No ammount of eduacation to users will stop spammers.
You may think that spammers send you their spam because they are trying to sell you something, and that you outsmart them by filtering their spam out, or by recognizing it and refusing on principle to buy from them (if perhaps they are selling something you wanted).
Spammers are not sending their spam to you. They are sending to someone else who will never learn and will buy whatever they are selling. The fact that you are getting spam is a side-effect. If they could avoid sending it to you at a reasonable cost to them they would not send it because they never meant to send you email. However, since they happen not to know the eamil address of their customer (that someone else that is not you that is the intended spam recipient) it is more cost effective for them to issue instructions that deposit a copy of their message in every existing mailbox, and since they don't know what mailboxes exist, it is easier for them to issue routing instructions that route their message to every known string that contain an "@" sign. Some of those strings are working routing instructions, and some of those routing instructions are instructions that deposit email messages in mailboxes, and a few of those mailboxes happen to be the mailboxes of their customers, that could have been located by the old fashion way of market reasearch, but the old fashioned way was replaced by the modern more cost effective way of stealing computer and network resources and using them to issue routing instructions to every string that contains an "@" sign.
Now there's a faults in this new method: there are lots of side effects (like you getting a copy of this message. Like bounces prodiced from routing instructions that failed to work etc.) Spammers cannot deal with the consequences of all these faults. Their resources can deal with the few customers they really did try to contact. Luckily for them they don't have to deal with the consequences, because you actually don't respond to their messages in the same way that a real customer would, and as their real customers are distinguishable from side effects they only have to locate the resources to serve their intended customers.
No matter how much people will be educated about not dealing with spammers, spam would remain effective, perhaps even more effective. There will always remain a small percentage that would still make money for the spammers, and these are the real recipients of spam. The mistake in believing that educating people would starve spammers is in actually believing that the millions of spam recipients play any role in the spammers' business model. They don't! They are side effects, and they are actually helping spammers by spending lots of money to filter spam so it only goes to the spammers intended audience. If you want to really hurt the spammer's business model, you have to stop being a side effect, and join the spammer's audience. You have to respond to spam in a way that indistiguishable from real responses from interested customers. You have to make them have to serve you the same way they do serve those real customers of them but withoutproviding them with any real valuse. That would increase their costs top the point where thei business fails. You have to fill their contact forms with info that is indistinguishable from real interested customers' info (until manual contact is made and fails). You have to fill their purchase forms with info that is indistiguiahble from real purchase info (until the point when the credit card company says the cc number doesn't match the billing address/name). The only way to hurt spam is to cause spammers to have real extra costs. And the only way this can work is by real people who aer not their intended audiences posing as real customers and require service but creating no revenue.
That of course doesn't deal with all kinds of spam. That kind of image spam that recommends petty stocks has no contact info. And some people that "fall for it" actually make a profit (
>... the only program I ever had to install by hand was ies4lin.
Wow!, now how did you know you need to run "dfs3dse". Oops, sorry, it was "ies4lin". How did you know this?
I really wish I could use Linux. Well, I managed to use it a little bit, but not in a very useful way. After Mandrake 9 failed to install completely leaving me with the task of providing a graphics driver for my very common ATI card from 1998 that it could not provide, and leaving me with a text only interface but with no instructions on how to proceed from there (and no instructions on how to just make it use a standard vga driver like win98 did on the same PC until the manufacturer's driver was installed from CD), I tried Knoppix 3.7 which worked slowly but provided some functionality. Then Knoppix 3.9 failed to work on the same PC. Then I tried Ubuntu that came nicely and showed a blank screen that reminded me of why I stopped using university UNIX in the late 20th century and intead brought my own private laptop with win98. It was because of the way UNIX provides info to users: everything is documented. In the most sensible way. Alphabetically. I can find anything I want. Like I could just type "man ies4lin" and I would get all the info on it. EVERYTHING! Every little options, all conveniently listed alphabetically. I just have to scroll down to the option I want to know about. Now how do I know what I want to know about? Well, I thought I could just install some standard distribution, start using it and learn along the way, but I tried several times and it didn't work out:-( Not that I know nothing about computers. I can read email headers and I can read RFCs. I can write html and css and a little javascript. I know enough to use WinXP under a non-admin account and behind a hardware linux based firewall (that a student of mine installed for me). I did a lot of fortran programming in the past, and used Unix for many years (but someone else maintained it). I still wasn't able to install a single distro in spite of trying several times, and I don't believe someone without any computer experience can. And even when I could run a live CD distribution getting help on trivial things like keyboard shortcuts was very difficult. Usually you need to know the name of an app that does something to find out how to do it.
I still want to use Linux. I just don't seem to be able to get to the starting point where I can start learning while doing some real work.
Don't count on governments - SPAM THE SPAMMERS!!!
on
ORDB.org Going Offline
·
· Score: 1
Spammers rely on you not getting back to them if you don't want what they sell. They send to millions but can only handle so many hundred responses. They are successful because we help them by not replying. Only those that are actually interested in doing business with them contact them.
If a small percetage of those that are not interested call back and express interest (that would not result in a purchase) their business concept collapses.
So go back to the spammers, fill their contact forms with bogus information. Order their stuff with fake CC numbers and fake contact info. Just spam them. Drown them in info they don't need! Make them call back thousands of phone numbers to find out the few who really wanted them to call back!
Their have been attempts to get back at spammers. These have mostly been automated systems that spammers could learn to circumvent or attack back. To really hurt spammers they need to be drowned in real responses from real people that are undistinguishable from real customers.
It can be effective with some sorts of spam, not all (such as not with the spam that encourages buying certain stocks) but it is important to make this particular spam fail, and leave spam to only illegitimate purposes that don't need you to contact them.
I have been feeding some spammers' contact forms with fake phone numbers *actually real phone numbers that I collected from other spammers contact info, why not have them phone each otehr...) It seems to have some effect, as they seem to have added now more rigourous checks on their forms (easily avoided using javascript:document.forms[0].submit()).
SPF certainly cannot stop botnets. It's trivial to setup dummy domains with SPF records that allow sending from your botnet, and it's very cheap to register new domains everyday if you use stolen cerdit card info.
Botnets could be stopped if ISPs would have wanted to stop them, but then it's more profitable for ISPs to sell anti-spam+anti-virus+anti-spyware+contentfiltering +hosting-to spammers. I've made several complaints to several ISPs about PCs in their IP range sending out spam from domestic broadband connection, together with contact info (cellphone+promotional websites) of the spammer that sent the spam through their system, and the spammer is still free and continues to send spam that arrives from hundreds of PCs all around the world to my spamtraps. Only the ISPs can have positive evidence about PCs on their network being abused by spammers. I can only point out that one spammer sends email from residential IP spaces of many ISPs all around the world. The ISPs can monitor the known IP addresses (the ones I report to them) and provide law enforcement with positive evidence that the PC have been hijacked and how it is being used without the owner's permission. Apparently they have no interest in doing so. Spammers are selling their services openly and nobody wants to stop they. I asked a spammer for a quote and he got back to me from his ISP email address with a quote that included his street address and phone. It was a spammer that sent mail using botnet (as it seems from the "Received" headers on the spam I received that included the spammer's initial contact address). They're pretty sure nothing will happen for them, and they are making huge progress in selling their spamming services to "legit" businesses.
I ALWAYS use them for reading Office documents in incoming mail (I forward them to Gmail. Takes an extra 2 seconds).
Perhaps it's a good time for Google to make it work better. Like show images as an option.
What kind of exploit is this? If I run Word in a limited Windows account, am I not protected? (what if I create an account just for reading Office docs that cannot be trusted in the same environment as other things?)
The answer to the question "why do you believe 99% of of patents should not be valid?" is very simple: because there are too many of them!
The way the patent system was supposed to work and the way it did work many many many years ago when patent law were "invented" was that a reasonable number of patents were granted, where reasonable means that a developer in a field could invest reasonable time and keep current with new patents in her field. Can anybody do it nowadays with millions of patents written in a legal language developers don't use?
The name "patent" has some significance. Published patent grants should be seen by whoever work in the relevant field. The quantity and the quality of published patents in some fields today make patents irrelevant reading to developers. The fact that there's a relevant patent becomes known after the fact, and patents lose their aim of increasing human knowledge, as they are not worth the developer's time to read. So there's no benefit to society from the patents (not all of them!) so society has no real interest in granting them.
Criteria and duration of patents should be made so that the numer of granted patents per field is reasonable and the duration of patents is comparable to the rate of progress in each field. We are not in the 18th century anymore!
> Was a portable device for email "bloody fucking obvious" in 1991?
Of course it was! Email travels on a higher level networking level and the kind of networking hardware in the lower level is irrelevant. It was obvious in 1991 that email can be used on any device that can be programmed and has a networking hardware component, and that is connected (not necessarilly all or most of the time) to a network. And it was obvious that mobile devices can be connected to a network. Does the the creation of a new technology for hardware connection necessiate clearing legal rights for using all kinds of protocols that can use the networking layers above it?
Anyway, I saw a working "portable device for email" in 1984. It was in the Israeli army. We had this sort of messaging system that could be used to send messages (with a subject line and list of recipients) to other users of other computers in the network. I don't know if the network was based on IP or if the transfer protocol was something like SMTP, but it really doesn't matter. It was an email system. It connected users on different kinds of devices (some used IBM-370 systems. SOme used VAX. I don't know every node of that network but there were CDC computers in some units so they probably also had access). Anyway, to the point: we had this drill that simulated a terrorist attack and one of the things I saw there was a mobile terminal of this system. So perhaps the device was not something you could fit in a pocket. But it was mobile, it used a wireless connection, and it provided email access in the mobile device (the device was probably a minicomputer+radio-telephone+generator on a 6x6 military truck, but I think this should not be relevant in determining that there were actual systems providing email access on a mobile device that predated 1991 by at least 7 years).
Many think of OSS as something created by hobbyists for fun and do not realize that many of those "volunteers" are fully employed programmers by companies like IBM, Novell, Sun, Red Hat, Oracle, etc. etc. etc. that have realized that they don't have to do EVERYTHING in house but they better cooperate on some things and compete on others. They invest by dedicating programming resources that the "contribute" to the public, but this is based on a business decision that it is more cost effective to share their resources with other companies and restrict competition to areas in which they are better than the others.
The consequence is that every major OSS software package undergoes the scrutiny of many of these companies that have to verify they are good enough to be bundled with their offerings, unlike closed source software that is only verified by whoever wrote it and sells it (that BTW has more interest in not letting the problems surface than in actually avoiding them).
You cannot trust a company's TOS for keeping your email address secret. Not everybody in the company is aware of everything in the TOS all the time, and most employees will not see any problem in sharing address lists. Then they can be given to someone that sends email on a company's behalf. Then they could be sold by an employee that has access to them. Then they can be harested by a technician that's repairing a computer... About 4 years ago we had a discussion here (http://www.emailaddresses.com/forum/showthread.ph p?s=&threadid=9008) that someone started after discovering that a company he trusted lost his email address to spammers. IMO the only conclusion that can be reached is that an email address that's out there would eventually be in the hand of spammers, so it's better to be ready in advance to change it.
The only trustable parameter in SMTP is the recipient's address, and if you use your address space to distinguish between different senders or groups of senders then you can easily filter bad mail without affecting good mail.
I'm quite sure that "follow the money" was already used to catch spammers and other sorts of cyber criminals. This is one tactic among many that can lead to a real person responsible to sending the spam, and more importantly, to whatever illegal activity is involved in it. Sometimes the spam includes contact adress. Sometimes they lead to a website that sells something. Sometimes you can make an online purchase. Sometimes there's just a contact phone. A lot of the spam I get lately just leads to a webpage that collects your contact info and says they'll call back. (One way to fight spam might be to fill these forms with false information. I did several times leave the spammer's own cellphone number. If everyone responded by entering false infothe spam would be useless as amethod of advertising.)
Porn/Gambling advertised in spam do not worry me as much as "legit businesses" that hire spammers. It seems that spam is becoming acceptable as "legitimate" way to advertise. Legitimate businesses hire criminals to send spam on their behalf using forged headers and compromised PCs to send the stuff. Despite being warned about what is involved in sending their spam they rehired the spammers (meaning the spam campaign was successful, and the particular spammer charges about $1000 per million addresses with some discount for bigger orders). I follow one spammer here in Israel since they have started their operation 9 months ago. They send "only to local addresses" and I receive their spam at one ISP address that was never provided to anyone by me (i.e., it is known only to me and the ISP). Their operation is entirely based on using exploits to send and hosting "mini-sites" hosted in China. Only their main promotinal site that is used to market their own serviceis hosted locally (mailmedia.org). I received spam advertising several colleges, that are probably partially funded with government money. I received spam advertising courses leading to Microsoft sertified wahtever (MCSE, MCP etc.). I received spam advertising a TelAviv licensed stock broker. I complained to the Israel Securities Authority about the illegal way in which this member of the Tel-Aviv stock exchange is using to promote its business and the only reply I received is that they don't have anything to do about it but I might contact their ISP (which of course I did even before I approached the Securities Authority. So its OK for a member of the stock exchange to hire criminals. I saw several times spam athey send selling security products (locks, safes alarms), meaning people are willing to trust the security of their home or business with those that employ criminals. I saw spam advertising medical treatment (not viagra). I saw spam selling electrical appliances, computer hardware... All these are paying criminals to act for them illegally, and nobody is interested in stopping them. In fact they gain more and more customers, and their website is still hosted by the same company (barak013.net.il) that hosted their promotional website from the start, despite their knowlege of the illegal activity that is sold using that sight (I sent them lots of copies ofspamcop reports, and I sent the abuse teams of all the ISPs in Israel a detailed account of what this spammer does, including using compromised PCs within some of the Israeli ISPs to send their spam).
This is very bad. real criminal spammers getting paid from real mainstream advertising budgets so they steal resources from others is very bad.
There are plenty of aspects of what spammers do that are clearly criminal activities, and the only reason I see that these are not used to put spammers in jail is that nobody is interested. Perhaps ISPs make more money by selling spam filtering services than what they can save by redusing the amount of spam sent.
Spammers use trojan horses to take over PCs that are then used to send spam using the network resources of the victim's upstream provider. Spammer's send email using forged identities. You don't need a definition of "what constitutes spam" to understand that all these are crimes: breaking into computers, stealing network resources using these methods, all kinds of identity theft etc.
There is plenty of evidence that can be used to link actual people to these crimes. Each spammer sends out millions and millions of messages on behalf of each individual advertiser (I asked a spammer for a quote and the rate was about $1000/million addresses). My experience is that these almost always arrive from various consumer broadband or dialup connections all around the world. Cllecting enough of these would show that a spammer is not using her own computer to send. The next stage is to link the IP address on received headers in email with the actual compromised computer that was used to send them, so that a link is established between a particular spam run and a computer known to be infected and made part of a botnet controlled by the sender of the spam run. Once a you have such a PC you can analyze the traffic it gets. That would link back to whoever controls it, but probably not in a way useful to catching the person involved. However, it would show that the sender is actually using the compromised machine, and would show the content of the spam pumped through it at least in fragmented ways (though I guess if the compromised machine is using SMTP to send out spam it shouldn't be too hard to get the the complete spam messages it sends, such as by intercepting the outgoing traffic to port 25). Sometimes the spam messages would contain info leading to the spammer itself (the spammers I've been following lately always include a link to their own promotional page that offers their services for sale). If it doesn't then it has the contact details or some identifying details of the advertisers. The advertisers can lead to the criminals (actually the advertisers are criminals themselves. They paid the spammers to break into other people's PCs and send their ads. They paid the spammers to send email on their behalf posing as other people (forging sender's identity). If you hire someone to commit a crime in your name you are commiting the crime. Buying stolen goods is not legal. Especially not if you order the merchandise that is then being stolen for you Advertisers should realize that there are risks involved in dealing with organized crime. If they order a service they are responsible and should verify that it is conducted legally, or else they might spend time in jail.).
So there needs to be some coordinated effort to collect this evidence and organize it in a way that can be used to convict the criminals that commit these crimes. Including those that hire them. There needs to be a way to contact these people who have infected PCs and obtain useful information showing who is using them and what they are being used for.
One problem with law enforcement is that usually it is required that someone would actually approach law enforcement with a complaint. If there is a crime then there is a victim, and the victim should complain (well... if the victim takes the form of a corpse then the complaint is implied, in a way). The problem with crime on the internet is that often the damage is distributed among millions of victims, and no single victim is harmed in a way that makes the hassle of trying to convince law enforcement that a crime was commited worthwhile. If you put your small change on a table and someone grabs a quarter and runs away, then you're not going to the police to file a complaint. It's not
If you give an email address to anyone it means you agree to them and others sending you email to that address as long as the address accepts email (unless they explicitly agreed not to). If you don't want to get email from them you just have to stop receiving email at the address you gave them. RBLs will not stop the email from sources that you gave an email address to and don't want to send you email anymore (unless you run your own RBL of these sources).
The fact that you give someone you don't trust an address you cannot easily block is not a reason to change the entire infrastructure of the email system and start billing senders per message (actually taxing them since it would not be proportionate to the cost of the service provided).
The kind of spam you describe (losing control of your email address because YOU were spreading it to all kinds of untrustable parties) is easily avoidable. Go to spamgourmet.com and learn how. Then google for "disposable email addresses" and learn more. It would not avoid all risks of spam but it would put you in control.
The real solution to spam is to put the spammers in jail (let's junk mail -> munk jail)
>... they're perfectly likely to get hit > before update can protect them...
They are perfectly likely to not get any update at all. I have a Pentium 500MHz machine I bought 8 years ago + an original WIN98 disk that came with it. This machine is not really able to run XP (and the copy of WIN98 I have is perfectly legal. Getting a legal copy of XP would cost me money I do not want to spend).
Anyway: I can install Win98 from the disk. Then I can try to get to Windows Update. The last time I did it (a couple of years ago I think) it first wanted me to upgrade IE because IE4 that came on the disk was not good enough for Windows unpdate. Then it only let me install IE6 but no IE5 or 5.5 available (IE6 is a bit heavy for that machine) and finally after installing a newer IE it told me that I cannot get updates through windows update, but instead I should download all the patches since 1998 manually and install them one by one. I even conatacted M$ support on the phone about this (and surprisingly they did have me on record and gave me my customer's ID #) but there was no other way. They did send me an XP trial disk, though, that I never used because it said I would have to reinstall the system after the trial period is over.
So for MicroSoft stopping support for WIN98 didn't mean not providing any more update after a certain date, but rather removing all the past updates and disabling the automatic update feature. I would at least have expected them to collect all updates and make them available as a single file to allow anyone that reinstalls the OS to bring it to the most updated state available, but they didn't. Instead they made sure that anyone that is not an expert would be using the original unpatched version.
So you have many WIN98 machines operating, many because they are not strong enough for a newer OS, and if they ever reinstall they revert to an unpatched version.
(I know I can install LINUX. I have a knoppix 3.7 disk that runs on that machine though it is very slow. knoppix 3.9 fails on that machine. I tried installing Mandrake 9 a very long time ago and it insisting on not running in graphics mode and complained about my very common ATI card, and I tried Ubuntu that loaded and showed a blank screen. I still hope to run Linix sometime, but I first need something that installs and runs and only thenI can start learning how to fix things).
Thank you for bringing up the Spamhaus BL issue.
It would teach the public that blocking spammers
is not an effective way to avoid spam.
Putting you all in jail would be much more efective!
Their response was:
Thank you for your interest in e360insight.com.
An e360insight.com representative will be in touch
with you shortly.
(actually their first response was that the email address I put in was invalid. It was valid, but they truncated it. So I had to truncate it to fit in. That limits the amount of info I can store in that spamtrap.)
>... distributing the list with the explicit instructions > that it is not intended to be used to block spam...
That's exactly what SpamCop says (or used to say) on their faq. In that case because it is really not suitable as the sole criterion to blocking spam (they recommend using it as one factor in a more complete slution like SpamAssassin, but people still use it to block spam).
However, in the Spamhaus case, at least XBL is certainly intended for blocking spam.
If no bounce message was created it means the email message was completely received at the recipient's MX (that is the recipient's SMTP server issued a "250 OK" in response to end of data, and this means the email message was fuly received and is stored on that server).
So if anyone complains about not receiving the email you sent them, tell them the truth: the email was delivered and received by their email hosting service. For some reason their email provider that had the email message has not delivered it to their mailbox. If it bothers them they can contact their email provider about it.
You might want to post a copy of your mail message on a website (perhaps password protected) so that those of your members that choose to use an email service that censors their mail would be able to read the announcements there.
I had a student that emailed me a day before an exam and asked for sample exams. I tried to send her and it kept bouncing. So she had to study without those sample exams. It is the recipeient's choice whether to receive their email or not, and if they wish to delegate the responsibility to an incompetent email operator there's a price associated with this.
>... and rather than being forced to carry the spam, the bounce, > the report that the bounce failed, and the continuing message > failure notices, it's much easier to just ignore the message > in the first place.
All that's needed to bounce a message is to issue a 550 SMTP error code, or to just drop the connection. No need to "carry the spam, the bounce, the report that the bounce failed..."
What Hotmail really does is accept the email, send an OK that says it was accepted for delivery to the recipient, and then drop the message anyway without informing anyone. This completely breaks the email system's built in reliability by giving a false acknowlegement of receipt to the sender. Deleting mail without reading it should be done only by the end user (manually or automatically).
Anyway, Hotmail is not a real email provider. It is a tool to drive traffic to MSN and to promote its brand. People that really need to receive all their incoming email shouldn't use Hotmail, and it is not reliable as an email receiving service.
Just as the US cannot regulate gambling outside its borders, it cannot regulate financial services outside its borders (or can it???)
So now there are new opportunities to get American money: American gamblers would need a non-US credit card number so they can use it on gambling sites. There's a whole world outside the US and there will be those that are willing to adopt US gamblers that need a midleman that their US financial institution is allowed to transfer funds to...
If the ISPs can ask Google to pay them to not slow down their packets on the way to Google's users (prefered delivery), so can Google charge the ISPs to not slow down it's response times to those ISPs' customers.
Google used to display response times on it's searches in the early days. It can go back to this practice and link to an explanation on why the response time to your searches/Gmail/calendar/spreadsheet/whatever is lower than others and to statistics on which ISPs have better response times with Google. In a world where connectivity providers assign different priorities to different websites, websites could just send point users that have slow response times to their ISP's support:
FAQ
Q: Why is the response time to your website so slow?
A: Some ISPs limit or slow down access to some website.
You should check with your ISP if they give different
priorities to different websites. Ask them to not
limit access to access to websites you use. If they
do limit access to your prefered websites you might
consider changng your provider.
The telcos/ISPs sort of try to make the internet into something like a cable TV system where their customers get the limited content from providers they have deals with. They seem to forget that in this model it is the intermediary that pays the content provider and not vice versa.
They need a PARENT to encourage them...
They need the right environment at home.
And they don't need competing forms of passive entertainment (TV).
Don't expect the school system to do it for you.
My 11 years old son Daniel programs using a variety of tools and has been doing so for a couple of years already (Visual basic, a variety of flavors of Logo, Game Maker. I'll let/.ers find out what he's using in this photo). He also does other creative things like creating scenes and animations using Art of Illusion - this also involves kind of programming, like creating procedural textures/materials. He learns some math/geometry doing this, since his programming experience drives him to manipulate the data (coordinates) directly to get exact results. He also learns some physics for getting the right results, like making gravitation work close to correct in this game (/.ers should be able to tell what link is the game. Hint: the file extension is.exe*). (well... It not just parent encouragement. After school activity played an important role. School only taught him to use the computer as a typewriter).
His 5 year old brother Jonatan already learned to do some "visual programming" using Game Maker, producing working games (though still not one another kid would want to play with. He does get useful things produced this way: Birthday "greeting cards" that can only be made using programming). The need to do everything that his big brother does is enough motivation.
___________________________
* I thought that the game should really be open sourced (or "free-softwared") but the Game Maker "sources" (.gm6 files) are actually binary, and though the license allows distribution of the created games, it's not clear to me how exactly it can be done with an Open source or CC license. Compiling the "sources" requires (gratis) proprietary software.
** comments, and suggestions of useful software that can encourage kids to becreative are welcome.
About 8 years ago I got this phone call that said they are a security team on behalf of the issuer of my credit card, and they are verifying the card. They told me the card number and wanted that I verify it by supplying the 3 digit security code. I told the lady there's no way she's getting this code and if the bank wants to ask me something they can contact me. She insisted that I must give her my code and I refused and told her she was lying. In that case the credit card was one issued by an Israeli bank. I was in Detroit and the call was inside the US. I did not give my number in Detroit to my Israeli bank. So it was certainly fraud.
This year I was contacted by cellphone in Israel by the VISA security department. They told me there were some unusual charges in my VISA card (issued in Isreal), and asked if I made them. They then asked if I want to block the card immediately and I agreed. They did it immediately, and the fraudsters still got to charge almost $10,000 (I got every penny back + interest. The charges were made to some gaming website registered in Hong-Kong and some Paypal accounts with chinese sounding names).
I also got an email from my bank this year that was caught by FastMail.FM's phishing detector (URL shown in link is not in the same domain as URL in HREF attribute). The email was really from the bank: it was sent to a SneakEmail.com address that only I, my bank and SneakEmail know about. I can tell what email is sent from my bank and what is not because I dedicated an email address for that purpose. That's what people should do when they provide an email address, and banks should encourage it. However, banks are content to just insure themselves against fraud and cover their costs by charging their customars, and ISPs do not want their users to know that they can provide countless amounts of email addresses per customer at no cost. Their strategy is based on getting the customer hooked by their precious email address they got from their ISP, and ISPs want them to believe that an email address is a scarce resource that's hard to replace.
Slashdot Mirror
No ammount of eduacation to users will stop spammers.
You may think that spammers send you their spam because they are trying to sell you something, and that you outsmart them by filtering their spam out, or by recognizing it and refusing on principle to buy from them (if perhaps they are selling something you wanted).
Spammers are not sending their spam to you. They are sending to someone else who will never learn and will buy whatever they are selling. The fact that you are getting spam is a side-effect. If they could avoid sending it to you at a reasonable cost to them they would not send it because they never meant to send you email. However, since they happen not to know the eamil address of their customer (that someone else that is not you that is the intended spam recipient) it is more cost effective for them to issue instructions that deposit a copy of their message in every existing mailbox, and since they don't know what mailboxes exist, it is easier for them to issue routing instructions that route their message to every known string that contain an "@" sign. Some of those strings are working routing instructions, and some of those routing instructions are instructions that deposit email messages in mailboxes, and a few of those mailboxes happen to be the mailboxes of their customers, that could have been located by the old fashion way of market reasearch, but the old fashioned way was replaced by the modern more cost effective way of stealing computer and network resources and using them to issue routing instructions to every string that contains an "@" sign.
Now there's a faults in this new method: there are lots of side effects (like you getting a copy of this message. Like bounces prodiced from routing instructions that failed to work etc.) Spammers cannot deal with the consequences of all these faults. Their resources can deal with the few customers they really did try to contact. Luckily for them they don't have to deal with the consequences, because you actually don't respond to their messages in the same way that a real customer would, and as their real customers are distinguishable from side effects they only have to locate the resources to serve their intended customers.
No matter how much people will be educated about not dealing with spammers, spam would remain effective, perhaps even more effective. There will always remain a small percentage that would still make money for the spammers, and these are the real recipients of spam. The mistake in believing that educating people would starve spammers is in actually believing that the millions of spam recipients play any role in the spammers' business model. They don't! They are side effects, and they are actually helping spammers by spending lots of money to filter spam so it only goes to the spammers intended audience. If you want to really hurt the spammer's business model, you have to stop being a side effect, and join the spammer's audience. You have to respond to spam in a way that indistiguishable from real responses from interested customers. You have to make them have to serve you the same way they do serve those real customers of them but withoutproviding them with any real valuse. That would increase their costs top the point where thei business fails. You have to fill their contact forms with info that is indistinguishable from real interested customers' info (until manual contact is made and fails). You have to fill their purchase forms with info that is indistiguiahble from real purchase info (until the point when the credit card company says the cc number doesn't match the billing address/name). The only way to hurt spam is to cause spammers to have real extra costs. And the only way this can work is by real people who aer not their intended audiences posing as real customers and require service but creating no revenue.
That of course doesn't deal with all kinds of spam. That kind of image spam that recommends petty stocks has no contact info. And some people that "fall for it" actually make a profit (
> ... the only program I ever had to install by hand was ies4lin.
:-(
Wow!, now how did you know you need to run "dfs3dse". Oops, sorry, it was "ies4lin". How did you know this?
I really wish I could use Linux. Well, I managed to use it a little bit, but not in a very useful way. After Mandrake 9 failed to install completely leaving me with the task of providing a graphics driver for my very common ATI card from 1998 that it could not provide, and leaving me with a text only interface but with no instructions on how to proceed from there (and no instructions on how to just make it use a standard vga driver like win98 did on the same PC until the manufacturer's driver was installed from CD), I tried Knoppix 3.7 which worked slowly but provided some functionality. Then Knoppix 3.9 failed to work on the same PC. Then I tried Ubuntu that came nicely and showed a blank screen that reminded me of why I stopped using university UNIX in the late 20th century and intead brought my own private laptop with win98. It was because of the way UNIX provides info to users: everything is documented. In the most sensible way. Alphabetically. I can find anything I want. Like I could just type "man ies4lin" and I would get all the info on it. EVERYTHING! Every little options, all conveniently listed alphabetically. I just have to scroll down to the option I want to know about. Now how do I know what I want to know about? Well, I thought I could just install some standard distribution, start using it and learn along the way, but I tried several times and it didn't work out
Not that I know nothing about computers. I can read email headers and I can read RFCs. I can write html and css and a little javascript. I know enough to use WinXP under a non-admin account and behind a hardware linux based firewall (that a student of mine installed for me). I did a lot of fortran programming in the past, and used Unix for many years (but someone else maintained it). I still wasn't able to install a single distro in spite of trying several times, and I don't believe someone without any computer experience can. And even when I could run a live CD distribution getting help on trivial things like keyboard shortcuts was very difficult. Usually you need to know the name of an app that does something to find out how to do it.
I still want to use Linux. I just don't seem to be able to get to the starting point where I can start learning while doing some real work.
Spammers rely on you not getting back to them if you don't want what they sell. They send to millions but can only handle so many hundred responses. They are successful because we help them by not replying. Only those that are actually interested in doing business with them contact them.
If a small percetage of those that are not interested call back and express interest (that would not result in a purchase) their business concept collapses.
So go back to the spammers, fill their contact forms with bogus information. Order their stuff with fake CC numbers and fake contact info. Just spam them. Drown them in info they don't need! Make them call back thousands of phone numbers to find out the few who really wanted them to call back!
Their have been attempts to get back at spammers. These have mostly been automated systems that spammers could learn to circumvent or attack back. To really hurt spammers they need to be drowned in real responses from real people that are undistinguishable from real customers.
It can be effective with some sorts of spam, not all (such as not with the spam that encourages buying certain stocks) but it is important to make this particular spam fail, and leave spam to only illegitimate purposes that don't need you to contact them.
I have been feeding some spammers' contact forms with fake phone numbers *actually real phone numbers that I collected from other spammers contact info, why not have them phone each otehr...) It seems to have some effect, as they seem to have added now more rigourous checks on their forms (easily avoided using javascript:document.forms[0].submit()).
SPF certainly cannot stop botnets. It's trivial to setup dummy domains with SPF records that allow sending from your botnet, and it's very cheap to register new domains everyday if you use stolen cerdit card info.
g +hosting-to spammers. I've made several complaints to several ISPs about PCs in their IP range sending out spam from domestic broadband connection, together with contact info (cellphone+promotional websites) of the spammer that sent the spam through their system, and the spammer is still free and continues to send spam that arrives from hundreds of PCs all around the world to my spamtraps. Only the ISPs can have positive evidence about PCs on their network being abused by spammers. I can only point out that one spammer sends email from residential IP spaces of many ISPs all around the world. The ISPs can monitor the known IP addresses (the ones I report to them) and provide law enforcement with positive evidence that the PC have been hijacked and how it is being used without the owner's permission. Apparently they have no interest in doing so. Spammers are selling their services openly and nobody wants to stop they. I asked a spammer for a quote and he got back to me from his ISP email address with a quote that included his street address and phone. It was a spammer that sent mail using botnet (as it seems from the "Received" headers on the spam I received that included the spammer's initial contact address). They're pretty sure nothing will happen for them, and they are making huge progress in selling their spamming services to "legit" businesses.
Botnets could be stopped if ISPs would have wanted to stop them, but then it's more profitable for ISPs to sell anti-spam+anti-virus+anti-spyware+contentfilterin
Gmail has previewers for M$ Office documents.
I ALWAYS use them for reading Office documents in incoming mail (I forward them to Gmail. Takes an extra 2 seconds).
Perhaps it's a good time for Google to make it work better. Like show images as an option.
What kind of exploit is this? If I run Word in a limited Windows account, am I not protected? (what if I create an account just for reading Office docs that cannot be trusted in the same environment as other things?)
The answer to the question "why do you believe 99% of of patents should not be valid?" is very simple: because there are too many of them!
The way the patent system was supposed to work and the way it did work many many many years ago when patent law were "invented" was that a reasonable number of patents were granted, where reasonable means that a developer in a field could invest reasonable time and keep current with new patents in her field. Can anybody do it nowadays with millions of patents written in a legal language developers don't use?
The name "patent" has some significance. Published patent grants should be seen by whoever work in the relevant field. The quantity and the quality of published patents in some fields today make patents irrelevant reading to developers. The fact that there's a relevant patent becomes known after the fact, and patents lose their aim of increasing human knowledge, as they are not worth the developer's time to read. So there's no benefit to society from the patents (not all of them!) so society has no real interest in granting them.
Criteria and duration of patents should be made so that the numer of granted patents per field is reasonable and the duration of patents is comparable to the rate of progress in each field. We are not in the 18th century anymore!
> Was a portable device for email "bloody fucking obvious" in 1991?
Of course it was! Email travels on a higher level networking level and the kind of networking hardware in the lower level is irrelevant. It was obvious in 1991 that email can be used on any device that can be programmed and has a networking hardware component, and that is connected (not necessarilly all or most of the time) to a network. And it was obvious that mobile devices can be connected to a network. Does the the creation of a new technology for hardware connection necessiate clearing legal rights for using all kinds of protocols that can use the networking layers above it?
Anyway, I saw a working "portable device for email" in 1984. It was in the Israeli army. We had this sort of messaging system that could be used to send messages (with a subject line and list of recipients) to other users of other computers in the network. I don't know if the network was based on IP or if the transfer protocol was something like SMTP, but it really doesn't matter. It was an email system. It connected users on different kinds of devices (some used IBM-370 systems. SOme used VAX. I don't know every node of that network but there were CDC computers in some units so they probably also had access). Anyway, to the point: we had this drill that simulated a terrorist attack and one of the things I saw there was a mobile terminal of this system. So perhaps the device was not something you could fit in a pocket. But it was mobile, it used a wireless connection, and it provided email access in the mobile device (the device was probably a minicomputer+radio-telephone+generator on a 6x6 military truck, but I think this should not be relevant in determining that there were actual systems providing email access on a mobile device that predated 1991 by at least 7 years).
And imagine how many divorces would result if people told their spouses the truth, the whole truth, and nothing but the truth...
Many think of OSS as something created by hobbyists for fun and do not realize that many of those "volunteers" are fully employed programmers by companies like IBM, Novell, Sun, Red Hat, Oracle, etc. etc. etc. that have realized that they don't have to do EVERYTHING in house but they better cooperate on some things and compete on others. They invest by dedicating programming resources that the "contribute" to the public, but this is based on a business decision that it is more cost effective to share their resources with other companies and restrict competition to areas in which they are better than the others.
The consequence is that every major OSS software package undergoes the scrutiny of many of these companies that have to verify they are good enough to be bundled with their offerings, unlike closed source software that is only verified by whoever wrote it and sells it (that BTW has more interest in not letting the problems surface than in actually avoiding them).
You cannot trust a company's TOS for keeping your email address secret. Not everybody in the company is aware of everything in the TOS all the time, and most employees will not see any problem in sharing address lists. Then they can be given to someone that sends email on a company's behalf. Then they could be sold by an employee that has access to them. Then they can be harested by a technician that's repairing a computer...h p?s=&threadid=9008) that someone started after discovering that a company he trusted lost his email address to spammers. IMO the only conclusion that can be reached is that an email address that's out there would eventually be in the hand of spammers, so it's better to be ready in advance to change it.
About 4 years ago we had a discussion here (http://www.emailaddresses.com/forum/showthread.p
The only trustable parameter in SMTP is the recipient's address, and if you use your address space to distinguish between different senders or groups of senders then you can easily filter bad mail without affecting good mail.
I'm quite sure that "follow the money" was already used to catch spammers and other sorts of cyber criminals. This is one tactic among many that can lead to a real person responsible to sending the spam, and more importantly, to whatever illegal activity is involved in it. Sometimes the spam includes contact adress. Sometimes they lead to a website that sells something. Sometimes you can make an online purchase. Sometimes there's just a contact phone. A lot of the spam I get lately just leads to a webpage that collects your contact info and says they'll call back. (One way to fight spam might be to fill these forms with false information. I did several times leave the spammer's own cellphone number. If everyone responded by entering false infothe spam would be useless as amethod of advertising.)
Porn/Gambling advertised in spam do not worry me as much as "legit businesses" that hire spammers. It seems that spam is becoming acceptable as "legitimate" way to advertise. Legitimate businesses hire criminals to send spam on their behalf using forged headers and compromised PCs to send the stuff. Despite being warned about what is involved in sending their spam they rehired the spammers (meaning the spam campaign was successful, and the particular spammer charges about $1000 per million addresses with some discount for bigger orders). I follow one spammer here in Israel since they have started their operation 9 months ago. They send "only to local addresses" and I receive their spam at one ISP address that was never provided to anyone by me (i.e., it is known only to me and the ISP). Their operation is entirely based on using exploits to send and hosting "mini-sites" hosted in China. Only their main promotinal site that is used to market their own serviceis hosted locally (mailmedia.org). I received spam advertising several colleges, that are probably partially funded with government money. I received spam advertising courses leading to Microsoft sertified wahtever (MCSE, MCP etc.). I received spam advertising a TelAviv licensed stock broker. I complained to the Israel Securities Authority about the illegal way in which this member of the Tel-Aviv stock exchange is using to promote its business and the only reply I received is that they don't have anything to do about it but I might contact their ISP (which of course I did even before I approached the Securities Authority. So its OK for a member of the stock exchange to hire criminals. I saw several times spam athey send selling security products (locks, safes alarms), meaning people are willing to trust the security of their home or business with those that employ criminals. I saw spam advertising medical treatment (not viagra). I saw spam selling electrical appliances, computer hardware... All these are paying criminals to act for them illegally, and nobody is interested in stopping them. In fact they gain more and more customers, and their website is still hosted by the same company (barak013.net.il) that hosted their promotional website from the start, despite their knowlege of the illegal activity that is sold using that sight (I sent them lots of copies ofspamcop reports, and I sent the abuse teams of all the ISPs in Israel a detailed account of what this spammer does, including using compromised PCs within some of the Israeli ISPs to send their spam).
This is very bad. real criminal spammers getting paid from real mainstream advertising budgets so they steal resources from others is very bad.
There are plenty of aspects of what spammers do that are clearly criminal activities, and the only reason I see that these are not used to put spammers in jail is that nobody is interested. Perhaps ISPs make more money by selling spam filtering services than what they can save by redusing the amount of spam sent.
Spammers use trojan horses to take over PCs that are then used to send spam using the network resources of the victim's upstream provider. Spammer's send email using forged identities. You don't need a definition of "what constitutes spam" to understand that all these are crimes: breaking into computers, stealing network resources using these methods, all kinds of identity theft etc.
There is plenty of evidence that can be used to link actual people to these crimes. Each spammer sends out millions and millions of messages on behalf of each individual advertiser (I asked a spammer for a quote and the rate was about $1000/million addresses). My experience is that these almost always arrive from various consumer broadband or dialup connections all around the world. Cllecting enough of these would show that a spammer is not using her own computer to send. The next stage is to link the IP address on received headers in email with the actual compromised computer that was used to send them, so that a link is established between a particular spam run and a computer known to be infected and made part of a botnet controlled by the sender of the spam run. Once a you have such a PC you can analyze the traffic it gets. That would link back to whoever controls it, but probably not in a way useful to catching the person involved. However, it would show that the sender is actually using the compromised machine, and would show the content of the spam pumped through it at least in fragmented ways (though I guess if the compromised machine is using SMTP to send out spam it shouldn't be too hard to get the the complete spam messages it sends, such as by intercepting the outgoing traffic to port 25). Sometimes the spam messages would contain info leading to the spammer itself (the spammers I've been following lately always include a link to their own promotional page that offers their services for sale). If it doesn't then it has the contact details or some identifying details of the advertisers. The advertisers can lead to the criminals (actually the advertisers are criminals themselves. They paid the spammers to break into other people's PCs and send their ads. They paid the spammers to send email on their behalf posing as other people (forging sender's identity). If you hire someone to commit a crime in your name you are commiting the crime. Buying stolen goods is not legal. Especially not if you order the merchandise that is then being stolen for you Advertisers should realize that there are risks involved in dealing with organized crime. If they order a service they are responsible and should verify that it is conducted legally, or else they might spend time in jail.).
So there needs to be some coordinated effort to collect this evidence and organize it in a way that can be used to convict the criminals that commit these crimes. Including those that hire them. There needs to be a way to contact these people who have infected PCs and obtain useful information showing who is using them and what they are being used for.
One problem with law enforcement is that usually it is required that someone would actually approach law enforcement with a complaint. If there is a crime then there is a victim, and the victim should complain (well... if the victim takes the form of a corpse then the complaint is implied, in a way). The problem with crime on the internet is that often the damage is distributed among millions of victims, and no single victim is harmed in a way that makes the hassle of trying to convince law enforcement that a crime was commited worthwhile. If you put your small change on a table and someone grabs a quarter and runs away, then you're not going to the police to file a complaint. It's not
If you give an email address to anyone it means you agree to them and others sending you email to that address as long as the address accepts email (unless they explicitly agreed not to). If you don't want to get email from them you just have to stop receiving email at the address you gave them. RBLs will not stop the email from sources that you gave an email address to and don't want to send you email anymore (unless you run your own RBL of these sources).
The fact that you give someone you don't trust an address you cannot easily block is not a reason to change the entire infrastructure of the email system and start billing senders per message (actually taxing them since it would not be proportionate to the cost of the service provided).
The kind of spam you describe (losing control of your email address because YOU were spreading it to all kinds of untrustable parties) is easily avoidable. Go to spamgourmet.com and learn how. Then google for "disposable email addresses" and learn more. It would not avoid all risks of spam but it would put you in control.
The real solution to spam is to put the spammers in jail (let's junk mail -> munk jail)
> ... they're perfectly likely to get hit ...
> before update can protect them
They are perfectly likely to not get any update at all.
I have a Pentium 500MHz machine I bought 8 years ago + an original WIN98 disk that came with it. This machine is not really able to run XP (and the copy of WIN98 I have is perfectly legal. Getting a legal copy of XP would cost me money I do not want to spend).
Anyway: I can install Win98 from the disk. Then I can try to get to Windows Update. The last time I did it (a couple of years ago I think) it first wanted me to upgrade IE because IE4 that came on the disk was not good enough for Windows unpdate. Then it only let me install IE6 but no IE5 or 5.5 available (IE6 is a bit heavy for that machine) and finally after installing a newer IE it told me that I cannot get updates through windows update, but instead I should download all the patches since 1998 manually and install them one by one. I even conatacted M$ support on the phone about this (and surprisingly they did have me on record and gave me my customer's ID #) but there was no other way. They did send me an XP trial disk, though, that I never used because it said I would have to reinstall the system after the trial period is over.
So for MicroSoft stopping support for WIN98 didn't mean not providing any more update after a certain date, but rather removing all the past updates and disabling the automatic update feature. I would at least have expected them to collect all updates and make them available as a single file to allow anyone that reinstalls the OS to bring it to the most updated state available, but they didn't. Instead they made sure that anyone that is not an expert would be using the original unpatched version.
So you have many WIN98 machines operating, many because they are not strong enough for a newer OS, and if they ever reinstall they revert to an unpatched version.
(I know I can install LINUX. I have a knoppix 3.7 disk that runs on that machine though it is very slow. knoppix 3.9 fails on that machine. I tried installing Mandrake 9 a very long time ago and it insisting on not running in graphics mode and complained about my very common ATI card, and I tried Ubuntu that loaded and showed a blank screen. I still hope to run Linix sometime, but I first need something that installs and runs and only thenI can start learning how to fix things).
I did use their contact form and put this:
Thank you for bringing up the Spamhaus BL issue.
It would teach the public that blocking spammers
is not an effective way to avoid spam.
Putting you all in jail would be much more efective!
Their response was:
Thank you for your interest in e360insight.com.
An e360insight.com representative will be in touch
with you shortly.
(actually their first response was that the email address I put in was invalid. It was valid, but they truncated it. So I had to truncate it to fit in. That limits the amount of info I can store in that spamtrap.)
> ... distributing the list with the explicit instructions ...
> that it is not intended to be used to block spam
That's exactly what SpamCop says (or used to say) on their faq.
In that case because it is really not suitable as the sole criterion to blocking spam (they recommend using it as one factor in a more complete slution like SpamAssassin, but people still use it to block spam).
However, in the Spamhaus case, at least XBL is certainly intended for blocking spam.
If no bounce message was created it means the email message was completely received at the recipient's MX (that is the recipient's SMTP server issued a "250 OK" in response to end of data, and this means the email message was fuly received and is stored on that server).
So if anyone complains about not receiving the email you sent them, tell them the truth: the email was delivered and received by their email hosting service. For some reason their email provider that had the email message has not delivered it to their mailbox. If it bothers them they can contact their email provider about it.
You might want to post a copy of your mail message on a website (perhaps password protected) so that those of your members that choose to use an email service that censors their mail would be able to read the announcements there.
I had a student that emailed me a day before an exam and asked for sample exams. I tried to send her and it kept bouncing. So she had to study without those sample exams. It is the recipeient's choice whether to receive their email or not, and if they wish to delegate the responsibility to an incompetent email operator there's a price associated with this.
> ... and rather than being forced to carry the spam, the bounce,
> the report that the bounce failed, and the continuing message
> failure notices, it's much easier to just ignore the message
> in the first place.
All that's needed to bounce a message is to issue a 550 SMTP error code, or to just drop the connection. No need to "carry the spam, the bounce, the report that the bounce failed..."
What Hotmail really does is accept the email, send an OK that says it was accepted for delivery to the recipient, and then drop the message anyway without informing anyone. This completely breaks the email system's built in reliability by giving a false acknowlegement of receipt to the sender. Deleting mail without reading it should be done only by the end user (manually or automatically).
Anyway, Hotmail is not a real email provider. It is a tool to drive traffic to MSN and to promote its brand. People that really need to receive all their incoming email shouldn't use Hotmail, and it is not reliable as an email receiving service.
I liked Maple when I could use it on the University computers. It is not free, however (though can be hacked).
Maxima is an Open Source computer algebra system that can do most of what students need and is free.
Just as the US cannot regulate gambling outside its borders, it cannot regulate financial services outside its borders (or can it???)
So now there are new opportunities to get American money: American gamblers would need a non-US credit card number so they can use it on gambling sites. There's a whole world outside the US and there will be those that are willing to adopt US gamblers that need a midleman that their US financial institution is allowed to transfer funds to...
They should name it "The Internet" and if that's already taken then perhaps "Linternet".
If the ISPs can ask Google to pay them to not slow down their packets on the way to Google's users (prefered delivery), so can Google charge the ISPs to not slow down it's response times to those ISPs' customers.
Google used to display response times on it's searches in the early days. It can go back to this practice and link to an explanation on why the response time to your searches/Gmail/calendar/spreadsheet/whatever is lower than others and to statistics on which ISPs have better response times with Google. In a world where connectivity providers assign different priorities to different websites, websites could just send point users that have slow response times to their ISP's support:
FAQ
Q: Why is the response time to your website so slow?
A: Some ISPs limit or slow down access to some website.
You should check with your ISP if they give different
priorities to different websites. Ask them to not
limit access to access to websites you use. If they
do limit access to your prefered websites you might
consider changng your provider.
The telcos/ISPs sort of try to make the internet into something like a cable TV system where their customers get the limited content from providers they have deals with. They seem to forget that in this model it is the intermediary that pays the content provider and not vice versa.
They need a PARENT to encourage them ...
They need the right environment at home.
And they don't need competing forms of passive entertainment (TV).
Don't expect the school system to do it for you.
My 11 years old son Daniel programs using a variety of tools and has been doing so for a couple of years already (Visual basic, a variety of flavors of Logo, Game Maker. I'll let /.ers find out what he's using in this photo). He also does other creative things like creating scenes and animations using Art of Illusion - this also involves kind of programming, like creating procedural textures/materials. He learns some math/geometry doing this, since his programming experience drives him to manipulate the data (coordinates) directly to get exact results. He also learns some physics for getting the right results, like making gravitation work close to correct in this game (/.ers should be able to tell what link is the game. Hint: the file extension is .exe*). (well... It not just parent encouragement. After school activity played an important role. School only taught him to use the computer as a typewriter).
His 5 year old brother Jonatan already learned to do some "visual programming" using Game Maker, producing working games (though still not one another kid would want to play with. He does get useful things produced this way: Birthday "greeting cards" that can only be made using programming). The need to do everything that his big brother does is enough motivation.
___________________________
* I thought that the game should really be open sourced (or "free-softwared") but the Game Maker "sources" (.gm6 files) are actually binary, and though the license allows distribution of the created games, it's not clear to me how exactly it can be done with an Open source or CC license. Compiling the "sources" requires (gratis) proprietary software.
** comments, and suggestions of useful software that can encourage kids to becreative are welcome.
Didn't Mark Twain patent this business method?
About 8 years ago I got this phone call that said they are a security team on behalf of the issuer of my credit card, and they are verifying the card. They told me the card number and wanted that I verify it by supplying the 3 digit security code. I told the lady there's no way she's getting this code and if the bank wants to ask me something they can contact me. She insisted that I must give her my code and I refused and told her she was lying. In that case the credit card was one issued by an Israeli bank. I was in Detroit and the call was inside the US. I did not give my number in Detroit to my Israeli bank. So it was certainly fraud.
This year I was contacted by cellphone in Israel by the VISA security department. They told me there were some unusual charges in my VISA card (issued in Isreal), and asked if I made them. They then asked if I want to block the card immediately and I agreed. They did it immediately, and the fraudsters still got to charge almost $10,000 (I got every penny back + interest. The charges were made to some gaming website registered in Hong-Kong and some Paypal accounts with chinese sounding names).
I also got an email from my bank this year that was caught by FastMail.FM's phishing detector (URL shown in link is not in the same domain as URL in HREF attribute). The email was really from the bank: it was sent to a SneakEmail.com address that only I, my bank and SneakEmail know about. I can tell what email is sent from my bank and what is not because I dedicated an email address for that purpose. That's what people should do when they provide an email address, and banks should encourage it. However, banks are content to just insure themselves against fraud and cover their costs by charging their customars, and ISPs do not want their users to know that they can provide countless amounts of email addresses per customer at no cost. Their strategy is based on getting the customer hooked by their precious email address they got from their ISP, and ISPs want them to believe that an email address is a scarce resource that's hard to replace.
Avoiding phishing is easy for those who prepare.