The AHBL is very open to working with providers to solve their problems. On a daily basis, I can be working with several ISPs to figure out how to better tune our listings, or help them track down a spamming customer.
We only resort to this wide range listings when we're run out of options. In the case of TDE, we just do not have any more patience.
We gave them time. We sent them abuse reports. We even asked them to provide us with accurate information on their netblocks so we can tune our listings down to only their dynamic customers.
However, they ignored our requests.
The AHBL has very strict policies on what we will and will not do.
We are taking a strong stance on 419 and phishers right now - just take a look at our ongoing fight with megamailservers.com - we caught them in a lie with their phishing customers, and we are holding them responsible.
If we are having an effect or not, it doesn't really matter to me. All I do know is that we are taking a stance and asking others to support us.
The hope being that with enough people working with us, we will be able to force providers to do something about their problems.
The AHBL is the redesign of the older blackholes.2mbit.com DNSbl from years ago. We've just changed its main focus on abuse in general - which includes e-mail, DoS attacks, etc.
We are apparently in wide enough use that we deal with TDE customers on a daily basis that are complaining that they are blocked.
Its not our primary focus to be the biggest.
Our primary focus is to protect our systems, and the systems we manage, from spam and abuse. We make our data available to anyone and everyone, because we know that our data will improve on the feedback of our users.
So far, we have had zero complaints from our users as to our blocking methods, even if they are extreme at times.
RedHat does this at times to keep system compatibility, and to ensure consistancy. What you'll notice is that they don't just backpatch everything.
They backport fixes and important updates, and rarely extras and features unless it is required for some reason.
This keeps the packages consistant, and helps stop breakage when you need a system that is solid and stable.
OpenSSL is a good example of breakage when you change versions around, instead of backporting fixes.
Fedora has 2-3 different OpenSSL packages available, to support all the major differences between library interfaces and versions.
If your security tester is complaining that packages are vulnerable, then the tester is broken. It should be using other methods to test for vulnerabilities.
Just because something is a newer version, doesn't mean its fixed.
Version 1.1 has a serious security bug. Version 1.2 comes out and fixes bug. Version 1.3 comes out to fix another bug (non security related), but rebreaks version 1.2's bugfixes. Etc etc etc.
Your tester would falsely report that 1.3 is more secure then 1.2.
Heres my take on this, pulled from a recent post to NANOG:
Lovely. So not only do we now have to fend off attacks from script kiddies and packet monkies, we now have to fend off attacks from idiot sysadmins who set this tool up and allow it to go all out on supposed 'attacks' against their systems.
I'll share my favorite goober with firewall story. When I was a sysadmin/netadmin at a large ISP, I used to get these 'attack' reports from clueless users all the time. I could identify which tool they used just by how the body of the message looked and how the 'attack' was described. Got ones saying that my performance testing server (which sometimes did ping scans across the dialups to see what the general response time was) was 'attacking' the user's machine with a single ICMP echo. Or how our IRC server was trying to attack the user on the ident port every time they tried to connect.
Of course, the best one was when a supposed 'security expert' called up and complained how my two caching DNS servers for the T1 customers was attacking his entire network on port 53 UDP. He had naturally filtered the 'attack' because it was obvious that our Linux DNS servers were infected with one of the latest Windows viruses going around, and suddenly noone on his network could browse the web anymore.
So, let me ask the question, do we really want people like that having a tool which autoresponds to attacks with attacks? At least when he filtered out our DNS traffic, it only affected his network... But imagine if he had launched an attack against my DNS servers in response? Yeah, thats a great idea.
Of course, now that the AHBL does its own proxy testing, we get all sorts of fun reports from end users about our 'attacks' against their machines. Latest one demanded I tell her why we had scanned her, but wouldn't tell me her IP address or when the scan happened exactly, claiming that I had done the scan, so I should know what IP she is. Too bad I test over 100,000 IP addresses daily for open proxies....
Lets not even get into the legal consequences for a tool like this, especially if it backfires and launches an attack against the NIPC, for example.
Actually, its called a hardware failure. Around 11pm EST Sat. night, the machine stopped responding, and when we tried to kick it over, it refused to boot.
Its back now on a new system, but there was no DoS attack or anything of that nature - but rather a crappy WD hard drive that decided to roll over and die.
This may be the thing Linux needs in order to make inroads on the desktop.
Dreamweaver MX is, IMHO, one of the best web design apps out there. It running on Linux with all of the other Studio MX apps, would be a powerful solution.
Foonet was the blackest of the black hat networks in existance. They hosted spammers, carders (credit card theives), DDoS drones, floodnets, and various other illegal activities and blindly turned the opposite way and let it happen.
Foonet was based out of the basement of the owners' house. There was no actual 'data center'. They had a T3 and a few T1s - nowhere near the OC-X level they were claiming.
They got tossed off of GBLX about a week before they were raided, and were humping the light at Qwest right before they got pulled.
I knew about this right after it happened.
Foonet will not be coming back, so get over it kiddies. Your DDoS drones are gone. Spammers, your mail servers are gone. Go run and hide under another rock.
A little hint for all of you who can't figure it out - the FBI doesn't usually seize all equipment if its something small. If they took all of the equipment, there is a good reason why they did (not that foonet was acting 'too slow').
I have a list of stuff about foonet on the AHBL page here.
Why not just use k-meleon and be done with it? Its fast if not the fastest browser on Windows. Based on Gecko, its got all of the stuff that mozilla does, but none of the heavy GUI (K-meleon is pure MFC).
But why they were even looking to see how KISS's stuff worked is a bit curious.
Because, when you develop open source software, and suddenly some closed source company suddenly 'develops' software for their set top boxes that has very similar features to your open source software, you should check using simple tools (like strings) to see if anything matches. Its not hard to look for certain strings, and you certainly not violating any laws by doing it.
You aren't reverse engineering the software.
Open Source developers have every right to protect their projects.
What, you don't think Microsoft, and every other closed source software developer does this to products which are very similar to theirs?
How else are you supposed to discover when someone steals your work?
2004.01.10, Saturday:: Radio interview: Kiss VS MPlayer posted by Gabucino
The Danish National Radio (http://dr.dk) has made an interview with me (as MPlayer representative), and Kiss Technology's managing director Peter Wilmar Christensen.
It is going to be broadcasted tonight at 20:35, but it is also downloadable from the Internet right now:
We have made a rough english translation of the session (thanks to Anders Rune Jensen). Our commentaries can be found at the bottom.
Speaker: The development of MPlayer was started by a little group of Hungarian programmers 3 years ago.
Speaker: We needed a program that could play media files under Linux and were so unsatisfied with the existing choices that we started making a better alternative - said Gabucino, the spokesperson for the MPlayer programmers.
Speaker: MPlayer has reached a wide recognition in the Open Source community. Gabucino emphasizes the program's stability and ability to play many different movie formats as some of the obvious advantages.
Speaker: The trouble with Kiss technology started recently when one of the MPlayer developers was shopping for a new DVD player and went for a product by the Danish company. For fun the programmer started looking at the software in the Danish DVD player, the so called firmware, and compared it with MPlayer's own code. There were enough similarities to take a closer look at the case and make the MPlayer team angry - Gabucino said.
Speaker: The specific part of the code in which the similarities are found is the one controlling the subtitles when playing movies. The reality is that the code doesn't contain anything really brilliant. On the contrary, it's very simple. So Gabucino is puzzled why anyone would even bother using the code instead of writing it themselves. He suggests that it could be laziness on the programmer's side.
Speaker: I think it's actually a very normal thing that programmers borrow Open Source code because they are too lazy to write it themselves. There have been some cases prior to this which have caused quite a lot of trouble. I think there are hundreds of examples like this that we just don't hear about - Gabucino said.
Speaker: The MPlayer team has published the accusation of the code theft on their website and has tried to document it by listing the strings in the code which are identical in the two pieces of software. According to Gabucino, there are so many similarities that it's unthinkable that this might be a coincidence.
Speaker: Normally this type of code is different depending on who implemented it, so, when there are so many identical strings, it's obvious that we're dealing with theft, the Hungarians believe.
Speaker: GPL or General Public License which MPlayer is licensed under is a very widely used Open Source license, which gives the users certain rights and certain duties. Long story short, it is okay to take the code from MPlayer and develop it further, as long as the result is given back to the community. In this specific example Gabucino and the other Hungarians therefore demand that Kiss Technology should release the software used in its DVD players. And makes it clear that it is not a matter of getting some money from the Danish company, but a matter of fulfilling the requirements of the GPL and releasing the software.
Speaker: Kiss Technology at first didn't react to the Hungarians' inquiry, but after the story began to get large publicity in the different net-medias and forums the company began to investigate the case this week. There are two main questions: whether code from MPlayer really is inside the Kiss software and how the licenses of Open Source software should be interpreted and applied. Apart from being accused of taki
Yeah sure, "Internet device known as an Internet Protocol Address Verifier"
How much you want to bet this super dooper secret tool just creates an HTML message with an inline 1x1 gif/png/jpg image hidden in the body that makes a call to a webserver somewhere to download it.
This is what the spammers do to verify that people read their messages, and this is what I know some mailing list managers do in order to see if their postings actually get read.
Obviously doesn't help if you don't use something like Outlook or OE, but would work on most of the people out there.
Sender callback does this type of thing. EXIM has it, and postfix has it as well. Basically, when someone connects, it checks the From: by making an outgoing connection to the domain's MX servers and doing a RCPT TO:. If it gets back non-existant user, it rejects the connection. Otherwise, it lets the mail through.
Of course, this has its own problems if the MX servers blindly accept any message, then reject after.
Masking your web server does not increase security even in the slightest.
Its like throwing a tarp over a server and saying "Now people won't know theres a PC under there!"
I mean, come on.
This just shows that people are embarassed to be running IIS. How many people/companies out there have a problem saying they use Apache (besides Microsoft of course)?
I dont see millions of Apache users running around changing their ID strings to IIS, or something random.
Just because you change a string to say something else doesn't mean it enhances security. Just because you hide certain things doesn't mean it enhances security. Just because you change the order of things doesn't mean it enhances security.
This is exactly what Microsoft likes to do.
Rather then fix problems, lets bury them somewhere else where those evil hackers can't find them!
I'm not even sure you are a legit person from Port80, but I'll look past that for now.
Why do you make products that claim to enhance the security of IIS when in reality, it does absolutely *nothing* - zilch, zero, nada - to make IIS any more secure?
Have you ever heard of nmap? Even with all of your 'cloaking' software, it doesn't matter, as I can still tell that you run shoddy Microsoft Windows.
Or lets talk about the ODBC errors your site throws up at times. That sorta gives it away that you run IIS.
You need to change your webstie for servermask to add a disclaimer that your software really doesn't provide any sort of real protection from hackers/crackers. It also needs to state that it offers no protection what-so-ever against viruses/trojans/worms.
A script kiddie or cracker with the smallest clue would know not to trust what the server tells you its running. All your software does is make it even more painfully obvious that you are trying to cloak it.
Viruses/trojans/worms don't even care what a server is running. They just blindly scan.
Whats going to happen when someone buys your product, then gets hacked, and goes after you legally for selling them a dud product?
"Oh, sorry about that. We thought it would work, but those evil hackers are just too smart! You are on your own!"
So lets see, they want to sell us a product which supposedly increases the security of IIS boxes, without even actually increasing the security in the process, but rather mangling the headers to look like Apache, in the hope someone will skip over it.
Since when do the web server scanning viruses actually check the headers to see what type of server it is?
I would think that someone who was scanning for vulnerable web servers would notice "This is a server" or "Yes we are using ServerMask" quickly and realize that someone is playing a game of hide the IIS server. Thats one hell of a big fucking redflag.
None of their products actually offer any *real* security from what I see. They just hide the errors and obvious from normal people. It won't stop someone from nmaping the IIS box and see that its running Windows NT/2k/2k3. It won't stop those lovely Windows based viruses that scan for exploitable webservers.
Lets not forget what happens when SQL/ODBC errors pop up and completely give away that your an IIS slave. Its so freakin easy to cause a server's script to throw back errors for analysis.
If anything, they are saying that, "Yeah, IIS sucks, look how we can make IIS pretend to be like the much more secure and powerful Apache web server."
Why not just run Apache in the first place? You don't have to pay money to a third party just to change basic configurations, and you get the most secure web server in existance.
To all concerned, I apologize for the apparent maligning of SpamAssassin in my recent article in InfoWorld. In my original article, I stated that I used the 2.44 release of SpamAssassin for two reasons - because it was the version shipping with the latest release of Red Hat 9 and because it would illustrate how much the state of the art has changed in the last year or two. This explanation was condensed in the finished article by copy editors, which is beyond my control. This will be covered in the letters to the editor section of InfoWorld so the rest of the world will know that I did not deliberately use an old version of SA to show it in a bad light against commercial products. I plan to review the current version in an upcoming article, and I am sure that it will perform better.
Regarding some of the other comments that have been made in the many emails I've received defending SpamAssassin, some of you have said that SA is not hard to install, taking no more than an hour or two to download, install, configure and begin using. That is consistent with the 10 times longer number I used, because the other installation and configuration times were all around 5-10 minutes. You have said that an experienced Linux administrator doesn't find SA difficult to install or configure, and that additional functionality such as user-accessible white lists can be added, either through additional open source software or by writing scripts or programming to extend the functionality of SA. That's true, but not really relevant, unless there is a distribution that contains all of those features.
You have also said that I should have taken into account the fact that it doesn't cost anything before making statements about it being harder to install, configure and manage than the commercial products. SA does cost - but in an administrator's time rather than money, which I did say in the article.
The same is true of support - while you may get faster or better support through this group than you get with commercial software, there's no guarantee that you'll get any support at all - and most organizations will find that hard to live with.
So, when I review the latest version of SA, you can expect performance to be better, but I will still look closely at installation, administration, updates, maintenance, reporting, granularity of management, and end-user features for SA, just as I will for any other anti-spam packages I review.
Again, my apologies for creating a story that distressed so many of you. I do try to create balanced reviews that reflect the pros and cons of all the products reviewed.
Thanks,
Logan G. Harbaugh 530 222-1164 693 Reddington Drive Redding, CA 96003 www.lharba.com
I donno about anyone else, but twice now the SOSDG's main web server has been Slashdotted, and it didn't even cough. Its on a 1.5/256 DSL line. Maybe it could be because we don't load our pages down with tons of crap, and don't depend on SQL databases to do our main content.
*shrug*
Or it could be that we just know how to run our server really well:)
What about Fedora? Isn't it based on the work RedHat has already done in making Linux suitable for the Corp world?
Somehow, I just can't take Debian seriously. I've watched Debian people put down RedHat users, and act like brats. They just aren't *mature* enough to handle being taken seriously by the Corp. world.
As far as I can tell, Fedora is doing everything this guy wants to do.
Slashdot Mirror
The AHBL is very open to working with providers to solve their problems. On a daily basis, I can be working with several ISPs to figure out how to better tune our listings, or help them track down a spamming customer.
We only resort to this wide range listings when we're run out of options. In the case of TDE, we just do not have any more patience.
We gave them time. We sent them abuse reports. We even asked them to provide us with accurate information on their netblocks so we can tune our listings down to only their dynamic customers.
However, they ignored our requests.
The AHBL has very strict policies on what we will and will not do.
We are taking a strong stance on 419 and phishers right now - just take a look at our ongoing fight with megamailservers.com - we caught them in a lie with their phishing customers, and we are holding them responsible.
If we are having an effect or not, it doesn't really matter to me. All I do know is that we are taking a stance and asking others to support us.
The hope being that with enough people working with us, we will be able to force providers to do something about their problems.
Feel free to flame me all you want.
The AHBL is the redesign of the older blackholes.2mbit.com DNSbl from years ago. We've just changed its main focus on abuse in general - which includes e-mail, DoS attacks, etc.
We are apparently in wide enough use that we deal with TDE customers on a daily basis that are complaining that they are blocked.
Its not our primary focus to be the biggest.
Our primary focus is to protect our systems, and the systems we manage, from spam and abuse. We make our data available to anyone and everyone, because we know that our data will improve on the feedback of our users.
So far, we have had zero complaints from our users as to our blocking methods, even if they are extreme at times.
RedHat does this at times to keep system compatibility, and to ensure consistancy. What you'll notice is that they don't just backpatch everything.
They backport fixes and important updates, and rarely extras and features unless it is required for some reason.
This keeps the packages consistant, and helps stop breakage when you need a system that is solid and stable.
OpenSSL is a good example of breakage when you change versions around, instead of backporting fixes.
Fedora has 2-3 different OpenSSL packages available, to support all the major differences between library interfaces and versions.
If your security tester is complaining that packages are vulnerable, then the tester is broken. It should be using other methods to test for vulnerabilities.
Just because something is a newer version, doesn't mean its fixed.
Version 1.1 has a serious security bug. Version 1.2 comes out and fixes bug. Version 1.3 comes out to fix another bug (non security related), but rebreaks version 1.2's bugfixes. Etc etc etc.
Your tester would falsely report that 1.3 is more secure then 1.2.
Heres my take on this, pulled from a recent post to NANOG:
Lovely. So not only do we now have to fend off attacks from script kiddies
and packet monkies, we now have to fend off attacks from idiot sysadmins who
set this tool up and allow it to go all out on supposed 'attacks' against
their systems.
I'll share my favorite goober with firewall story. When I was a
sysadmin/netadmin at a large ISP, I used to get these 'attack' reports from
clueless users all the time. I could identify which tool they used just by
how the body of the message looked and how the 'attack' was described. Got
ones saying that my performance testing server (which sometimes did ping scans
across the dialups to see what the general response time was) was 'attacking'
the user's machine with a single ICMP echo. Or how our IRC server was trying
to attack the user on the ident port every time they tried to connect.
Of course, the best one was when a supposed 'security expert' called up and
complained how my two caching DNS servers for the T1 customers was attacking
his entire network on port 53 UDP. He had naturally filtered the 'attack'
because it was obvious that our Linux DNS servers were infected with one of
the latest Windows viruses going around, and suddenly noone on his network
could browse the web anymore.
So, let me ask the question, do we really want people like that having a tool
which autoresponds to attacks with attacks? At least when he filtered out our
DNS traffic, it only affected his network... But imagine if he had launched
an attack against my DNS servers in response? Yeah, thats a great idea.
Of course, now that the AHBL does its own proxy testing, we get all sorts of
fun reports from end users about our 'attacks' against their machines. Latest
one demanded I tell her why we had scanned her, but wouldn't tell me her IP
address or when the scan happened exactly, claiming that I had done the scan,
so I should know what IP she is. Too bad I test over 100,000 IP addresses
daily for open proxies....
Lets not even get into the legal consequences for a tool like this, especially
if it backfires and launches an attack against the NIPC, for example.
Actually, its called a hardware failure. Around 11pm EST Sat. night, the machine stopped responding, and when we tried to kick it over, it refused to boot.
Its back now on a new system, but there was no DoS attack or anything of that nature - but rather a crappy WD hard drive that decided to roll over and die.
This may be the thing Linux needs in order to make inroads on the desktop.
Dreamweaver MX is, IMHO, one of the best web design apps out there. It running on Linux with all of the other Studio MX apps, would be a powerful solution.
I've setup a mailing list for discussion of the SiteFinder issue. Its unmoderated, and open discussion.
d er-discuss
http://wwwapps.2mbit.com/mailman/listinfo/sitefin
Alright, who gave Microsoft the SCO koolaid?
Let me fill you in on Foonet.
Foonet was the blackest of the black hat networks in existance. They hosted spammers, carders (credit card theives), DDoS drones, floodnets, and various other illegal activities and blindly turned the opposite way and let it happen.
Foonet was based out of the basement of the owners' house. There was no actual 'data center'. They had a T3 and a few T1s - nowhere near the OC-X level they were claiming.
They got tossed off of GBLX about a week before they were raided, and were humping the light at Qwest right before they got pulled.
I knew about this right after it happened.
Foonet will not be coming back, so get over it kiddies. Your DDoS drones are gone. Spammers, your mail servers are gone. Go run and hide under another rock.
A little hint for all of you who can't figure it out - the FBI doesn't usually seize all equipment if its something small. If they took all of the equipment, there is a good reason why they did (not that foonet was acting 'too slow').
I have a list of stuff about foonet on the AHBL page here.
Been there, done that. If I remember from a few years ago, you could load a file into wordpad that would make it barf.
Why not just use k-meleon and be done with it? Its fast if not the fastest browser on Windows. Based on Gecko, its got all of the stuff that mozilla does, but none of the heavy GUI (K-meleon is pure MFC).
http://kmeleon.sourceforge.net
Mine tastes like burning!
But why they were even looking to see how KISS's stuff worked is a bit curious.
Because, when you develop open source software, and suddenly some closed source company suddenly 'develops' software for their set top boxes that has very similar features to your open source software, you should check using simple tools (like strings) to see if anything matches. Its not hard to look for certain strings, and you certainly not violating any laws by doing it.
You aren't reverse engineering the software.
Open Source developers have every right to protect their projects.
What, you don't think Microsoft, and every other closed source software developer does this to products which are very similar to theirs?
How else are you supposed to discover when someone steals your work?
2004.01.10, Saturday :: Radio interview: Kiss VS MPlayer
posted by Gabucino
The Danish National Radio (http://dr.dk) has made an interview with me (as MPlayer representative), and Kiss Technology's managing director Peter Wilmar Christensen.
It is going to be broadcasted tonight at 20:35, but it is also downloadable from the Internet right now:
* streaming
* downloadable file
A written article is also available, in Danish.
We have made a rough english translation of the session (thanks to Anders Rune Jensen). Our commentaries can be found at the bottom.
Speaker: The development of MPlayer was started by a little group of Hungarian programmers 3 years ago.
Speaker: We needed a program that could play media files under Linux and were so unsatisfied with the existing choices that we started making a better alternative - said Gabucino, the spokesperson for the MPlayer programmers.
Speaker: MPlayer has reached a wide recognition in the Open Source community. Gabucino emphasizes the program's stability and ability to play many different movie formats as some of the obvious advantages.
Speaker: The trouble with Kiss technology started recently when one of the MPlayer developers was shopping for a new DVD player and went for a product by the Danish company. For fun the programmer started looking at the software in the Danish DVD player, the so called firmware, and compared it with MPlayer's own code. There were enough similarities to take a closer look at the case and make the MPlayer team angry - Gabucino said.
Speaker: The specific part of the code in which the similarities are found is the one controlling the subtitles when playing movies. The reality is that the code doesn't contain anything really brilliant. On the contrary, it's very simple. So Gabucino is puzzled why anyone would even bother using the code instead of writing it themselves. He suggests that it could be laziness on the programmer's side.
Speaker: I think it's actually a very normal thing that programmers borrow Open Source code because they are too lazy to write it themselves. There have been some cases prior to this which have caused quite a lot of trouble. I think there are hundreds of examples like this that we just don't hear about - Gabucino said.
Speaker: The MPlayer team has published the accusation of the code theft on their website and has tried to document it by listing the strings in the code which are identical in the two pieces of software. According to Gabucino, there are so many similarities that it's unthinkable that this might be a coincidence.
Speaker: Normally this type of code is different depending on who implemented it, so, when there are so many identical strings, it's obvious that we're dealing with theft, the Hungarians believe.
Speaker: GPL or General Public License which MPlayer is licensed under is a very widely used Open Source license, which gives the users certain rights and certain duties. Long story short, it is okay to take the code from MPlayer and develop it further, as long as the result is given back to the community. In this specific example Gabucino and the other Hungarians therefore demand that Kiss Technology should release the software used in its DVD players. And makes it clear that it is not a matter of getting some money from the Danish company, but a matter of fulfilling the requirements of the GPL and releasing the software.
Speaker: Kiss Technology at first didn't react to the Hungarians' inquiry, but after the story began to get large publicity in the different net-medias and forums the company began to investigate the case this week. There are two main questions: whether code from MPlayer really is inside the Kiss software and how the licenses of Open Source software should be interpreted and applied. Apart from being accused of taki
Yeah sure, "Internet device known as an Internet Protocol Address Verifier"
How much you want to bet this super dooper secret tool just creates an HTML message with an inline 1x1 gif/png/jpg image hidden in the body that makes a call to a webserver somewhere to download it.
This is what the spammers do to verify that people read their messages, and this is what I know some mailing list managers do in order to see if their postings actually get read.
Obviously doesn't help if you don't use something like Outlook or OE, but would work on most of the people out there.
Sender callback does this type of thing. EXIM has it, and postfix has it as well. Basically, when someone connects, it checks the From: by making an outgoing connection to the domain's MX servers and doing a RCPT TO:. If it gets back non-existant user, it rejects the connection. Otherwise, it lets the mail through.
Of course, this has its own problems if the MX servers blindly accept any message, then reject after.
That is, until you get infected with a virus/trojan/the latest script kiddie exploit.
If you want a pretty GUI to make changes to the system, get webmin.
Propigating changes in Linux is simple. You edit the config file, send the process HUP or restart it using the initscripts.
"Mask Your Web Server for Enhanced Security"
Thats what I have a problem with.
Masking your web server does not increase security even in the slightest.
Its like throwing a tarp over a server and saying "Now people won't know theres a PC under there!"
I mean, come on.
This just shows that people are embarassed to be running IIS. How many people/companies out there have a problem saying they use Apache (besides Microsoft of course)?
I dont see millions of Apache users running around changing their ID strings to IIS, or something random.
Just because you change a string to say something else doesn't mean it enhances security. Just because you hide certain things doesn't mean it enhances security. Just because you change the order of things doesn't mean it enhances security.
This is exactly what Microsoft likes to do.
Rather then fix problems, lets bury them somewhere else where those evil hackers can't find them!
I'm not even sure you are a legit person from Port80, but I'll look past that for now.
Why do you make products that claim to enhance the security of IIS when in reality, it does absolutely *nothing* - zilch, zero, nada - to make IIS any more secure?
Have you ever heard of nmap? Even with all of your 'cloaking' software, it doesn't matter, as I can still tell that you run shoddy Microsoft Windows.
Or lets talk about the ODBC errors your site throws up at times. That sorta gives it away that you run IIS.
You need to change your webstie for servermask to add a disclaimer that your software really doesn't provide any sort of real protection from hackers/crackers. It also needs to state that it offers no protection what-so-ever against viruses/trojans/worms.
A script kiddie or cracker with the smallest clue would know not to trust what the server tells you its running. All your software does is make it even more painfully obvious that you are trying to cloak it.
Viruses/trojans/worms don't even care what a server is running. They just blindly scan.
Whats going to happen when someone buys your product, then gets hacked, and goes after you legally for selling them a dud product?
"Oh, sorry about that. We thought it would work, but those evil hackers are just too smart! You are on your own!"
So lets see, they want to sell us a product which supposedly increases the security of IIS boxes, without even actually increasing the security in the process, but rather mangling the headers to look like Apache, in the hope someone will skip over it.
Since when do the web server scanning viruses actually check the headers to see what type of server it is?
I would think that someone who was scanning for vulnerable web servers would notice "This is a server" or "Yes we are using ServerMask" quickly and realize that someone is playing a game of hide the IIS server. Thats one hell of a big fucking redflag.
None of their products actually offer any *real* security from what I see. They just hide the errors and obvious from normal people. It won't stop someone from nmaping the IIS box and see that its running Windows NT/2k/2k3. It won't stop those lovely Windows based viruses that scan for exploitable webservers.
Lets not forget what happens when SQL/ODBC errors pop up and completely give away that your an IIS slave. Its so freakin easy to cause a server's script to throw back errors for analysis.
If anything, they are saying that, "Yeah, IIS sucks, look how we can make IIS pretend to be like the much more secure and powerful Apache web server."
Why not just run Apache in the first place? You don't have to pay money to a third party just to change basic configurations, and you get the most secure web server in existance.
It seems painfully obvious.
But at least you don't have to spend money on a third party product to do it.
Since OSDL is kinda slow and lagged, heres the image:
http://www.sosdg.org/images/linux_dev_process.jpg
To all concerned, I apologize for the apparent maligning of SpamAssassin in my recent article in InfoWorld. In my original article, I stated that I used the 2.44 release of SpamAssassin for two reasons - because it was the version shipping with the latest release of Red Hat 9 and because it would illustrate how much the state of the art has changed in the last year or two. This explanation was condensed in the finished article by copy editors, which is beyond my control. This will be covered in the letters to the editor section of InfoWorld so the rest of the world will know that I did not deliberately use an old version of SA to show it in a bad light against commercial products. I plan to review the current version in an upcoming article, and I am sure that it will perform better.
Regarding some of the other comments that have been made in the many emails I've received defending SpamAssassin, some of you have said that SA is not hard to install, taking no more than an hour or two to download, install, configure and begin using. That is consistent with the 10 times longer number I used, because the other installation and configuration times were all around 5-10 minutes. You have said that an experienced Linux administrator doesn't find SA difficult to install or configure, and that additional functionality such as user-accessible white lists can be added, either through additional open source software or by writing scripts or programming to extend the functionality of SA. That's true, but not really relevant, unless there is a distribution that contains all of those features.
You have also said that I should have taken into account the fact that it doesn't cost anything before making statements about it being harder to install, configure and manage than the commercial products. SA does cost - but in an administrator's time rather than money, which I did say in the article.
The same is true of support - while you may get faster or better support through this group than you get with commercial software, there's no guarantee that you'll get any support at all - and most organizations will find that hard to live with.
So, when I review the latest version of SA, you can expect performance to be better, but I will still look closely at installation, administration, updates, maintenance, reporting, granularity of management, and end-user features for SA, just as I will for any other anti-spam packages I review.
Again, my apologies for creating a story that distressed so many of you. I do try to create balanced reviews that reflect the pros and cons of all the products reviewed.
Thanks,
Logan G. Harbaugh
530 222-1164
693 Reddington Drive
Redding, CA 96003
www.lharba.com
I donno about anyone else, but twice now the SOSDG's main web server has been Slashdotted, and it didn't even cough. Its on a 1.5/256 DSL line. Maybe it could be because we don't load our pages down with tons of crap, and don't depend on SQL databases to do our main content.
:)
*shrug*
Or it could be that we just know how to run our server really well
What about Fedora? Isn't it based on the work RedHat has already done in making Linux suitable for the Corp world?
Somehow, I just can't take Debian seriously. I've watched Debian people put down RedHat users, and act like brats. They just aren't *mature* enough to handle being taken seriously by the Corp. world.
As far as I can tell, Fedora is doing everything this guy wants to do.