firstly you NEVER type your password into anothers site with openid
you type your openid into their site {then you are re-directed to your openid providers login page, ONLY IF NOT ALREADY LOGGED INTO YOUR OPENID } then you are asked by your openID provider {on their site} do you wish to authorise the remote site to verify your identity {this time, always, not this time, never} then you {and the result} are passed back to the openID enabled site that redirected you to YOUR OWN provier
any other implementation IS NOT OPENID its phishing
as their certs are free some people do user them to demo systems like www.test34.example.tld and when done revoke them
{i know i use them for public beta's of ssl based systems before they get re-certed by the end-customer and used live}
like during the look/feel testing and the development}
so could easily see many revocations due to this
A add the forwarded address to your list of allowed from addresses via
http://mail.google.com/support/bin/answer.py?hl=en_GB&ctx=mail&answer=22370 instructions here
but it is criminal that they discard without an inline reject, its another case of google mail being the most antisocial of mail providers
I'd suggest voting with your feet and leaving them to their 95% spammer userbase {after telling them why your moving}
as A they inline reject nothing {as far as i can see}
B they allow anything and everything out {thus 90% of smtp traffic we see from google gets inline rejected due to bad content}
C they seem to not remove the spammers or react to the amount of bounces a user generates
if the trojan {botnet-client} can have its update ability compromised
"update" the trojan with a executable that first simply finds the desktop {all users version} and adds a txt file titled "you were infected, read for details.txt"
saying what they were infected how it was removed and offering urls of sites they can consult to verify the details and add software to reduce their future infection risk
and secondly replaces the running version of the trojan with an exe that simply does nothing and exits killing the infection without needing to remove the autorun lines from the registry, so little risk of error/crash
dmn filed to notice i wasn't logged in and failed to remember html dosn't like text wrapped in > <
err you fail to understand smtp, back of the class now!
bogus bounces, not auto respond, from <>
null sender to abuse@ which attempts to autorespond to <>
see's it can't and the loop stops simple really!
or the other way round
send mail to abuse from bogus
abuse autoresponds from to bogus from <bounce-##-#########@trakken.google.com>
bogus bounces message to <bounce-##-#########@trakken.google.com> from <>
loop stops and bogus is marked ignore for all future mails to abuse@
i think the author totally misses the point?
if your talking how do you restrict access by group/individual etc to the files this is a function of ther file-system used NOT DRM
pick a good filiing system and anyone can choose which users/groups they want to be allowed read/write/whatever access their files
{DRM is supposed to be a method of making a copy of a file useless to anyone but the intended reader or an uncopyable file,
this requires the creator and the reader use a file format that allows the creator to create a unique copy per reader and the reader being unable to alter the recieved copy, not much use for files in an office i'll bet!!}
thus each form of DRM needs a file creation tool and a file display tool and a secret algorithim for making it only possible to display it with the correct hidden key, open source solutions would therfore be improbable as the key/hash/function could be reverse engineered by reading the source}
seems to be i see frequent gets of/Horde and/horde against my server so i guess some bot is scanning for horde installs to compromise
{needless to say like/cgi-bin and many others if you try it in a url to my srvers your ip gets blacklisted so no content but 403 from then on}
"The article is so much FUD, but doesnt excuse having the db port open to the inet."
i dont't think the article is entirly fud as i have dealt with many clients who had their db port listening on their ip purely because the installers {application developers} never bothered to bind it to loopback so my estimate would be over 50% of the above mentioned open db servers WERE open and unaware, and it dosn't take too long to brute force the db {and unlike ssh ftp etc there are few with inbuilt reporting of attempted logins}
{mitigating circumstance, most had ip-tables blocking access to {non-explicitly allowed} publicly listening ports. but most regularilly turned off ip-tables when developing/testing new services}
binding the db porrt to loopback in all cases was a two second fix with zero impact on the webapp frontend.
{this is just my experience others may differ}
qmail gives the impression of security from a programatic standpoint, and was designed to be so.
but unfortunatly wasn't designed for or by someone who understood the security needs/wants of a mail administrator or how those may change.
otherwise it would never have been be one of the biggest contributers to backscatter {see end of http://en.wikipedia.org/wiki/Backscatter
also security is seldom achieved through feature stripping which appears to be the case
the fact it is still used by many non-proffessionals is a testiment more to its original and ongoing hype and buy-in to the myth by the uninformed
you obviously don't realize spammers don't spam through thier own isp's {unless total morons[who arn't the souce of the problem]}
they use their internet connections to remotely operate their bot-nets and have them send the spam/harvest the addresses etc
so yes by not disconnecting the criminal they ARE enabling the crime
same as by not cancelling spamvertised websites / e-mail addresses / domains used in spam/phishes/419 fraud etc they also are enabling the spammer to profit from illegal activity
>>The European results are skewed because they have far greater broadband penetration than the USA. >Are you going somewhere with this?
he's pointing out that bot infected-machine isnt directly related to rate of spam its actually 33.6*modem-users+128*isdn/slow-broadband-users+256 *fast-broadband-users is related to number of spams so a small number of spams from a country with much modem use means many more bot-infected pc's than the same number from a simmilarly populated contry where everyone is on broadband
"There are 11 types of people in the world, those who know binaries and those who don't."
i realy hope ths was typo as the quote/joke is wrong in so many ways
the correct one is know/uderstand are interchangeable but understand is the common one There are 10 types of people in the world, those who know/uderstand binary and those who don't.
as 11 == 3 thus makes the joke nonsense and binaries equally makes nonsense of the joke
people that don't need one as they have an old pc that works {and the millions that can't afford $280 that are taking the donated old pc's from those that buy new ones} and people like me that are happy to run a pentium-class with win98 as long as my e-mail and web and instant messaging still works} all currently chosed for their low memory footprint, and yes firefox is a bloat and i and the poor people i give free re-cycled pc's too would welcome a ff lite {currently to use some script heavy sites its faster for me to rdp to my workstation in my office to browse, rather than browse direct from this ageing laptop with old browser} but for 95% of sites its fine
>>When using the full upload bandwidth the connection becomes almost useless for downloading.
>You're an idiot.
actually the explanation above is generally correct {but not observably so on a well setup network}
as the effects of uplink saturation should be mitigated by intelligent queueing on the router {this is not always the case}
small packet & tcp sequence acknowledgments etc should get priority on a saturated link and icmp-slowdown-transmission-rate packets should be sent to the client pc causing uplink saturation,
but with badly configured routers/firewalls & badly configured "personal" firewalls and p2p clients on client pc's these messages often do not get through, or are not watched-for/implemented by the client application
better yet turn it round and block all the port 25 outbound traffic spewing from your infected machines, bot-neted and owned and trying to overload my mail servers with spam
sorry i think you'll find your incorrect, cuba is an oppressed state not due to its {largely benevolent} dictator but due to an illegal american embargo and blockade stopping it trading with any nearby country {any country doing trade with it is subjected to the same restrictions, unless they are large enough to not be aftraid of american reprisals eg. canada} america is not in the buisness of stopping oppressive dictators {it supports many in south america} its in the buisness of subverting nation-states of their right to choose the economic system they use {ie they don't care what sort of government as long as resources arn't nationalised so american companies can buy them from the natives}
to the ppl out there with 'closed source win NT mailservers' we get round this problem by using a upstream non-open relay server in out mx records {provided by the isp} and block inbound smtp at the router <except from the upstream relay> tada! we're removed from orbs cos spammers can't use us anymore!
Slashdot Mirror
firstly you NEVER type your password into anothers site with openid
you type your openid into their site
{then you are re-directed to your openid providers login page, ONLY IF NOT ALREADY LOGGED INTO YOUR OPENID }
then you are asked by your openID provider {on their site} do you wish to authorise the remote site to verify your identity {this time, always, not this time, never}
then you {and the result} are passed back to the openID enabled site that redirected you to YOUR OWN provier
any other implementation IS NOT OPENID its phishing
as their certs are free some people do user them to demo systems like www.test34.example.tld and when done revoke them {i know i use them for public beta's of ssl based systems before they get re-certed by the end-customer and used live} like during the look/feel testing and the development} so could easily see many revocations due to this
A add the forwarded address to your list of allowed from addresses via http://mail.google.com/support/bin/answer.py?hl=en_GB&ctx=mail&answer=22370 instructions here but it is criminal that they discard without an inline reject, its another case of google mail being the most antisocial of mail providers I'd suggest voting with your feet and leaving them to their 95% spammer userbase {after telling them why your moving} as A they inline reject nothing {as far as i can see} B they allow anything and everything out {thus 90% of smtp traffic we see from google gets inline rejected due to bad content} C they seem to not remove the spammers or react to the amount of bounces a user generates
if the trojan {botnet-client} can have its update ability compromised "update" the trojan with a executable that first simply finds the desktop {all users version} and adds a txt file titled "you were infected, read for details.txt" saying what they were infected how it was removed and offering urls of sites they can consult to verify the details and add software to reduce their future infection risk and secondly replaces the running version of the trojan with an exe that simply does nothing and exits killing the infection without needing to remove the autorun lines from the registry, so little risk of error/crash
dmn filed to notice i wasn't logged in and failed to remember html dosn't like text wrapped in > <
err you fail to understand smtp, back of the class now!
bogus bounces, not auto respond, from <>
null sender to abuse@ which attempts to autorespond to <>
see's it can't and the loop stops simple really!
or the other way round
send mail to abuse from bogus
abuse autoresponds from to bogus from <bounce-##-#########@trakken.google.com>
bogus bounces message to <bounce-##-#########@trakken.google.com> from <>
loop stops and bogus is marked ignore for all future mails to abuse@
i think the author totally misses the point? if your talking how do you restrict access by group/individual etc to the files this is a function of ther file-system used NOT DRM pick a good filiing system and anyone can choose which users/groups they want to be allowed read/write/whatever access their files {DRM is supposed to be a method of making a copy of a file useless to anyone but the intended reader or an uncopyable file, this requires the creator and the reader use a file format that allows the creator to create a unique copy per reader and the reader being unable to alter the recieved copy, not much use for files in an office i'll bet!!} thus each form of DRM needs a file creation tool and a file display tool and a secret algorithim for making it only possible to display it with the correct hidden key, open source solutions would therfore be improbable as the key/hash/function could be reverse engineered by reading the source}
seems to be i see frequent gets of /Horde and /horde against my server so i guess some bot is scanning for horde installs to compromise
{needless to say like /cgi-bin and many others if you try it in a url to my srvers your ip gets blacklisted so no content but 403 from then on}
"The article is so much FUD, but doesnt excuse having the db port open to the inet." i dont't think the article is entirly fud as i have dealt with many clients who had their db port listening on their ip purely because the installers {application developers} never bothered to bind it to loopback so my estimate would be over 50% of the above mentioned open db servers WERE open and unaware, and it dosn't take too long to brute force the db {and unlike ssh ftp etc there are few with inbuilt reporting of attempted logins} {mitigating circumstance, most had ip-tables blocking access to {non-explicitly allowed} publicly listening ports. but most regularilly turned off ip-tables when developing/testing new services} binding the db porrt to loopback in all cases was a two second fix with zero impact on the webapp frontend. {this is just my experience others may differ}
qmail gives the impression of security from a programatic standpoint, and was designed to be so. but unfortunatly wasn't designed for or by someone who understood the security needs/wants of a mail administrator or how those may change. otherwise it would never have been be one of the biggest contributers to backscatter {see end of http://en.wikipedia.org/wiki/Backscatter also security is seldom achieved through feature stripping which appears to be the case the fact it is still used by many non-proffessionals is a testiment more to its original and ongoing hype and buy-in to the myth by the uninformed
good for them
you obviously don't realize spammers don't spam through thier own isp's
{unless total morons[who arn't the souce of the problem]}
they use their internet connections to remotely operate their bot-nets and have them send the spam/harvest the addresses etc
so yes by not disconnecting the criminal they ARE enabling the crime
same as by not cancelling spamvertised websites / e-mail addresses / domains used in spam/phishes/419 fraud etc they also are enabling the spammer to profit from illegal activity
>>The European results are skewed because they have far greater broadband penetration than the USA.
6 *fast-broadband-users is related to number of spams
>Are you going somewhere with this?
he's pointing out that bot infected-machine isnt directly related to rate of spam
its actually 33.6*modem-users+128*isdn/slow-broadband-users+25
so a small number of spams from a country with much modem use means many more bot-infected pc's than the same number from a simmilarly populated contry where everyone is on broadband
simple maths really
"There are 11 types of people in the world, those who know binaries and those who don't."
i realy hope ths was typo as the quote/joke is wrong in so many ways
the correct one is know/uderstand are interchangeable but understand is the common one
There are 10 types of people in the world, those who know/uderstand binary and those who don't.
as 11 == 3 thus makes the joke nonsense
and binaries equally makes nonsense of the joke
people that don't need one as they have an old pc that works
{and the millions that can't afford $280 that are taking the donated old pc's from those that buy new ones}
and people like me that are happy to run a pentium-class with win98 as long as my e-mail and web and instant messaging still works}
all currently chosed for their low memory footprint, and yes firefox is a bloat and i and the poor people i give free re-cycled pc's too would welcome a ff lite
{currently to use some script heavy sites its faster for me to rdp to my workstation in my office to browse, rather than browse direct from this ageing laptop with old browser}
but for 95% of sites its fine
the first4 internet one was one of them
{and the worst}
the one in the article was another and only seemed to show up in the US
i assume first4 internet will be a seperate action in the UK
>>When using the full upload bandwidth the connection becomes almost useless for downloading.
>You're an idiot.
actually the explanation above is generally correct {but not observably so on a well setup network}
as the effects of uplink saturation should be mitigated by intelligent queueing on the router
{this is not always the case}
small packet & tcp sequence acknowledgments etc should get priority on a saturated link and icmp-slowdown-transmission-rate packets should be sent to the client pc causing uplink saturation,
but with badly configured routers/firewalls & badly configured "personal" firewalls and p2p clients on client pc's these messages often do not get through, or are not watched-for/implemented by the client application
>Mr. Jintao, tear down this (fire)wall!
better yet turn it round and block all the port 25 outbound traffic spewing from your infected machines, bot-neted and owned and trying to overload my mail servers with spam
thanks
sorry i think you'll find your incorrect, cuba is an oppressed state not due to its {largely benevolent} dictator but due to an illegal american embargo and blockade stopping it trading with any nearby country {any country doing trade with it is subjected to the same restrictions, unless they are large enough to not be aftraid of american reprisals eg. canada}
america is not in the buisness of stopping oppressive dictators {it supports many in south america} its in the buisness of subverting nation-states of their right to choose the economic system they use {ie they don't care what sort of government as long as resources arn't nationalised so american companies can buy them from the natives}
to the ppl out there with 'closed source win NT mailservers'
we get round this problem by using a upstream non-open relay server in out mx records {provided by the isp} and block inbound smtp at the router <except from the upstream relay> tada! we're removed from orbs cos spammers can't use us anymore!