it was easy anybody could do it right?) At any rate, once you get to the free sites that are hosting the images, that's where bandwidth becomes an issue and you start hitting them where it hurts.
Many spammers also frequently put other people's valid URLs in their mail to fake legitimacy, e.g. URLs from E-Bay's news site or the Better Business Bureau or various anti-virus companies, in addition to having their own URL for the suckers to click.
This one's tricky. The only simple solution that comes to mind is a whitelist of sites that shouldn't get hit. That doesn't scale very well though, and there's bound to be some collateral damage. This might be solvable with bayesian filters, but failing that an admin would have to review a list of sites getting hit and add certain sites to a list of those that the Get of Death should pass over.
Sadly, I'm a network security analyst, not a developer, and my kung foo is limited (at present) to shell scripting and a wee bit of perl. And I wonder why my idea-to-implementation ratio is so low...
I don't remember where I read this idea, but it seems pretty sensible to me. Have the body of each email parsed for http://. Then for each instance do a wget to that page, with the output going to dev/null. Spammers are successful because only the trolls who have some interest in what they're selling click the links. But now, everyone's "clicking" the links. Either their bandwidth gets hogged up and their ISP shuts them down, or their bandwidth bill goes through the roof. Either way, thank you for playing.
Slashdot Mirror
I'm gonna go out on a limb here and guess that if you haven't patched it in over a year, you haven't installed SP1? You need SP1 to install the patch. Would it really kill you to enable the Automatic Updates and be done with it?
IT PUTS THE PATCH ON ITS BOX. IT DOES THIS WHEN IT'S TOLD.
Any network that doesn't practice defense in depth is like a tootsy roll pop: hard on the outside, but soft and chewy in the middle.
Don't know about the status quo, but I remember a year or 3 ago stolen credit card numbers factored into this trade as well. Makes the paper trail pretty otugh to follow...
You speak the truth. Consider the existence of trojans like phatbot, which spread by exploiting poor administration practices (weak admin account passwords, weak MS-SQL sa account passwords, etc), the back doors opened by netsky, bagle, and mydoom, as wells as every major windows vulnerability announced in the last two years.
Blaster brought networks to a standstill by exploiting one vulnerability. This thing has the potential to wreak some serious havoc. In fact, imo if so many admins hadn't gotten burned by blaster, this worm's impact would have been much worse. Regardless, this trojan and its variants could easily be modified to become worms (such build in an algorithm to self-propagate and voila) and could bring every network running windows machines to a standstill.
Learn to swim.
Actually, what I'm waiting for is not only for DDOS attacks to count as cyberterrorism, but for downloading pr0n to be considered "moral terrorism".
One add-on though, I would assert that cracking or DDOSing that results in intentional harm to someone (bringing a 911 center down or targeting a hospital network, for example) can pretty easily be considered terrorism. Blackmailing an online casino? Not so much.
Don't know if anyone will se this at this point, but why the hell wasn't this posted on the front page? It certainly seems newsworthy enough to make it up there to me. Who knows, maybe there actually could've been some worthwhile conversation about it...
This is a very ambicious and laudable project. I remember reading about it a year ago ar so, but it looks like it's matured a lot since then.
Since we now get to combat multi-headed worms, it's fitting that we now have a multi-headed IDS to work with.
Ha, a loophole! Rooting a server doesn't qualify as "obtaining computer data". Rather, it's placing additional data on the server. And there's nothing dishonest about the act... malicious, yes, but certainly not dishonest.
"So we have determined that the universe is actually shaped like a giant cosmic donut."
"Mmmmmmm, universe..."
Dude, wtf is up with software companies in UT? Are there any software companies in the state whose business model doesn't involve prosecuting|compromising|raping their customers?
So the RBL's keep them running from IP to IP, or serving spam off of compromised machines (Gotta love the spamhaus XBL). Personally, I view this as a progression of RBL's: make it so that, not only do they have to hop mail servers, with this they also have to hop web servers.
A few years ago I would've expressed my best wishes hoping that you die a wretched death from a nasty VD you got from having bad sex with an ugly woman. Work's hard to come by these days though, so I don't really hold that against you personally. Besides, if they abuse their paid-for bandwidth by not honoring removal requests then their ISP will drop them, problem solved.
And quoth the article:
Apparently established security consulting companies feel that they too stand to gain something by being vocal and prolific. Yes we know, booga booga, the sky is falling, my megahurtz have been stole through the interweb. I'm sure Spire Security's condemnation of these tools has nothing to do with the fact that they help admins run their own pen tests without paying the exorbitant rates for an outside audit.
I disagree. If those tools are available to whitehats then security professionals can run them in lab environments and develop countermeasures like Layer 7 firewall filters and IDS rules. Furthermore, if I'm aware of an exploit that's serious enough of a risk, I have the option of killing a port on the firewalls until the risk has been mitigated. But I can't do any of those things if I'm not aware of the vulnerability andif don't know how the tool works. Not only that, but if these cats have made good on their promise to communicate with IDS vendors about ways to detect metasploit in action, then I honestly don't see how someone could make a more benign tool. I haven't seen anything on snort.org yet, but then again I'd imagine many of the exploits run by metasploit already have signatures available.
Security professionals are inherently disadvantaged compared to blakhats. They have more time on their hands, and they have more numbers. At the end of the day, if security professionals don't have access to tools like this, then we're at even more of a disadvantage.
I disagree. The only "black hat tools" imo are rootkits and the like. Everything else, to and including password crackers and vulnerability scanners, is just as much an auditing tool as it is a cracking tool.
Having used both distros, PHLAK has a little bit more style to it. I don't get the impresion that they made it for black hat uses, but wannabe blackhats may gravitate to it. You gotta admit, there's something to be said for tux wearing a kevlar. On the other hand, LAS goes so far as to publish exploit code on their site, so if you want to throw around the blackhat moniker it's not like they're angels. The LAS guys seem to update more often though, and the miniCD does add to the convenience factor.
So? Nearly every program my company writes does all of those as well. And our customers love us for it. More power to them. The fact that they love you for it implies that they know that you do it. As a consumer, I have a right to know how my machine is going to change when I click setup.exe. How many people do you think would have installed bonzi buddy if they knew all the different crap it did?
You're exactly right. I was referring to a dismissal w/ prejudice in the IBM case, but I didn't say as much. My point was, SCO's demise alone isn't a desirable endgame. The IBM case being dismissed with prejudice, or some other OSS-friendly decision that establishes a precedent, is the most desirable outcome.
I don't see that as too big of a challenge. Incorporate code to remove or substitute email addresses from the URL prior to the wget and you're good to go. I'm thinking something along the lines of defining your domain(s) when installing the software, then stripping out username@yourdomain.tld before the wget. For added fun, username@yourdomain.tld could be replaced with uce@ftc.gov.
Then again, is it such a bad thing if your email addy shows up in a list of addresses that are DOSing the spammers? The internet connections at my job add up to 24 Mbps (18 if you don't count the committed burst on the frame relay connection) so really, if I've got an email address that bites back, they're welcome to send me all the spam they want. Hell, I'd even put a QOS policy on the switch I plug into just to make sure none of my http packets get dropped on their way to our border routers. My email address gets sent to them, they send more spam, I send more DOS, they send more spam, ad nauseam. Get a dozen or so enterprise networks running something like that on their perimeter mail servers for every incoming piece of mail and that's an arms race the spammers are guaranteed to lose. Likewise, a distributed network of spam honeypots on DSL lines could scale even better.
Good point. Prior to the output being redirected to dev/null, the output could be parsed for html redirects. There is room for html obfuscation, so some html preprocessing code may be necessary. (If it was easy anybody could do it right?) At any rate, once you get to the free sites that are hosting the images, that's where bandwidth becomes an issue and you start hitting them where it hurts.
This one's tricky. The only simple solution that comes to mind is a whitelist of sites that shouldn't get hit. That doesn't scale very well though, and there's bound to be some collateral damage. This might be solvable with bayesian filters, but failing that an admin would have to review a list of sites getting hit and add certain sites to a list of those that the Get of Death should pass over.
Sadly, I'm a network security analyst, not a developer, and my kung foo is limited (at present) to shell scripting and a wee bit of perl. And I wonder why my idea-to-implementation ratio is so low...
I don't remember where I read this idea, but it seems pretty sensible to me. Have the body of each email parsed for http://. Then for each instance do a wget to that page, with the output going to dev/null. Spammers are successful because only the trolls who have some interest in what they're selling click the links. But now, everyone's "clicking" the links. Either their bandwidth gets hogged up and their ISP shuts them down, or their bandwidth bill goes through the roof. Either way, thank you for playing.