Slashdot Mirror


User: billstewart

billstewart's activity in the archive.

Stories
0
Comments
7,948
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,948

  1. Teergrube was the clean way to do this on Gmail Begins Signing Email with DomainKeys · · Score: 1
    Google-cache of Teergrube Article. It's German for "tarpit". Teergrube is a modified SMTP receiver that receives mail Verrryy....verrrryyyyy.....sssssssllloooooooowwwww wwllllyyyyyyy..., especially for spambait or nonexistent email addresses, tying up the sender's system (and optionally giving you the ability to trace it.) It's not very useful if just one person runs it, but if lots of people run teergrubes, spammers' systems spend most of their time tied up talking to teergrubes instead of bothering real systems. Teergrubes can work just fine in asymmetric-bandwidth environments, because they send small amounts of traffic to the sender saying things like "send that again, please"; some of the nastier TCP-level versions do things like waiting for 90% of a TCP window and then sending back a NAK asking the sender to retransmit the last window worth of material, while keeping track of timeouts so they provide enough application-level feedback for the mail sender to keep trying, so you don't need to burn your whole 128kbps upstream to keep the spammer sending at full speed.

    It's especially useful against spammers sending their own email, though they could set timeouts to prevent it, and for spammers who abuse open relays/proxies, it's even better because the spammer is running the relay's vanilla mail transfer agent which isn't designed to teergrube-rejecting timeouts (almost by definition....) It's tougher against zombies, because spammers often spread their workload among a bunch of zombies, and zombies usually have cable modems or DSL these days, but if everybody with broadband who isn't running their own SMTP server were running a teergrube, with lots of fake email addresses seeded around the net that resolve to a teergrube somewhere, the spammers would have a much tougher time. But a zombie on an ADSL or cable modem with a 128kbps upstream can easily be kept busy with a few kilobits of ACKS from you, while not making much of a dent in your downstream bandwidth - you probably need only about 10% as many teergrubes as zombies to keep the zombies busy.

  2. Censorware / Adblockerware also already does this. on "Phishing" Attacks to Increase · · Score: 1
    If you think about the Seven Deadly Sins, most of the Censorware products out there are hung up about Lust, but don't mind Avarice or Envy at all, which is what most of the spammers are more interested in. However, the technology for dealing with the problem is basically the same - when somebody's looking up a URL, you check whether the domain's listed as good, evil, or mixed, and if it's listed as mixed, you look up the rest of the URL to see if that's listed. The only differences are that instead of the blocked lists being hidden proprietary information owned by censors who don't want kids looking up the dirty sites, they're more public, either managed as a community blocking list or possibly as a commercial service (plus censorware also looks at site ratings put into web page headers by the site owners who want to keep non-paying kids off their sites, while phishers aren't going to be coopertive about that.)

    For purely domain-based blocking, you can implement it as a host file on your PC (like some adblockers), or somebody could easily implement a DNS server that points known evil domains to 127.0.0.100 or fraudtracker.example-bank.com or whatever. A big ISP could implement it centrally for all their users, but it could be handled just as well as a distributed service. To the extent that you can identify evil sites by IP address range, you could even use IP routing to block them, though that's mainly useful for a small number of targets or for whole countries like Korea or ISPs like China Netcom, if you want to (e.g.) block all IP traffic from there including stuff you initiated on purpose. (If you're running BGP as a routing protocol, you could even get a BGP feed of evil IP addresses.) This sort of thing is more useful for individual businesses than for ISPs, because a given ISP might have _some_ customers who want to see web sites in Korea or China even if most of them don't.

    That'll cut back on phishing from misspellled.exammmple-bankk.com, but won't help of the phisher's web page is at http://big-free-hosting-company.example.net/users/ 31337ph1sher/example-bank.html. To handle that, you need a URL-based checker, though it could be implemented as a web proxy if somebody wanted it centralized.

  3. Yes, URL-blocker lists already do this. SURBL.ORG on "Phishing" Attacks to Increase · · Score: 1
    Go check out SURBL.ORG, the Spam URI Blocking List organization, and also Google around for URIBL. There are SpamAssassin rules that can use these block lists (built in to 3.0, requires work to use with 2.6x), and also a set of Exchange rules.

    Remember that the Phishing spam arrives in email - so rather than building the checker into browsers for people who've already clicked on it, you can solve the problem by junking the email before it's read, and reduce the spam problem as well as the phishing risks. I suppose that implementing it in the browser could help people whose email programs use their browsers to fetch URLs, but remember that most of the target population uses IE, not Firefox.

  4. Metamoderator's Comment on Rio Karma User Review · · Score: 1
    A moderator rated this as "Redundant". I have to disagree - I couldn't find any other references to chicks, hot, naked, or otherwise, in the head article or in any of the postings from the original's 9:31 through 10:08, so it's not "Redundant".

    If you'd moderated it as "Offtopic" I'd happily agree :-)

  5. Skype and Standards and Alternatives on VoIP Gets a New P2P Routing Protocol (DUNDi) · · Score: 3, Insightful
    Skype prefers to do things that are "better" than the current standards, and does them in a proprietary way to protect their potential profits, and doesn't document their protocols because they're not interested in having random people develop software that interconnects with them. (Make whatever judgements you'd like about that... :-) However, unlike many vendors who take that approach, they've at least done a decent job of it.
    • They're using audio codecs from Global Ip Sound, who make codecs that are more tolerant of high packet loss than most of the low-bit-rate public-standard codecs, and also better-than-telco-quality higher-bandwidth codecs. It looks like Global IP is working on getting some of their codecs into the standards track.
    • They view NAT traversal as a critical design element, because NAT's become extremely widespread (in spite of being evil breakage of the end-to-end paradigm), so they've done more than the SIP standards do to simplify that. (SIP came from Internet people, so it was far, far better than the H.323 stuff that came from the ISDN crowd, and it's easy to set up firewalls for SIP transparency, but NAT traversal takes extra work.)
    • They view security as a critical requirement, so they've got modern crypto algorithms like AES in there, and from a performance standpoint it's a really big win to encrypt the data packets rather than using IPSEC tunnels, because VOIP data is inherently small compared to the headers. Unfortunately, because of their attitudes about proprietariness and no public documentation, it's not possible for the crypto community to examine their protocols or code, and most crypto mistakes these days are made in protocol implementations, not in the fundamental algorithms, so even though they use AES and Diffie-Hellmann and long enough keys, that doesn't mean they're not totally hosed.
    • P2P is fun, and can scale well by taking load off the central server, and the Skype folks don't want to run a huge central server. This has some conveniences for their design (supernodes for NAT traversal assistance, etc.), and creates some interesting security tradeoffs (no central point of attack, but widely distributed local attack points) which are unfortunately covered up by the lack of protocol documentation.
  6. Spam-URL block lists, SPF, Digital Signatures, on "Phishing" Attacks to Increase · · Score: 1
    Banks and Credit Card Companies don't seem to be using SPF to discourage people from accepting fake email from their addresses, and they're not using digital signatures to authenticate the content. While it's especially annoying that e-gold doesn't, most of the phishing spam I get pretends to be from Citibank. That doesn't stop spam from example-bank.info pretending to be example-bank.com, but it's a good start.

    There are URL spam-block lists now, and SpamAssassin 3.0 seems to be able to use them as well as using SPF rules. Time to get them widely updated with phisher-spam addresses.

  7. PH as in PHreaking and PHat. on "Phishing" Attacks to Increase · · Score: 1

    Yeah, I like Phish the band too. But Phone Phreaks were one of the ancestors of hackers and crackers, and the PH in Phishing probably came from there.

  8. Valid-Looking Credit Card Numbers on "Phishing" Attacks to Increase · · Score: 1

    Ideally you want to give them credit card numbers that aren't real but pass a basic validity checksum, just in case the phishers are bright enough to check. Obviously enough, credit card companies don't have a service to auto-generate those for you, but I'm told there are crime tools out there that will (used to be popular for getting free-trial AOL-coaster accounts, because they wouldn't validate the credit card until you'd used your free month and it was time to start charging you.) But generating a large number of invalid transactions (e.g. the card number doesn't match the expiration date, and neither one matches the name) ought to be a red flag when the phisher tries to use it. The problem is how to avoid real people's credit card numbers (you're highly likely to not get a matching name or ZIP code, but if a matching date is enough, you'll hit lots of those at random.)

  9. SPF and Digital Signatures only help if used on "Phishing" Attacks to Increase · · Score: 1
    I've never seen a bank or credit card company send out digitally signed email or use SPF to semi-validate their email. Sure, even if they do use SPF, it's possible for the spammer to use example-bank.biz (with SPF records) instead of example-bank.com, but at least it's a start, and the bank can publish the digital signature keys or fingerprints in their paper snail-mail statements as well as on their web sites.

    It's especially annoying that E-Gold doesn't use them, because they're phished almost as heavily as Citibank, in spite of being much much smaller.

  10. There's No Less Oxygen on Global Air Pollution, From Above · · Score: 1
    The problem isn't that there's any less oxygen - it's still about 21%, and the altitude is about 60 meters above sea level, so the atmospheric pressure is about what you're used to. The problem is all the other junk in the air. It's possible that she's getting less oxygen into her bloodstream because her breathing is affected by irritants like sulfur and nitrogen oxides or maybe carbon monoxide, but there isn't significantly less oxygen around her.

    While there are Libertarians who have a Rush-Limbaugh-like dislike of the environment, there are many others who view pollution as a form of trespass and aggression that's reasonably actionable. Unlike Communism, where the government owns the industries and over the last century has displayed an appalling willingness to destroy the environment because they care more about making their 5-year-plan quota than about preserving the people's health, and unlike Capitalism, where the industries control the government and not only get away with pollution but have a strong incentive to make short-term destructive decisions because next year somebody else may bribe the politicians better and displace the current capitalists' access to the commons, in a free-market Libertarian society, there's more incentive to make good long-term decisions because you want the value of your land to increase and you can't depend on the government to give you more of it if you've trashed what you've got, and you don't want people suing you because of the damage your chemical dumping has caused (or pouring the waste from your factory back in the front door if you've gotten the courts to say it's safe.) (There are socialist societies like Sweden that have been better-behaved, but pretty much all of Eastern-Bloc communism has been an environmental disaster, including Eastern Europe, the Soviet Union, China, and North Korea. I'm not sure about Vietnam, though they had American help in messing up the place, and some areas like Cambodia and Laos weren't sufficiently industrialized to have modern industrial pollution problems in most areas as opposed to traditional agricultural pollution.)

  11. Spontaneous Combustion. on Build Your Own Drum-Playing Robot · · Score: 1

    Robots just explode sometimes. Spontaneous combustion. Especially if they're drummers.

  12. SCSI Event Request Reordering gives Speed on Itty Bitty SCSI Hard Drive Arrives · · Score: 3, Interesting
    One reason SCSI disks are faster is that the smart controllers get to optimize requests after they've been sent to the disk controller. Typical tricks include reordering requests to take advantage of disk postition information that the CPU doesn't know about. I haven't benchmarked this stuff in years, but basically anybody who does ends up raving about SCSI performance.

    Another reason that SCSI disks are often faster is that they often have higher RPMs. That's not because the controller makes the disk spin faster - AFAIK it's just because the disks that spin faster are usually sold to people who want maximum performance and are willing to pay for it, so they usually want SCSI controllers.

    More spindles is obviously a Good Thing too, but that's not what makes SCSI fast. It would seem obvious that SCSI lets you support more spindles, so that would give you some speed advantages, but most SCSI disks seem to be smaller, so for any given capacity you often need more disks if you're using SCSI.

  13. Only time for low-disk-capacity fast applications on Itty Bitty SCSI Hard Drive Arrives · · Score: 1
    It's a niche-market product for now. If you need lots of disk capacity, these drives aren't for you. Instead of spending $838 each for two 73GB drives, you can use one 146GB 3.5" drive if you need SCSI for a lot less money. If you don't need SCSI disk-access-reordering speeds, these also aren't for you, because you can use SATA or IDE 2.5" drives for a lot less money, or 3.5" drives for a lot more capacity. However, if you want one blazingly fast disk drive and 37GB is enough capacity, and you'd rather spend more money for less power, this might be a fun disk drive to buy.

    Blade servers might also be an interesting niche, if somebody wants to put SCSI controllers on a blade rather than IDE/SATA. For those, you really do need the small size and low power, and if SCSI makes your databases run faster, that's a big win.

  14. Encryption Programming and Canned Libraries on Foundations of Python Network Programming · · Score: 2, Insightful

    The first thing you get from a "solid base" of encryption knowledge is the concept that doing your own encryption algorithms except as an exercise is a really bad idea.... But that doesn't mean that you can write application programs that use standard libraries like OpenSSL without a solid understanding of what the encryption technology's doing - you really do want to be more than a script kiddie in this field.

  15. Obviously rtfm first... on Interview with a Spampire · · Score: 1
    Thanks! Yeah, that was just a quick example hack. I looked at the man pages, which had lots of options, and decided to ignore them for the posting, but a real implementation would make sure not to cache, and provide some user-friendly input and logfile mechanisms.

    (Doing the job right is especially on cygwin, where you'd need to make sure all the parts are there and provide a bit more installation advice, as opposed to Unixes where you mainly need to be sure wget is there and you've got the appropriate shell. But either way, you should be able to cut down on memory usage substantially.)

  16. If He's Remorseful, Publish the code and bugs on Interview with a Spampire · · Score: 2, Insightful
    His code almost certainly has some bugs that can be exploited, or at very minimum some identifying characteristics that can be used to detect and reject it (e.g. a header like X-Mailer: SpammerPro14). If his claim that he's remorseful is anything other than yet another example of Rule 1, then let's see it.

    Of course, the catch to publishing the full code is that spammers can then use it for free, which isn't really a good thing, but at least publishing the bugs would be a good start.

  17. wget would be much more efficient on Interview with a Spampire · · Score: 1
    You want to download the spammers' files, but don't care about rendering it (in fact, you probably don't _want_ to render it.) If you're on a Linux machine, or if you've got a Cygwin version of wget, you could write a short shell script
    (while true; do wget $SpammerURL > /dev/null ; done)
    that doesn't burn browser memory.
  18. Moonlighting from his spammer day job on Interview with a Spampire · · Score: 1

    Many technical companies have employment contracts that forbid you to compete with them outside work, or at least to use the things you develop at work for other jobs without paying them for it. Don't know if his spammer day job has that kind of rule and he ripped them off, or if it was legitimately separate.

  19. Freedom of speech is for everybody on LP files Suit To Stop State Funding Of 3rd Debate · · Score: 1
    (You're probably not going to read this, because I only saw it a week late doing metamoderation, but just in case somebody notices:)

    Pure libertarian campaign finance laws look like: "Freedom of speech is for everybody, not just citizens. If you don't like the people that Candidate X accepts campaign money from, you don't need to vote for Candidate X." Foreigners, resident aliens, children, special interest groups, whoever - all of them have the right to free speech, and political speech is one of the most important kinds of speech that the First Amendment protects.

    There are some libertarians who'll argue that corporations are a creation of the state, basically done as a favor to the owners who would otherwise operate as a partnership, so it's reasonable to limit that creation by saying that corporations can't do political speech - but corporations are a special case.

  20. Open-Source SpaceShip One? on 19th Century Airship Technology for Port Security · · Score: 1

    Actually you could get away with much smaller rockets than that, since you're only going 1/3 as far up and don't have to carry passengers, just enough incendiaries to cause trouble.

  21. Camera Blimps over NYC during Repub Convention on 19th Century Airship Technology for Port Security · · Score: 1

    According to an article by Jock Gill on Dave Farber's list, there was a camera blimp over New York City during the Republican National Convention. No indication of who they were watching, what they did with the pictures, privacy issues, or anything, but it wasn't just a Goodyear football-watching blimp.

  22. Yes, that's millimeter-wave with 500-mile range on 19th Century Airship Technology for Port Security · · Score: 2, Interesting

    These things have roughly 500-mile range, and yes, millimeter-wave radar is the stuff that Homeland Security wanted before everybody started reminding them that Ashcroft is a prude (so they started pretending they'd use image-processing to block that usage.) If you really believe all the funding applications here, you have to wonder when they'll put up a webcam...

  23. TeraHertz Radars _are_ part of the plan... on 19th Century Airship Technology for Port Security · · Score: 1
    Terahertz is roughly millimeter-wave - abut 1/400 the wavelength of microwave ovens.

    It really should be perfectly adequate to keep the tinfoil-hat crowd busy, and any radar capable of looking inside shipping containers from 400 miles away has a good start on the sharks-with-frickin-lasers market as well.

  24. "I, for one, welcome our new blimpie overlords" on 19th Century Airship Technology for Port Security · · Score: 1

    Ok, didn't have to be said, I've modded myself down already, but the straight line was just sitting there....

  25. They're for Homeland Security, not battlefield use on 19th Century Airship Technology for Port Security · · Score: 1
    These blimps aren't designed for battlefield use, where they could easily be taken out by Stinger missiles or artillery, and where speed and rapid maneuverability are important. (If you need an AWACS plane, _use_ an AWACS plane.)

    Their job is to park near the US borders, with big radars looking for anything suspicious, like boats or small airplanes that might have politically incorrect plant materials or trucks that might have people with politically incorrect skin colors or Canadians invading on snowmobiles. They're also talking about using TeraHertz Radar to look into shipping containers, though the idea of doing that from 300 miles away seems rather odd.

    It's possible that they'll also be able to replace some of the functions of PAVE PAWS, a set of phased-array radars used to watch for Submarine-launched and intercontinental ballistic missiles.