For the last year Waters and Support Intelligence CEO Rick Wesson called companies they found spamming, Waters says. But in big companies they had trouble connecting with people who had authority to clean up the networks. Waters thinks corporate upper management--CIO level and above--still don't appreciate the dangers of bots. "We'd talk to mid-level security people who understood botnets but had no buy-in from the CIO," he says. "Or the CEO had never heard about it."
So they decided after "much soul searching" to name offending companies. Their goal is to clean up the Internet, not embarrass people or make money, although Support Intelligence has gained some new business. But most companies are grateful to be told they have a problem, Waters says.
This public disclosure is a last ditch attempt to get someone to do something. They've tried to report the problem, but sometimes nothing will get done until someone with letters after their name sees the company's name in the headlines (where customers can see it and income is affected).
I don't like getting spam. The problem is not detecting it automatically, that works very well with tools like SpamAssassin and bmf. Even though I can automatically delete spam without reading it, the spammers still successfully deliver their mails and get paid by volume. I want to hurt them. They should not be able to deliver their mails, and waste as much of their resources as possible attempting to do so.
...
Now I'm building my own blacklist, based on the evidence I've seen myself, classified by my own spam detector configuration. The only politics involved in someone getting blacklisted are my own, I don't have to trust a third party to make fair decisions.
And I use this blacklist to redirect hosts to the tarpit, using pf and some cronjobs:
The biggest problem is that it requires some OpenBSD knowledge. It'd be great if we could get a nice idiot-proof install ISO for a drop-in box.
Everyone keeps ranting about how the "illinois Court" has no jurisdiction in this place or that place. That's wonderful except,as I understand it,the case was moved to higher court before there was a judgement. So now there is a default judgement in a FEDERAL COURT.....not an Illinois Court so STFU about what an Illinois court can and can't do...maybe RTFA or the other 10 million posts about the story here on/.
The "Illinois court" that most people are referring to is the one after it was transferred to federal court. It's a federal court in Illinois, not an Illinois state court. But the jurisdiction stuff applies to any US court (federal, state, or otherwise) when you're talking about a UK company. (Which is further complicated by Spamhaus' original appearance in the lower court implicitly agreeing to US jurisdiction.)
Ahhhh. Well that educates me a bit, so basically it's something like an RBL for phishing sites.
Yup, basically.
What about hacked sites? The last few phishes I found, they were actually legit sites that had been hacked (one was what appears to be a school in Brazil, which had it's hoarde email service hacked to impregnate it with a phishing sub-site).
There has been some confusion over this, especially due to the ties with OpenDNS. OpenDNS does plan to use PhishTank data to help keep people safe from phishing sites, but the two are completely independent of each other. Again, PhishTank only rates URLs. It can mark http://www.someschool.br/ as a good URL and http://www.someschool.br/vuln/www.paypal.com/ as a bad URL.
Obviously, DNS can only choose to block or allow resolving of www.someschool.br. Do you block the whole site because it has a page hacked by a phisher? The Yahoo and Google redirects to completely unrelated sites are a similar predicament (just as they have always been for spam URLs). These are issues that need to be addressed if you're going to block sites based on phishing reports, but they're completely outside the scope of PhishTank itself.
If the site would forward those PAYPAL phishes to PAYPAL, the BOA Phishes to BOA, as soon as they are recieved, and even allow and encourage these companies to be the final expert on the legitimacy of the email, that would be prefect. I don't have a problem with anything they are trying to do here,It just seems to me that it will tend to reduce the likelyhood of a report going to the targeted organization.
With the open API, each target could actually parse the submissions for attacks against it. When you submit a report, you actually pick what site it's trying to imitate. I don't know if the API currently supports it, but I'm sure it wouldn't be hard to set something up so PayPal got a copy of everything submitted as a PayPal phish. Even if you're not big enough to be listed as one of the options right now, I bet they'd be willing to add your company if you specifically requested it.
Imagine if every major phishing target instantly got reports from a huge worldwide network, which only had to submit any phishing attempt to one central location. That would be perfect (assuming they could handle the load and any potential attacks from phishers).
So how would it differentiate between these and the emails from the original site. While some of the bank ones are most likely just make up to look legit, the ebay and others are copied from modified messages.
It doesn't. PhishTank identifies phishing sites, not phishing emails. It differentiates between http://www.ebay.com/ and http://www.ebay.com.hackersite.com. That in turn can be used to determine if an email is a phishing email (if it contains a link to a phishing site), but PhishTank itself doesn't rate whether or not an email is a phish.
I can't remember the last time I used Windows Update. Automatic Updates does most of what I used WU for, even more easily. If I want other updates, Windiz Update is very similar, but works in non-IE browsers.
\\127.0.0.1\c$ is a network shared resource. It has nothing to do with the internet or a web browser. If you want to access it in a web browser, the proper way is file://///127.0.0.1/c$ (two slashes for the protocol, two more to indicate a network resource, and one more to indicate the root filesystem there - file:// +// +/).
That price is including a reasonable TFT. The box itself is a little under $350, less if you already have mouse, keyboard, speakers etc.
It also has PCI-Express when many of the cheapest Dell and HPs I've seen don't have any way to upgrade the graphics.
Last summer, my parents bought my brothers a SlickDeals Dell. P4 3.0GHz HT, 40GB, 128MB or 256MB (lowest option, bought cheaper memory elsewhere), integrated graphics. No AGP or PCIe, but for them, a PCI FX5200 was enough. $350 included the 17" LCD. Bought another 512MB for about $50, so figure a total of $400. Quite a few of the Dell deals do indeed have PCIe now. Considering that most of the PC is an integrated Intel mobo, there's not really much room for "substandard components" either.
And that includes tech support from Dell. That's not much, but it's better than none. It also includes a copy of XP Home (you may or may not care about that).
Google Talk currently does not encrypt chats or calls. But we are working hard to make many improvements to Google Talk while it is in beta, and we plan to fully support encryption of chats and calls before our official release.
Free Software and cross-platform > proprietary and Windows-only
Miranda (http://www.miranda-im.org/) is still free (GPL, $0), but I like the native Windows interface. Future versions may be cross-platform. Its plugin system is virtually limitless.
It also used the open TOC protocol (with fewer features) for AIM rather than the reverse-engineered OSCAR, which up until recently seemed to have fewer problems. Just recently AOL seems to have changed something, so some users are getting a TOC2 plugin working. The basic stuff is working, and the author is quickly adding more to it.
This is similar to an early security flaw in windows though I forget precisely which Windows versions it was, 95 and earlier I suspect. It was possible to write a program that would autorun from an inserted CD and copy the screen saver password file to a floppy from where it could be later cracked at leisure.
With Win9x, you can actually use autorun to disable the screensaver password in the registry (without removing the password), use a program to simulate mouse movement, then re-enable the password. You bypassed the password without having to crack anything or reset the password.
Set extensions.disabledObsolete to false in about:config.
I've gotten so used to my no-hassle way of doing it, I'm not sure if it works exactly the way you want without any special actions. With that set to false, I load in Safe Mode, get the warning about extensions being disabled, exit, and restart normally. Upon doing so, all my installed extensions (that don't have problems) work, without having to re-enable anything. This has become habit now so I'm not sure, but starting without Safe Mode may still disable them.
Same thing as Buelldozer. I've never had a problem with that.
Setting the default app does require registry writes. I saw someone having a problem like this, who didn't have write access to the registry.
The "don't ask" option is in the Thunderbird config. It sounds like either the whole "set as default" process is failing so the change doesn't get written to the config, or you have access issues with your profile's location as well.
This ruling is only about the trademark law involved with linking competitor products to a specific brand name. Like having ads for Acme Tissues triggered by kleenex.com, or ads for Bland Cola triggered at pepsi.com.
This ruling has absolutely nothing to do with the legality of adware in general, or with software being installed without the user's permission. Assuming WhenU was deliberately installed by the user, this ruling clarifies that it's acceptable for WhenU to show ads for other contact places, triggered by 1-800 Contacts's site.
Also, remember that not all adware is malicious and sneaky. Some people actually think highly of Opera. GetRight was one of the first adware programs I knew of. Broadcast TV and radio are "adware" even.
I know this will sound completely nuts to most of you, but even the "evil adware" programs aren't always unwanted. A friend was cleaning up a customer's PC for them. He told them that they had Gator on it, and he was going to remove it because of the bad stuff it did. "But how will I remember all my passwords?" Yes, someone actually used Gator on purpose. I can't say whether or not they specifically installed it, or if it came as a "value added bonus" with some other program. But for that user, it really did add value. Along these same lines, it's very possible that someone could actually want WhenU's software on their PC, letting them know of all the great deals they could be getting.
I finally got around to doing some housekeeping on the server...
Many things I have removed. For almost two years I had a mirror of Nullsoft WASTE on here, as well as a WASTE network running. That mirror is now gone. There are far better alternatives out there, and BitTorrent offers far greater scalability than WASTE, while maintaining some level of privacy.
Yes, it does. You'll have to switch from forwarding, where the envelope sender is preserved, to remailing, where the envelope sender is changed. But don't worry, we're working on providing SRS patches for the four major opensource MTAs, so that when you upgrade to an SPF-aware version, this problem will be solved also.
If your forwarding runs through a commercial service like pobox.com, you shouldn't have to do anything. They have to change with the times, and perform the above rewriting automatically for you. SRS is a structured standard that helps them adapt.
Until the SRS patches are ready, the following workarounds will preserve the important functionality.
There are two problems with the patcher, as far as I can tell. Unfortunately, the less important of the two seems to be the one that gets the most attention.
BitTorrent, like anything else, requires open/forwarded ports in a NAT router for incoming connections. Blizzard (and helpful users) will constantly tell you to open the ports on your router/firewall if you're getting crappy download rates. This in itself is a pain, because the patcher isn't configurable, so you can only setup forwarding for one PC at a time. I'm sure it's faster to download the patch once and copy it to other PCs, but it's still annoying if you choose to download the patch with a different machine this time. Anyway, BT will still work without forwarded ports. However, you can only connect to peers that do have the proper ports forwarded/opened (neither unforwarded peer can accept incoming connections from the other), which limits the number of peers you can actually use. In theory that will hurt your download speed, but in a huge swarm like a WoW patch has, there should be plenty of working peers for you to use.
The problem that I've run into, and it seems like a lot of people are actually having, is that there is no upload control. There was one time where I actually had to use the patcher. It saturated my upload, causing all downloads to come to a halt (including the patch itself). As soon as I used a third party program to throttle the patcher's upload rate by a few KB, my download speed jumped up to over 200KB/s. This is not a BT problem specifically, as I've killed my own downloads with FTP uploads (from my machine as well as other NATed machines). Downloads simply require a bit of upload to operate properly, and BT will saturate your upload to the point of choking your download. I believe this is the problem that most people see, when they post that they've got a good cable connection, a brand new machine, and all the recommended ports forwarded.
Personally, I extract the.torrent from the patcher, and use my already-configured BT client to download the patch. I got the 50MB incremental 1.5.0 patch in 3 minutes during peak downloading times. I then got the 175MB full patch in 15 minutes. I got both patches directly from the Blizzard swarm in half the wait time for one file at Gamespy.
BitTorrent works amazingly well when configured properly. Basically as many people can download as fast as their connection will allow, and there's no server to get overloaded. However, when improperly configured, BT sucks just about as bad as anything can. BT simply requires some configuration, and some of that can't be automated. Unfortunately, the Blizzard patcher seems to compound the problem by not allowing you enough options to properly configure it, even if you do understand what you need to do.
There is one big drawback, though. Users won't be able to install Service Pack 2, unless they integrate SP2 in the installation CD. And that's probably too much trouble for most users, who of course are better off buying a legal version anyway.
PlainOldFavorites will give you a "Favorites" menu in Firefox, which directly accesses your IE favorites. It's a bit slow, but it will provide identical-to-IE favorites inside Firefox, even if for nothing other than fixing the arrangement of the imported stuff.
HOSTS file was semi-useless before...
on
Google Web Accelerator
·
· Score: 2, Informative
A.pac file is better suited to blocking ads by denying connections in a web browser. It lets you block/allow by URL rather than just hostname (i.e. block http://server.com/ads/ but still allow http://server.com/goodstuff/ through). It's a lot like the Ad-Block extension for Firefox, but not tied specifically to one browser. It works in all modern browsers and many other internet programs (email clients, etc.). See http://www.schooner.com.nyud.net:8090/~loverso/no- ads/ for details. As with Ad-Block, a few regular expressions in a no-ads.pac file will block most ads as well, even with no site-specific filters.
A no-ads.pac file will be slower than a HOSTS file (it uses Javascript inside the browser to process it, rather than being handled by the networking subsystem of the OS). However, any remotely-modern PC should have no problem with the tiny amount of extra processing needed. John LoVerso has claimed that he used to run it on a (sub-200MHz?) P1 and didn't notice any slowdown on that.
I do use my HOSTS file to block servers that I absolutely don't want any connections made to (in my browser, email, IM, or anything else). However, I found the HOSTS file to work very poorly for blocking ads in web pages, compared to these other methods.
Slashdot Mirror
Obviously they didn't forward that message that all their friends sent them, so their accounts got flagged as inactive and deleted.
For the last year Waters and Support Intelligence CEO Rick Wesson called companies they found spamming, Waters says. But in big companies they had trouble connecting with people who had authority to clean up the networks. Waters thinks corporate upper management--CIO level and above--still don't appreciate the dangers of bots. "We'd talk to mid-level security people who understood botnets but had no buy-in from the CIO," he says. "Or the CEO had never heard about it."
So they decided after "much soul searching" to name offending companies. Their goal is to clean up the Internet, not embarrass people or make money, although Support Intelligence has gained some new business. But most companies are grateful to be told they have a problem, Waters says.
This public disclosure is a last ditch attempt to get someone to do something. They've tried to report the problem, but sometimes nothing will get done until someone with letters after their name sees the company's name in the headlines (where customers can see it and income is affected).
Are you in the same situation with your list?
This was posted here previously, but it's a great idea. Annoying spammers with pf and spamd
The biggest problem is that it requires some OpenBSD knowledge. It'd be great if we could get a nice idiot-proof install ISO for a drop-in box.
The "Illinois court" that most people are referring to is the one after it was transferred to federal court. It's a federal court in Illinois, not an Illinois state court. But the jurisdiction stuff applies to any US court (federal, state, or otherwise) when you're talking about a UK company. (Which is further complicated by Spamhaus' original appearance in the lower court implicitly agreeing to US jurisdiction.)
Yup, basically.
There has been some confusion over this, especially due to the ties with OpenDNS. OpenDNS does plan to use PhishTank data to help keep people safe from phishing sites, but the two are completely independent of each other. Again, PhishTank only rates URLs. It can mark http://www.someschool.br/ as a good URL and http://www.someschool.br/vuln/www.paypal.com/ as a bad URL.
Obviously, DNS can only choose to block or allow resolving of www.someschool.br. Do you block the whole site because it has a page hacked by a phisher? The Yahoo and Google redirects to completely unrelated sites are a similar predicament (just as they have always been for spam URLs). These are issues that need to be addressed if you're going to block sites based on phishing reports, but they're completely outside the scope of PhishTank itself.
With the open API, each target could actually parse the submissions for attacks against it. When you submit a report, you actually pick what site it's trying to imitate. I don't know if the API currently supports it, but I'm sure it wouldn't be hard to set something up so PayPal got a copy of everything submitted as a PayPal phish. Even if you're not big enough to be listed as one of the options right now, I bet they'd be willing to add your company if you specifically requested it.
Imagine if every major phishing target instantly got reports from a huge worldwide network, which only had to submit any phishing attempt to one central location. That would be perfect (assuming they could handle the load and any potential attacks from phishers).
It doesn't. PhishTank identifies phishing sites, not phishing emails. It differentiates between http://www.ebay.com/ and http://www.ebay.com.hackersite.com. That in turn can be used to determine if an email is a phishing email (if it contains a link to a phishing site), but PhishTank itself doesn't rate whether or not an email is a phish.
I can't remember the last time I used Windows Update. Automatic Updates does most of what I used WU for, even more easily. If I want other updates, Windiz Update is very similar, but works in non-IE browsers.
\\127.0.0.1\c$ is a network shared resource. It has nothing to do with the internet or a web browser. If you want to access it in a web browser, the proper way is file://///127.0.0.1/c$ (two slashes for the protocol, two more to indicate a network resource, and one more to indicate the root filesystem there - file:// + // + /).
Last summer, my parents bought my brothers a SlickDeals Dell. P4 3.0GHz HT, 40GB, 128MB or 256MB (lowest option, bought cheaper memory elsewhere), integrated graphics. No AGP or PCIe, but for them, a PCI FX5200 was enough. $350 included the 17" LCD. Bought another 512MB for about $50, so figure a total of $400. Quite a few of the Dell deals do indeed have PCIe now. Considering that most of the PC is an integrated Intel mobo, there's not really much room for "substandard components" either.
And that includes tech support from Dell. That's not much, but it's better than none. It also includes a copy of XP Home (you may or may not care about that).
Miranda (http://www.miranda-im.org/) is still free (GPL, $0), but I like the native Windows interface. Future versions may be cross-platform. Its plugin system is virtually limitless.
It also used the open TOC protocol (with fewer features) for AIM rather than the reverse-engineered OSCAR, which up until recently seemed to have fewer problems. Just recently AOL seems to have changed something, so some users are getting a TOC2 plugin working. The basic stuff is working, and the author is quickly adding more to it.
With Win9x, you can actually use autorun to disable the screensaver password in the registry (without removing the password), use a program to simulate mouse movement, then re-enable the password. You bypassed the password without having to crack anything or reset the password.
Set extensions.disabledObsolete to false in about:config.
I've gotten so used to my no-hassle way of doing it, I'm not sure if it works exactly the way you want without any special actions. With that set to false, I load in Safe Mode, get the warning about extensions being disabled, exit, and restart normally. Upon doing so, all my installed extensions (that don't have problems) work, without having to re-enable anything. This has become habit now so I'm not sure, but starting without Safe Mode may still disable them.
I can easily access Safe Mode (earlier versions didn't seem to provide much in the way of shortcuts) via my fancy desktop icon. http://pctech.invisibill.net.nyud.net:8090/mozext/ icons/ has details.
Same thing as Buelldozer. I've never had a problem with that.
Setting the default app does require registry writes. I saw someone having a problem like this, who didn't have write access to the registry.
The "don't ask" option is in the Thunderbird config. It sounds like either the whole "set as default" process is failing so the change doesn't get written to the config, or you have access issues with your profile's location as well.
This ruling is only about the trademark law involved with linking competitor products to a specific brand name. Like having ads for Acme Tissues triggered by kleenex.com, or ads for Bland Cola triggered at pepsi.com.
This ruling has absolutely nothing to do with the legality of adware in general, or with software being installed without the user's permission. Assuming WhenU was deliberately installed by the user, this ruling clarifies that it's acceptable for WhenU to show ads for other contact places, triggered by 1-800 Contacts's site.
Also, remember that not all adware is malicious and sneaky. Some people actually think highly of Opera. GetRight was one of the first adware programs I knew of. Broadcast TV and radio are "adware" even.
I know this will sound completely nuts to most of you, but even the "evil adware" programs aren't always unwanted. A friend was cleaning up a customer's PC for them. He told them that they had Gator on it, and he was going to remove it because of the bad stuff it did. "But how will I remember all my passwords?" Yes, someone actually used Gator on purpose. I can't say whether or not they specifically installed it, or if it came as a "value added bonus" with some other program. But for that user, it really did add value. Along these same lines, it's very possible that someone could actually want WhenU's software on their PC, letting them know of all the great deals they could be getting.
There are two problems with the patcher, as far as I can tell. Unfortunately, the less important of the two seems to be the one that gets the most attention.
BitTorrent, like anything else, requires open/forwarded ports in a NAT router for incoming connections. Blizzard (and helpful users) will constantly tell you to open the ports on your router/firewall if you're getting crappy download rates. This in itself is a pain, because the patcher isn't configurable, so you can only setup forwarding for one PC at a time. I'm sure it's faster to download the patch once and copy it to other PCs, but it's still annoying if you choose to download the patch with a different machine this time. Anyway, BT will still work without forwarded ports. However, you can only connect to peers that do have the proper ports forwarded/opened (neither unforwarded peer can accept incoming connections from the other), which limits the number of peers you can actually use. In theory that will hurt your download speed, but in a huge swarm like a WoW patch has, there should be plenty of working peers for you to use.
The problem that I've run into, and it seems like a lot of people are actually having, is that there is no upload control. There was one time where I actually had to use the patcher. It saturated my upload, causing all downloads to come to a halt (including the patch itself). As soon as I used a third party program to throttle the patcher's upload rate by a few KB, my download speed jumped up to over 200KB/s. This is not a BT problem specifically, as I've killed my own downloads with FTP uploads (from my machine as well as other NATed machines). Downloads simply require a bit of upload to operate properly, and BT will saturate your upload to the point of choking your download. I believe this is the problem that most people see, when they post that they've got a good cable connection, a brand new machine, and all the recommended ports forwarded.
Personally, I extract the .torrent from the patcher, and use my already-configured BT client to download the patch. I got the 50MB incremental 1.5.0 patch in 3 minutes during peak downloading times. I then got the 175MB full patch in 15 minutes. I got both patches directly from the Blizzard swarm in half the wait time for one file at Gamespy.
BitTorrent works amazingly well when configured properly. Basically as many people can download as fast as their connection will allow, and there's no server to get overloaded. However, when improperly configured, BT sucks just about as bad as anything can. BT simply requires some configuration, and some of that can't be automated. Unfortunately, the Blizzard patcher seems to compound the problem by not allowing you enough options to properly configure it, even if you do understand what you need to do.
Yeah, that's way harder than using regedit to modify install files and copying the boot sector of the install CD to a new one...
Sincerely,
Your friendly neighborhood slipstreaming advocate
... according to the eWeek article from the 13th. They also say it goes back as far as NT4, but 2k3 isn't mentioned at all.
PlainOldFavorites will give you a "Favorites" menu in Firefox, which directly accesses your IE favorites. It's a bit slow, but it will provide identical-to-IE favorites inside Firefox, even if for nothing other than fixing the arrangement of the imported stuff.
A .pac file is better suited to blocking ads by denying connections in a web browser. It lets you block/allow by URL rather than just hostname (i.e. block http://server.com/ads/ but still allow http://server.com/goodstuff/ through). It's a lot like the Ad-Block extension for Firefox, but not tied specifically to one browser. It works in all modern browsers and many other internet programs (email clients, etc.). See http://www.schooner.com.nyud.net:8090/~loverso/no- ads/ for details. As with Ad-Block, a few regular expressions in a no-ads.pac file will block most ads as well, even with no site-specific filters.
A no-ads.pac file will be slower than a HOSTS file (it uses Javascript inside the browser to process it, rather than being handled by the networking subsystem of the OS). However, any remotely-modern PC should have no problem with the tiny amount of extra processing needed. John LoVerso has claimed that he used to run it on a (sub-200MHz?) P1 and didn't notice any slowdown on that.
I do use my HOSTS file to block servers that I absolutely don't want any connections made to (in my browser, email, IM, or anything else). However, I found the HOSTS file to work very poorly for blocking ads in web pages, compared to these other methods.