Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About rooster

  • Rank
    Advanced Member
  1. rooster

    SORBS Absorbed by GFI

    http://www.securitypronews.com/insiderrepo...klistSORBS.html Other sources speculate that IF GFI re-markets/packages the service consistent with their current business model, it won't be free. There's a few comments/observation/opinions on Slashdot: too. http://it.slashdot.org/story/09/11/04/1572...y-Sold-For-451K
  2. rooster

    Spamhaus on "The Problem of Snowshoe spam"

    Just so; the difference is that you (rick) opt to register domains anonymously, and your reasons are presumably righteous. Such registrations don't default to anonymous. Your registrar (or even ISP) has the opportunity (obligation?) to verify contact info for legitimately 'protected' domain registrations. WRT your comment [at] ICANN, my researches suggest this verification process can be automated to handle/ confirm all but the really dedicated fraudsters. Those characters, such as those hunkering in China like <fedoqog dot cn>, won't pass muster in the auto-confirmation process. They, and those who naively flub the application process, can get passed on for human processing. If registrars revert to publishing whois info as default and providing an anonymous registration option, there won't be such a need for proxy registrations. I'd be very surprised if I've been the only one complaining to CIRA et al, CAUCE et al, and ICANN et al about this 'neo-whois' policy. Either those who have been advocating it haven't thought it through or there are actors behind the scenes who are playing them (and us) for fools; or both. Just today, 2 good reasons for tightening up domain registrations came across my desk. The first, by technology review cites the mebroot virus, and the second cites the phishing attempts against hotmail subscribers. The profitability of either of these attacks would be significantly reduced if it were harder for bad actors to get domains registered fraudulently. Info gathered by crooks has to have someplace (domain) to go where they can get it, and/or get paid. http://www.technologyreview.com/computing/23566/page1/ http://www.infopackets.com/news/security/2...f_passwords.htm
  3. rooster

    Spamhaus on "The Problem of Snowshoe spam"

    Wouldn't you know? This popped up on my NewsService a couple of minutes after posting the above. http://www.networkworld.com/news/2009/1002...ive-domain.html "ICANN studies secretive domain owners"
  4. rooster

    Spamhaus on "The Problem of Snowshoe spam"

    Miss Betsy also wrote: I'm hardly worthy to opine on what you've concluded from all your hard work and recherches. My background is Organizational Development & Design; not Information Technology. But as a dilettante desk topper and seeker of 'Einsicht', I labour under one superordinate fact that seems to be uncontested and that I don't think “... you can ignore...â€. The usurping of bandwidth, hardware and human resources by spammers approaches the GDP of some medium sized countries. The direct costs of spam to the subset of humanity you allude to (one of which is born every minute) is categorically different; although substantial. To my way of thinking, spam, by definition, is a function of/dependant on these usurpations. I don't want to read too much into what you wrote, but it almost appears you're seeing it the other way round; blaming the victims for the abuse of internet resources. Could you elaborate on these 'forcings'? I'm not clear as to who you want me to understand is under threat of being forced to submit to what, and to whom? I've read the posts up yours (Miss Betsy's) of Oct 10 2009, 04:41 AM. The focus here seems to be micromanaging spam at the end-user level or upstream (proxy) server level. 'Cognoscenti' such as y'all comprise an even smaller subset of end-users than the 'ignoranti' Miss Betsy points at. I'm hoping to move the narrative toward a more strategic overview. “Bottom up†management has never been a very successful management style, as you all well know. Smart asses (i.e., bottoms) don't make good decision makers or framers of policy. Superordinate goals & objectives tend to get sabotaged PDQ. WRT Google, Yahoo & etc., ...(Domain Keys and sophisticated filtering algorithms)... indeed these tools interrupt estimable amounts of e-traffic on their way to inboxes. Blessings be upon those who serve us well in contriving and implementing them. But they leave the door open still to evils such as bot infections, server compromises, and they haven't demonstrated any efficacy apropos overall usurpation of internet resources. I interpret the tendency to rely on these tools as reflecting a 'laisse faire' strategic approach to e-traffic. From an ODD perspective, this might equate an organization that devotes more of it's resources to it's legal department than on vending it's goods & services. What would our attitudes be about flying commercially if the airline industry spent more on lawyers than on air traffic control, pilot training and airplane maintenance? Self-regulating, like self-medicating, has limits. If there are toxic waste processing plants in your municipality spewing fumes to the 4 winds and spilling goo upside your garden gate, you have a legitimate interest in knowing who is running the dump. Retro-fitting our homes with Bucky Domes and shooing the kiddies off to 'kindergarten' in OshKosh B'Gosh or Buster Brown haz-mat gear... well; you get my drift...
  5. rooster

    Spamhaus on "The Problem of Snowshoe spam"

    Depends; the deontological aphorisms of Kant make you want to 'laufen' in front of 'der Autobus'. Whereas the 'zeitgeist' of Ebeling and Strübing is 'der Spritz'. ... “behaviourâ€: Skinner lives! 'Der Spalzen und der Witzen' aside, behavioural analysis of spam traffic at very low levels using the SWIP db (and/or unSWIP default) as the 'driver' is going to create false positives; methinks. Mortimer can only cover so much ground in a 'brief', and he predicates that the “sol'n is going to require many organizations and many people using a variety of approachesâ€. Strategy-wise, WAVT integrating the CSS initiative with the CBL, I'm sensing 'das Chaos und die Schweinerel', 'kaputenstrass'; ...already. whois records “...one anti-spam 'zealot' has been in trouble with 'the law...†Yes but; Zealotry however righteous. doesn't warrant gratuitous (unauthorized) privileges. Abuse by the goose is abuse by the gander. “whois†hosts all spell out acceptable terms of use/access. AFAICT, the ones I've actually taken time to read do balance registrants' need for protection against abuse with public need to make informed decisions. IIRC, exceptional access authorization (e.g. automated) for military, gov agencies & “institutions†is negotiable; eh? Oversubscribing to whoises has proven to be pretty easy to regulate and abuse of whois info gets traced back to the abuser on a fairly regular and timely basis. Or am I wrong? It's not that I depreciate the abuses that have occurred, it's just that I feel that they are being overstressed. If a domain holder wants/needs anonymity; fine. They can apply for and be given it with minimum folderol, but not NQA. On an exception basis affords whois admins a chance to run interference on illegitimate activities. My position is that domain registrations should not default to anonymity; is all. The obverse of e-traffic abuse might be stealing electricity from the grid or cable signal from your neighbour. Power and cable companies have the tools to detect abuses and the means to do something about it. Every legitimate user of these resources is registered. Usurpers can be identified PDQ. From a strategic overview, can you imagine what our bills would look like if these service providers let everyone's subscription/account default to fast-flux and anonymous accounts? Staggering! Yet that is what registering authorities and advisors to gov claim is the SOTA optimal business plan; one that adds value to finite resources. Ability to identify abuse(rs) should be a strategic 'sine qua non' WRT ISPs, Domain Registrars, Registering Authorities and Backbone Providers. I wouldn't be surprised if the failure to assimilate this simple strategy eventuates in undermining/depreciating the whole idea of the SPF Framework. But I've been wrong before. End-users are on the front lines when it comes to getting machine-gunned to death by spam. So why prevent the privates from scouting and reporting back to HQ as to who is shooting at them and where the pill boxes are? Speaking of "privates", leave it to an Aussi to bring penis size into it...
  6. rooster

    Spamhaus on "The Problem of Snowshoe spam"

    Did you learn to write like that from a book? And if you did, can I buy it somewhere? The CSS Project seems to rely on the Shared Whois Project (SWIP). Based on limited readings on that venture, I had more or less concluded some time ago DNS records maintained under the aegis of SWIP were unlikely to be reliable for all but superficial scouting of sources. If Spamhaus assays them gold, then I'll have to revisit the subject. Like you, not seeing a blip in my spam made me wonder just what was slipping through other folks' filters. I must confess, when I read Mortimer's abstract, I was wont to squint. You know, what your face does when you don't think you're getting it? Assimilating the RFCs pertaining to 'righteous' allocations, assignments or reassignments is for folks with longer brains than mine. Add to that the abuses, variables and vicissitudes of IN-ADDR.ARPA conventions as they now exist takes the matter into a realm nigh unto theoretical physics; ... or women. Point being, I reckon most end users would have a hard time differentiating between bot-spam and snowshoe spam based exclusively on the SWIP d/bs unless there is something peculiar about these iterations SH isn't making clear to 'day-trippers' like me. My observation on the alleged burgeoning Snowshoe subset is limited to simple raw data; the range of spam/week hitting my traps hasn't changed since Jan. this year. I'd be obliged to hear more from some SC 'longheads' on whether the CSS Project has real promise. My perceptions are almost certainly flawed, behind the times and of dubious relevance. I haven't spent much time on spam this year because I don't get enough anymore for it to be a problem. As I mentioned 'entre nous', 'if de dog don't bite, why be kickin' it'? I haven't even taken the time to update my HSQL dbs this year .. putting it off to Y/E when I can do a year's worth of analysis in the time it used to take to detail a couple of days'. Sweet! If only this were the case across the board. The “Issue†that sustains my interest in the CSS/SWIP Project(s) is the way our (Canadian) registries have come to be maintained. TMALSS, CIRA Domain Registration WHOIS records now default to anonymous. CIRA board members, and their 'alleged' advisors, maintain this protects registrants' privacy. Having spent many hours polling and canvassing input on this claim, I came to the firm conclusion the claim has not been substantiated. Something else is going on and whatever it is, it's not coming across to me as legit insofar as serving the public interest. Canada is not the only country to adopt this policy. In the context of the SH CSS list, there is also the issue of misconfigured DNS servers that, on the face of it, would significantly impair SWIP >> SH list reliability apropos Spamhaus' probity issues; which issues drive much of the criticism about SH's legitimacy. Running code against LACNIC servers for example turns up useless DNS MX, A & etc., records at a discouraging rate. How an MX or A record for example might end up associated with SH's list, and what it might signify, gives me pause to ponder. But SH has tools & strategies the likes of me can only dream about; so I'm biding chukkers on the sidelines astride my Shetland watching the upper-crust on Arabians join in elegant fray upon the pitch; so to speak. My issue, as it were, is that maintaining/enforcing current and reliable DNS records at all levels and facilitating public access to them suggests net benefits ('double entendre' intended) well in excess of the considerable costs and sacrifices involved. SH's CSS Project would seem to me to support that premise; ...or at least be consistent with it. I sincerely hope they run with it. Comparing and Contrasting: Governments and agencies around the world are cagey and conniving and adamant when it comes to their right of access to private e-traffic; contending that this rubric is to protect the public by identifying sources of ongoing crime, latent terrorism, and to gather probative evidence. Who and how far can they go is a proper subject for debate. In Canada, this is referred to as “the lawful access initiative.†http://www.michaelgeist.ca/content/view/4424/135/ The same governments and agents (including the above cited Michael Geist) have lobbied successfully for policies (Domain Registration Anonymity) whereby the public is denied the right to protect itself (think caveat emptor) by expunging (what should be) public records viz public conveyances (sources) on the internet, ... on the premise this is to protect privacy! How would the public react to a new gov policy saying, in the interest of privacy, airlines can register their fleets anonymously, denying the public access to info on who owns and who is flying their plane? But, and by the way, in another bill we authorize whomsoever we choose to depute to routinely interrogate passengers, scan their LT HDs, X-ray them right down to their skeletons, perform proctological exams, and pull up all manner of personal (private) info on them amassed in ginormous dbs from all over the planet whenever their mood is fit.
  7. FROM: "Announcing the Spamhaus CSS 2009-10-02 05:22 GMT" by Tom Mortimer http://www.spamhaus.org/news.lasso?article=646 I've been keeping a close watch on my 3 remaining spamtrap addies since my ISP subscribed to the Ironport filter(s) last January. I'm confident that the 'cited' Snowshoe shadenfreud have had no (as in zero) impact that I can detect.
  8. rooster

    Domain Tasting Not So Palatable

    Points well taken. I was remembering something I read on CastleCops a while back that 'suggested' (?) some cybercrooks were using "this sort of trick": ... sending out spam with links to sites that might only be up for a few days, the purpose of which was to get the recipient to d/l malicious code. Perhaps I was idealizing out loud, but if ICANN anti-tasting fees reduce the number of domain names in the reservoir, then spam filtering data bases would be easier to manage; no? "Crooked registrars..." yeah. That's why I appended the tag. Even legit registrars such as in Canada (CIRA) and the UK no longer have to publish contact info in their whoises anymore. ...my pet peave.
  9. http://arstechnica.com/web/news/2009/08/es...ashing-halt.ars By: John Timmer, August 13, 2009 Apart from the obvious benefits, I'm curious to see what effect this will have on those annoying DNS redirects from MS, Comcast, Earthlink & etc. Tag: ICANN Rule 4.2.5 Prohibitions on warehousing of or speculation in domain names by registries or registrars; http://www.icann.org/en/registrars/ra-agreement-17may01.htm
  10. After links to cybercrime, Latvian ISP is cut off http://www.networkworld.com/news/2009/0805...me-latvian.html Tags: Atrivo McColo 3FN
  11. rooster

    DNSstuff.com at the movies

    Not sure what you mean. I was thinking of: http://content.answers.com/main/content/wp...'s_2005.jpg Vancouverites would probably be the only ones cottoning on to the inference. Did you have something else in mind?
  12. rooster

    DNSstuff.com at the movies

    Would it be "guilding it" to attribute W's superhuman powers to posessing an indestructible hard drive that never "goes down"....? ...vulnerable only to occasional comic misadventures with a glitchy "Spell Check", and the threat of lethal exposure to "Flash Objects" of Dick Cheney in a thong...? Probably.
  13. rooster

    Please call 206 309 0336

    Just a "Thought in the Dark": is it feasible that "box" just collects numbers from Caller ID and then a "harvester" re-sells them? It would be an interesting list; withal;... a virtual directory of folks looking for fake documents, ...and like that. I know I'm not going to punch it up just to see if it actually does work; despite SMART Pages testimony contrariwise. Reiterating, it's a land line and The Seattle Telephone Company carrying that number should have some 'splainin' to do if it's still live after all the complaints and testimonials.
  14. rooster

    DNSstuff.com at the movies

    It could happen...? “Robocop 3, SPAMCOPâ€. Where a crazed superhero cybernaut roams the streets of Netropolis, (Netroit?) sniffing wifi connections and satellite uplinks as he wages pitched battle against the evil Dr. Spamenflinger and his legion of dystrophic Ubergoofen. He packs a Gammaray Gun that can fry a server bank at 1000 yds. right through brick walls and 2†of EMP Shielding. He destroys his captives by cramming Cialis (the good stuff) down their cake hole until they “beat†themselves to death in manic frenzy. City Hall beckons the “Composit Crusader†with an arc lamp that projects a huge capital “W†over the city. No one knows what/who the “W†stands for; ...well, almost no one.