Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by rooster

  1. http://www.securitypronews.com/insiderrepo...klistSORBS.html Other sources speculate that IF GFI re-markets/packages the service consistent with their current business model, it won't be free. There's a few comments/observation/opinions on Slashdot: too. http://it.slashdot.org/story/09/11/04/1572...y-Sold-For-451K
  2. Just so; the difference is that you (rick) opt to register domains anonymously, and your reasons are presumably righteous. Such registrations don't default to anonymous. Your registrar (or even ISP) has the opportunity (obligation?) to verify contact info for legitimately 'protected' domain registrations. WRT your comment [at] ICANN, my researches suggest this verification process can be automated to handle/ confirm all but the really dedicated fraudsters. Those characters, such as those hunkering in China like <fedoqog dot cn>, won't pass muster in the auto-confirmation process. They, and those who naively flub the application process, can get passed on for human processing. If registrars revert to publishing whois info as default and providing an anonymous registration option, there won't be such a need for proxy registrations. I'd be very surprised if I've been the only one complaining to CIRA et al, CAUCE et al, and ICANN et al about this 'neo-whois' policy. Either those who have been advocating it haven't thought it through or there are actors behind the scenes who are playing them (and us) for fools; or both. Just today, 2 good reasons for tightening up domain registrations came across my desk. The first, by technology review cites the mebroot virus, and the second cites the phishing attempts against hotmail subscribers. The profitability of either of these attacks would be significantly reduced if it were harder for bad actors to get domains registered fraudulently. Info gathered by crooks has to have someplace (domain) to go where they can get it, and/or get paid. http://www.technologyreview.com/computing/23566/page1/ http://www.infopackets.com/news/security/2...f_passwords.htm
  3. Wouldn't you know? This popped up on my NewsService a couple of minutes after posting the above. http://www.networkworld.com/news/2009/1002...ive-domain.html "ICANN studies secretive domain owners"
  4. Miss Betsy also wrote: I'm hardly worthy to opine on what you've concluded from all your hard work and recherches. My background is Organizational Development & Design; not Information Technology. But as a dilettante desk topper and seeker of 'Einsicht', I labour under one superordinate fact that seems to be uncontested and that I don't think “... you can ignore...â€. The usurping of bandwidth, hardware and human resources by spammers approaches the GDP of some medium sized countries. The direct costs of spam to the subset of humanity you allude to (one of which is born every minute) is categorically different; although substantial. To my way of thinking, spam, by definition, is a function of/dependant on these usurpations. I don't want to read too much into what you wrote, but it almost appears you're seeing it the other way round; blaming the victims for the abuse of internet resources. Could you elaborate on these 'forcings'? I'm not clear as to who you want me to understand is under threat of being forced to submit to what, and to whom? I've read the posts up yours (Miss Betsy's) of Oct 10 2009, 04:41 AM. The focus here seems to be micromanaging spam at the end-user level or upstream (proxy) server level. 'Cognoscenti' such as y'all comprise an even smaller subset of end-users than the 'ignoranti' Miss Betsy points at. I'm hoping to move the narrative toward a more strategic overview. “Bottom up†management has never been a very successful management style, as you all well know. Smart asses (i.e., bottoms) don't make good decision makers or framers of policy. Superordinate goals & objectives tend to get sabotaged PDQ. WRT Google, Yahoo & etc., ...(Domain Keys and sophisticated filtering algorithms)... indeed these tools interrupt estimable amounts of e-traffic on their way to inboxes. Blessings be upon those who serve us well in contriving and implementing them. But they leave the door open still to evils such as bot infections, server compromises, and they haven't demonstrated any efficacy apropos overall usurpation of internet resources. I interpret the tendency to rely on these tools as reflecting a 'laisse faire' strategic approach to e-traffic. From an ODD perspective, this might equate an organization that devotes more of it's resources to it's legal department than on vending it's goods & services. What would our attitudes be about flying commercially if the airline industry spent more on lawyers than on air traffic control, pilot training and airplane maintenance? Self-regulating, like self-medicating, has limits. If there are toxic waste processing plants in your municipality spewing fumes to the 4 winds and spilling goo upside your garden gate, you have a legitimate interest in knowing who is running the dump. Retro-fitting our homes with Bucky Domes and shooing the kiddies off to 'kindergarten' in OshKosh B'Gosh or Buster Brown haz-mat gear... well; you get my drift...
  5. Depends; the deontological aphorisms of Kant make you want to 'laufen' in front of 'der Autobus'. Whereas the 'zeitgeist' of Ebeling and Strübing is 'der Spritz'. ... “behaviourâ€: Skinner lives! 'Der Spalzen und der Witzen' aside, behavioural analysis of spam traffic at very low levels using the SWIP db (and/or unSWIP default) as the 'driver' is going to create false positives; methinks. Mortimer can only cover so much ground in a 'brief', and he predicates that the “sol'n is going to require many organizations and many people using a variety of approachesâ€. Strategy-wise, WAVT integrating the CSS initiative with the CBL, I'm sensing 'das Chaos und die Schweinerel', 'kaputenstrass'; ...already. whois records “...one anti-spam 'zealot' has been in trouble with 'the law...†Yes but; Zealotry however righteous. doesn't warrant gratuitous (unauthorized) privileges. Abuse by the goose is abuse by the gander. “whois†hosts all spell out acceptable terms of use/access. AFAICT, the ones I've actually taken time to read do balance registrants' need for protection against abuse with public need to make informed decisions. IIRC, exceptional access authorization (e.g. automated) for military, gov agencies & “institutions†is negotiable; eh? Oversubscribing to whoises has proven to be pretty easy to regulate and abuse of whois info gets traced back to the abuser on a fairly regular and timely basis. Or am I wrong? It's not that I depreciate the abuses that have occurred, it's just that I feel that they are being overstressed. If a domain holder wants/needs anonymity; fine. They can apply for and be given it with minimum folderol, but not NQA. On an exception basis affords whois admins a chance to run interference on illegitimate activities. My position is that domain registrations should not default to anonymity; is all. The obverse of e-traffic abuse might be stealing electricity from the grid or cable signal from your neighbour. Power and cable companies have the tools to detect abuses and the means to do something about it. Every legitimate user of these resources is registered. Usurpers can be identified PDQ. From a strategic overview, can you imagine what our bills would look like if these service providers let everyone's subscription/account default to fast-flux and anonymous accounts? Staggering! Yet that is what registering authorities and advisors to gov claim is the SOTA optimal business plan; one that adds value to finite resources. Ability to identify abuse(rs) should be a strategic 'sine qua non' WRT ISPs, Domain Registrars, Registering Authorities and Backbone Providers. I wouldn't be surprised if the failure to assimilate this simple strategy eventuates in undermining/depreciating the whole idea of the SPF Framework. But I've been wrong before. End-users are on the front lines when it comes to getting machine-gunned to death by spam. So why prevent the privates from scouting and reporting back to HQ as to who is shooting at them and where the pill boxes are? Speaking of "privates", leave it to an Aussi to bring penis size into it...
  6. Did you learn to write like that from a book? And if you did, can I buy it somewhere? The CSS Project seems to rely on the Shared Whois Project (SWIP). Based on limited readings on that venture, I had more or less concluded some time ago DNS records maintained under the aegis of SWIP were unlikely to be reliable for all but superficial scouting of sources. If Spamhaus assays them gold, then I'll have to revisit the subject. Like you, not seeing a blip in my spam made me wonder just what was slipping through other folks' filters. I must confess, when I read Mortimer's abstract, I was wont to squint. You know, what your face does when you don't think you're getting it? Assimilating the RFCs pertaining to 'righteous' allocations, assignments or reassignments is for folks with longer brains than mine. Add to that the abuses, variables and vicissitudes of IN-ADDR.ARPA conventions as they now exist takes the matter into a realm nigh unto theoretical physics; ... or women. Point being, I reckon most end users would have a hard time differentiating between bot-spam and snowshoe spam based exclusively on the SWIP d/bs unless there is something peculiar about these iterations SH isn't making clear to 'day-trippers' like me. My observation on the alleged burgeoning Snowshoe subset is limited to simple raw data; the range of spam/week hitting my traps hasn't changed since Jan. this year. I'd be obliged to hear more from some SC 'longheads' on whether the CSS Project has real promise. My perceptions are almost certainly flawed, behind the times and of dubious relevance. I haven't spent much time on spam this year because I don't get enough anymore for it to be a problem. As I mentioned 'entre nous', 'if de dog don't bite, why be kickin' it'? I haven't even taken the time to update my HSQL dbs this year .. putting it off to Y/E when I can do a year's worth of analysis in the time it used to take to detail a couple of days'. Sweet! If only this were the case across the board. The “Issue†that sustains my interest in the CSS/SWIP Project(s) is the way our (Canadian) registries have come to be maintained. TMALSS, CIRA Domain Registration WHOIS records now default to anonymous. CIRA board members, and their 'alleged' advisors, maintain this protects registrants' privacy. Having spent many hours polling and canvassing input on this claim, I came to the firm conclusion the claim has not been substantiated. Something else is going on and whatever it is, it's not coming across to me as legit insofar as serving the public interest. Canada is not the only country to adopt this policy. In the context of the SH CSS list, there is also the issue of misconfigured DNS servers that, on the face of it, would significantly impair SWIP >> SH list reliability apropos Spamhaus' probity issues; which issues drive much of the criticism about SH's legitimacy. Running code against LACNIC servers for example turns up useless DNS MX, A & etc., records at a discouraging rate. How an MX or A record for example might end up associated with SH's list, and what it might signify, gives me pause to ponder. But SH has tools & strategies the likes of me can only dream about; so I'm biding chukkers on the sidelines astride my Shetland watching the upper-crust on Arabians join in elegant fray upon the pitch; so to speak. My issue, as it were, is that maintaining/enforcing current and reliable DNS records at all levels and facilitating public access to them suggests net benefits ('double entendre' intended) well in excess of the considerable costs and sacrifices involved. SH's CSS Project would seem to me to support that premise; ...or at least be consistent with it. I sincerely hope they run with it. Comparing and Contrasting: Governments and agencies around the world are cagey and conniving and adamant when it comes to their right of access to private e-traffic; contending that this rubric is to protect the public by identifying sources of ongoing crime, latent terrorism, and to gather probative evidence. Who and how far can they go is a proper subject for debate. In Canada, this is referred to as “the lawful access initiative.†http://www.michaelgeist.ca/content/view/4424/135/ The same governments and agents (including the above cited Michael Geist) have lobbied successfully for policies (Domain Registration Anonymity) whereby the public is denied the right to protect itself (think caveat emptor) by expunging (what should be) public records viz public conveyances (sources) on the internet, ... on the premise this is to protect privacy! How would the public react to a new gov policy saying, in the interest of privacy, airlines can register their fleets anonymously, denying the public access to info on who owns and who is flying their plane? But, and by the way, in another bill we authorize whomsoever we choose to depute to routinely interrogate passengers, scan their LT HDs, X-ray them right down to their skeletons, perform proctological exams, and pull up all manner of personal (private) info on them amassed in ginormous dbs from all over the planet whenever their mood is fit.
  7. FROM: "Announcing the Spamhaus CSS 2009-10-02 05:22 GMT" by Tom Mortimer http://www.spamhaus.org/news.lasso?article=646 I've been keeping a close watch on my 3 remaining spamtrap addies since my ISP subscribed to the Ironport filter(s) last January. I'm confident that the 'cited' Snowshoe shadenfreud have had no (as in zero) impact that I can detect.
  8. Points well taken. I was remembering something I read on CastleCops a while back that 'suggested' (?) some cybercrooks were using "this sort of trick": ... sending out spam with links to sites that might only be up for a few days, the purpose of which was to get the recipient to d/l malicious code. Perhaps I was idealizing out loud, but if ICANN anti-tasting fees reduce the number of domain names in the reservoir, then spam filtering data bases would be easier to manage; no? "Crooked registrars..." yeah. That's why I appended the tag. Even legit registrars such as in Canada (CIRA) and the UK no longer have to publish contact info in their whoises anymore. ...my pet peave.
  9. http://arstechnica.com/web/news/2009/08/es...ashing-halt.ars By: John Timmer, August 13, 2009 Apart from the obvious benefits, I'm curious to see what effect this will have on those annoying DNS redirects from MS, Comcast, Earthlink & etc. Tag: ICANN Rule 4.2.5 Prohibitions on warehousing of or speculation in domain names by registries or registrars; http://www.icann.org/en/registrars/ra-agreement-17may01.htm
  10. After links to cybercrime, Latvian ISP is cut off http://www.networkworld.com/news/2009/0805...me-latvian.html Tags: Atrivo McColo 3FN
  11. Not sure what you mean. I was thinking of: http://content.answers.com/main/content/wp...'s_2005.jpg Vancouverites would probably be the only ones cottoning on to the inference. Did you have something else in mind?
  12. Would it be "guilding it" to attribute W's superhuman powers to posessing an indestructible hard drive that never "goes down"....? ...vulnerable only to occasional comic misadventures with a glitchy "Spell Check", and the threat of lethal exposure to "Flash Objects" of Dick Cheney in a thong...? Probably.
  13. Just a "Thought in the Dark": is it feasible that "box" just collects numbers from Caller ID and then a "harvester" re-sells them? It would be an interesting list; withal;... a virtual directory of folks looking for fake documents, ...and like that. I know I'm not going to punch it up just to see if it actually does work; despite SMART Pages testimony contrariwise. Reiterating, it's a land line and The Seattle Telephone Company carrying that number should have some 'splainin' to do if it's still live after all the complaints and testimonials.
  14. It could happen...? “Robocop 3, SPAMCOPâ€. Where a crazed superhero cybernaut roams the streets of Netropolis, (Netroit?) sniffing wifi connections and satellite uplinks as he wages pitched battle against the evil Dr. Spamenflinger and his legion of dystrophic Ubergoofen. He packs a Gammaray Gun that can fry a server bank at 1000 yds. right through brick walls and 2†of EMP Shielding. He destroys his captives by cramming Cialis (the good stuff) down their cake hole until they “beat†themselves to death in manic frenzy. City Hall beckons the “Composit Crusader†with an arc lamp that projects a huge capital “W†over the city. No one knows what/who the “W†stands for; ...well, almost no one.
  15. The beggar is at it again as of today's date. http://www.spamcop.net/sc?id=z1621207884z4...d08d9cb2fez I don't know if the "box" is taking calls or messages, (SMART Pages says "no") but you'd think Telecom WA would have flicked the switch of the registered user by now; eh? The thing of it is, is: counterfeit sheepskins are usually only a sideline for organized. professional forgers. Chances are, the source of these spams are probably forging passports, blank airplane tickets, marriage and death certificates, certs of incorporation, drivers' licences, 2 for 1 MacDonalds Coupons.... Oh the humanity!! SMART Pages Listings Searching for: US 206-309-0336 Sorry, no matches were found. [edit - slightly mangled link corrected, yeah it was working but this is better]
  16. Devilwolf; You're not alone. Since Azooglelodites are now 'spIMming', perhaps they understood the "agreement" (judgement?) to suggest that it behooved them to diversify. http://blog.affiliatetip.com/archives/azoo...torney-general/ http://myfloridalegal.com/__852562220065EE...ht=0,azoogleads Getting the city manager to levy a bus tax on the target operation address appeals to my sense of righteous retribution, but it would be unenforceable. The county/municipal "assessors" would have to have access to all his hard drives every couple of years and do a forensic audit thereon .... way out of their bailiwick and totally impractical.
  17. Just about every news-type site I know tries to set cookies. My interest in that piece stems from some posts I made on a Windows XP NG 18+ months ago where my paranoia about cookies was depreciated. The url you cited is just a Windows-centric crib sheet on using hosts files to interdict irritants like doubleclick et. al. Unless I'm mistaken, I wouldn't categorize the site as pestware. But you would know better than I would.
  18. http://www.news.com/8301-10784_3-9755575-7.html Since we all know Wazoo and the mods have a lot of spare time on their hands, I'll risk posting a link to an article about the Black Hat Conference in this thread. The subject of cookie related vulnerabilities appears to be as close as a SC dilettante can get to where it should appear.
  19. It'is arguable, I know, but I am more or less convinced spammers are possessed by demons. Once convicted, I'd like to see them sentenced/required to get a diploma from a 4 year Bible College where computers are considered Satanic and confined to campus until they graduate. Or they could just be hung with piano wire by a big toe with their head in a bucket of lizard sh**. I'm easy either way.
  20. rick; Yes. A muted chuckle would be appropriate.
  21. Miss Betsy; Thanks for updating my wet(brain) ware. I assume the cognoscente following this thread know what you meant by the following quote, but for dilettantes like me you might want to do a minor edit/clarification... unless I am completely misunderstanding you. Who would have been reporting these 'valuable' bounces, the one receiving the original email being bounced or the sender receiving the bounce? rconnor: That's pretty much the way I understood the "bounce'-MTA/MUR response options and objectives. So, by association, your proviso is probably justified; --you must be confused and should seek professional help ASAP. Has anyone gathered stats to monitor the effect over time when an ISPs 'drops' mail at the server level for "From:" addies on the SC Blocklist? How would these results compare to results of a protocol that involves an "undelivered/undeliverable" return message, and how would this message be coded? The reason I'm interested in this is that somewhere in the back of my mind I seem to remember reading about some ISP getting DDoS'd by irritated spammers. It might better belong in a thread of its own, but one small wrinkle I just noticed on my system vis. an 'end-user' blocklist, derives from some spammer(s) forging "Return Path" addresses that are actually in my Icedove/TBird Message Fitler (File to:) Whitelist. e.g., [at]washingtonpost.com and [at]lists.pyropus.ca. I puzzled over these, wondering if someone at the Washington post had forgot to lock down a server, or if one of their servers had got 'botted' ; or something.... but I didn't think 'getmail' (.pyropus.ca) would ever allow such a lapse. Regrettably, I was away the week these came in, so I didn't submit them and can't provide a SC tracking URL [Note: I don't use getmail. I'm just on their ng mailing list]
  22. Miss Betsy; ...am I reading you right? I've been labouring under the (mis?)perception that the "From" in my spam is forged/hijacked. Perhaps I need to re-educate myself on the mechanics of "bouncing".
  23. http://www.standardnewswire.com/news/219401281.html I'm not sure this is the right place for this. I'll rely on better minds than mine to file it properly. Notwithstanding that it is understandably self-serving, ARG's release discusses what the DoJ wants the world to know/think it is doing WRT to IP Protection and Cyber Crime.
  24. Rather than expend valuable SC bandwidth, I entered a suggestion on a 'blog' about the possible entertainment value of keeping in touch with Mr. Soloway during his dalliance among the friendly folk at Seatac... if anyone is interested. http://boundarybaymorningsteamer.blogspot....enge-of_16.html
  • Create New...