Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security The Internet IT

Cyber Crime Hits Big Time This Year 97

An anonymous reader writes to point out the Washington Post's analysis of this year's spike in junk email and online attacks, such as botnets and worms. Image-embedded spam emails made up an amazing percentage of all messages sent in the months of October and November, and something like four million bots are actively adding to that total. These botnets are also increasingly connected to organized crime, as are 'independent' hacker groups. The article goes on for three pages, and doesn't have a lot of hope that 2007 will look a whole lot better. From the article: "Experts worry that businesses will be slow to switch to the [Windows Vista]. And even if consumers rush to upgrade exiting machines or purchase new ones that include Vista, Microsoft will continue to battle security holes in legacy versions of Microsoft Office, which are expected to remain in widespread use for the next 5-10 years."
This discussion has been archived. No new comments can be posted.

Cyber Crime Hits Big Time This Year

Comments Filter:
  • by Anonymous Coward on Saturday December 23, 2006 @09:05PM (#17350966)
    "Experts worry that businesses will be slow to switch to the [Windows Vista]. "

    Maybe because Vista isn't written for security or for the businessess, or for anyone who buys it, its written for DRM and for the RIAA and MPAA.
    • by Anonymous Coward on Saturday December 23, 2006 @10:39PM (#17351254)
      What do the RIAA/MPAA have to do with UAC, ASLR, or Kernel Patch Protection? I'm not saying that DRM features are not present (or even well implemented) in Vista, but to imply that Vista wasn't "written for security" is ignorance at its finest.
      • My jaded opinion is that the security features are there to keep you from breaking the DRM, but what do I know.
      • To imply that any Microsoft product is "written for security" is even more ignorant. Each successive version of Microsoft Windows is marketed as being "the most secure Windows to date!" which, while sometimes true, is a far cry from being actually secure. A more reasonable summation might be that Microsoft never gets anything right on the first release. Technically, they rarely get everything right ever, but from a security perspective it would be wise to stick with known quantities (2K and XP) and wait for
    • The RIAA and MPAA are businesses =)
      • Re: (Score:3, Funny)

        by bky1701 ( 979071 )
        Hmm...

        RIAA Jim: Hey, we just got some file-sharers here. Quick save the packets and download the files so we can nab them!
        RIAA Bob: Umm, Jim, I donno know to do that on this new windows...
        RIAA Jim: Idiot, press that button.
        RIAA Bob: I did, it just says "you cannot download this file".
        Both: WTF?

        Sounds like a plan to me. ;)
  • by Esteanil ( 710082 ) on Saturday December 23, 2006 @09:06PM (#17350972) Homepage Journal
    As the number of people online grow, the crime scene grows with it (at a slight delay).
    A large enough number of people for crime to be viable online will stay gullible, no matter what we do.
    This is another one of those "Wars" we simply cannot win. We can try to educate the masses, but in general it will not work.
    A number of people within any social network will be defrauded somehow, and as they tell their stories (which most of them won't, afraid to seem a fool in the eyes of their peers), eventually these networks will become more resistant to attacks.

    We can design tools to help this process. But there will never be a technical tool to stop all, or even a significant amount of the crime and fraud that goes on out there.
    It's the American dream - everyone can make it rich, and some people will always think that it's the mail/phonecall/whatever they just received that'll make it happen for them.
  • by GrumpySimon ( 707671 ) <email@@@simon...net...nz> on Saturday December 23, 2006 @09:11PM (#17350994) Homepage
    Not much on specifics in TFA, but apparently the major increase in spam (mainly those pump'n'dump stock scams) appears to due to the Spamthru [secureworks.com] trojan which is being dropped by Warezov [f-secure.com].

    We've had a few stories on this before here [slashdot.org] and here [slashdot.org].

  • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Saturday December 23, 2006 @09:13PM (#17351002)
    From TFA:
    Some software security vendors suspect that a new Trojan horse program that surfaced last month, dubbed "Rustock.B" by some anti-virus companies, may serve as the template for malware attacks going forward. The program morphs itself slightly each time it installs on a new machine in an effort to evade anti-virus software. In addition, it hides in the deepest recesses of the Windows operating system, creates invisible copies of itself, and refuses to work under common malware analysis tools in an attempt to defy identification and analysis by security researchers.

    Yet, with a boot CD on Linux, I can inventory everything on the local hard drive and quarantine any suspect files. Yes, including loadable modules for the kernel.

    Why aren't we seeing that for Windows? Running an anti-virus app on the system itself is useless if the system can be compromised at a more privileged level than the app is running at.

    Not to mention that the users are notorious for NOT keeping their anti-virus apps updated.

    And ISP's really should be looking at blocking or actively monitoring outbound connections to port 25. Come on! It's not that difficult.
    • Re: (Score:3, Interesting)

      I just wonder why these people who are so good at compromising Windows' security don't go legal and start writing anti-virus software. They obviously know all the tricks. Seems theirs would be the best AV software in the world and they could sell it and make loads of cash legally. Why, I wonder, does this not happen?

      TLF
      • Re: (Score:3, Insightful)

        Because to profit on writing anti-virus software you have to have a lot of financial backing, and it takes a lot of patience. If you get steal an identity, it can be a major windfall tomorrow. To write good antivirus software, you have to compete with a bunch of people who are attempting to monopolize the market and have the credentials. And be able to advertise. It's just a lot easier overall to steal large chunks of cash from stupid Americans.
        • And don't forget that one cracker can find one exploitable hole and make a lot of money off of it. Either in "identity theft" for by creating a zombie army and selling those services.

          If s/he went legit and tried to sell anti-virus software, s/he would need to be as good or better than all the other virus/worm/trojan writers out there. The payoff vs effort quickly becomes worthless. A little effort for a big payoff is what crime is all about (and a number of other endeavors).
    • AIUI, the one part of the malware that can't morph is the part that does the morphing, and that's the part they anti-spyware can hunt for. It's a clever-sounding idea, but won't work for long in practice.
      • AIUI, the one part of the malware that can't morph is the part that does the morphing

        That's just not true. If you know assembly language, it should be fairly obvious that it's easy to alter any code and have it retain the same functionality. Take the simplest case of randomly inserting NOPs. Then take it to the next level of writing multi-instruction code that is the equivalent of a NOP (the possibilities are effectively infinite). Suddenly you can obfuscate ANY chunk of machine code without changing the f

    • by Namlak ( 850746 )
      And ISP's really should be looking at blocking ... port 25

      As the keeper of a corporate network that includes laptop-wielding field personnell, this is a major PITA. I currently have them hitting our corporate SMTP server with SMTP authentication. Until someone's ISP starts blocking or redirecting port 25, then I have to instruct the user to change their outbound SMTP server to that of their ISP (which they never know but expect me to, or to find out). Now they take the laptop out into the wild and wan
      • I just set the remote users to use 587 or 465 (depending upon whether you're a Microsoft shop or not) instead of 25.

        The only real limitation here is what the client software will accept as a configuration option. Various versions of Outlook (including many of the PDA's and phones) will only allow you to set "must use SSL" which gives you port 587. If you limit those connections to ones that require a username/password, that solves that problem.

        So far I haven't found a single ISP that blocks either 465 or 58
      • by gregmac ( 629064 )
        If this is an issue for you, you should be using another port.. but more importantly, if you have on-the-road users sending email, USE SSL! Not only is it a different port (that almost certainly isn't blocked), but it encrypts the email. This is extra important when you consider how much WiFi networks are used. While you're at it, make sure you use SSL-enabled POP3 and IMAP, for the same reasons.

        It amazes me how many sys admins would scoff at using telnet to log into a server, make sure all their web apps r
    • by bky1701 ( 979071 )
      "And ISP's really should be looking at blocking or actively monitoring outbound connections to port 25. Come on! It's not that difficult."

      Mine already DOES this, the problem is, I have a few legit uses for that port (well, at least not illegal). At least 3 I have had did it, same as port 80. They use the virus EXCUSE, but it's just that...
  • Seriously. I have like 5 email accounts, and I doubt that's a lot compared to some people who use e-mail more than me. Three of which I will drop at a moments notice. The other two I consider untouchable. They are whitelisted. You want to get to my good ones? You gotta go through the other three. Then, and only then, will you get to my inner e-mail sanctum.

    So bots and spam and worms and identity phishers don't get to me. Part of the reason is that I simply don't pay attention to e-mails from unsolicited sources. That's half the reason cyber crime works at all: people are idiots when it comes to computers. Odds are you know someone who sees a pop-up disguised to look like an authentic Windows message box and clicks on the buttons thinking they are actually talking to Windows and not some porn-site-based phisher and thief. Odds are you know someone who thinks those e-mails are from someone with an actual product instead of a phishing scam, like a second chance offer from www.ebay.cra.cz or something similar.

    These criminals are simply separating stupid people and their money. I know, I know, it's a harsh perspective. You know somebody who got nailed so you want to mod me down because I called your friend stupid. Well, hopefully they learned. The saying goes, fool me once, shame on you, fool me twice, shame on me. It's true.

    TLF
    • Until some jackass forwards you an article, includes you on a mass email, sends you an e-card, etc.

      Like you, I've got an array of email address (scores of them, actually), with one final true "use this if you must reach me" email address known only to a very few close, personal, and technologically savvy friends. Gradually I blacklist the ones that get too much spam, but sadly the primary general-acquaintances email address is in full spammer rotation now, and I may have to drop it soon. That will be painfu
    • Ahem. I believe the correct quote is... "Fool me once, shame on you... uh, fool me... you won't get fooled again." With apologies to George Bush ;)
      • by uNople ( 734531 )
        ...With apologies to George Bush...

        What are you apologising for? We all know that George Bush can't read ;-)
    • Seriously. I have like 5 email accounts, and I doubt that's a lot compared to some people who use e-mail more than me.

      That's about how many I actively use, what with my various domain names, servers, and all.

      Three of which I will drop at a moments notice. The other two I consider untouchable. They are whitelisted. You want to get to my good ones? You gotta go through the other three. Then, and only then, will you get to my inner e-mail sanctum.

      Sounds like you're putting out a lot of effort out for ..

      • by bky1701 ( 979071 ) on Sunday December 24, 2006 @01:42AM (#17352052) Homepage
        "Are you a competent attorney? Tax accountant? Automotive Mechanic? Manufacturing supervisor? Medical doctor?

        What would you think if professionals in these various areas figured you were a moron because you did a stupid in their field of expertise?"

        These are not cases of being a moron because you don't know how to do something, it's because you ignore that you are not smart enough to do them. A lot of people get their cars fixed for them, hire lawyers, have people do their taxes, etc... How many people forward their emails to people to make sure they are legit? None. People who don't know how to drive but drive anyway and crash the car have only themselves to blame, this case is the same.

        Emails are too easy to get, if it was harder; cases of this would drop by a LOT, because people who didn't know how to use emails wouldn't be using them. Not like that's going to happen, or if it would even be a good thing, but it does say people should avoid messing with things they can't comprehend.
    • ...ah so desu...he bigger problem than the software may be the wetware. "Social engineering" is still the most reliable attack vector.
      • Good point. But I think you can at least consider e-mail a social avenue. With that said, social engineering over e-mail is quite common. And learning how to adequately filter and deal with the harmful messages becomes the same as being able to deal with somebody who calls 'from the IT dept.' because they need to fix your account at work but they don't have your password. Neh?

        TLF
  • At a certain point internet users are going to have to get down with the fact that spam isn't like weather, it's not an environmental effect. They're going to have to learn to make sensible choices: like not using Outlook express, IE, not exposing their email on their websites in clear text, mass CC'ing friends and realising that by using operating systems like Windows they are supporting a broader economic machinery that provides a ready platform for the widest possible proliferation of spam, despite the e
    • Re: (Score:2, Insightful)

      They're going to have to learn to make sensible choices: like not using Outlook express, IE [...]operating systems like Windows

      To be fair, one of the reasons that OE/IE/Windoze are so insecure is that they're so popular - and thus, hackers/etc work overtime to find every little security hole. If everyone switched over to say, Thunderbird/Firefox/Linux, then the hackers/etc would do the exact same thing as what they're doing to IE/OE/Windoze.

      Having said that, it would HELP if everyone switched to Thund
    • by keeboo ( 724305 )
      The sad cold truth is that nobody cares.

      ISPs are not going to pressure their users, Joe User could simply switch to another company, or feel abused and bring the case to justice, or something like that.

      Universities, gov't institutions in general... There is politics everywhere you walk in those places. No tie-wearing person wants to burn him/herself forcing people to use non-Windows OSes, to prohibit usage of Outlook Express, to prohibit installation of junkware into their Windows boxes, even making the
    • No ammount of eduacation to users will stop spammers.

      You may think that spammers send you their spam because they are trying to sell you something, and that you outsmart them by filtering their spam out, or by recognizing it and refusing on principle to buy from them (if perhaps they are selling something you wanted).

      Spammers are not sending their spam to you. They are sending to someone else who will never learn and will buy whatever they are selling. The fact that you are getting spam is a side-effect. If
  • by Animats ( 122034 ) on Saturday December 23, 2006 @09:21PM (#17351018) Homepage

    What we need is more effective law enforcement. There aren't that many spammers any more. Look how few different spams show up. The top three or four spams represent most of the volume. We need a law enforcement effort aimed at finding the top ten spammers and putting them in jail.

    • No, Go After the money.

      The reason for spam is that someone is making money from the spam.

      Go after the companys that are benefiting from spam - and take All the money they make and then some. AND go after the stupid consumer who is actually answering spam and buying stuff.

      Of course, to do anything we need to define what Spam is, and what it is not. Give marketers a way to direct market without the email in question being spam (I'm a fan of OPT-IN only lists, you can send to me only if I ask you to) -

  • Printable version (Score:2, Informative)

    by Anonymous Coward
  • Furthermore, don't wait around for fscking Vista to fix problems that Microsoft cannot afford to fix.

    Protecting computers from vulnerabilities that need not be there in the first place is a multi-billion dollar business encompassing thousands of product and service vendors world-wide that ultimately trickle capital back up the vulnerability supply chain.

    This bizarre altruistic myth of Microsoft working around the clock to solve these problems, to deliver the customer a trouble-free computing experienc
  • Neuter the zombies (Score:3, Interesting)

    by WoTG ( 610710 ) on Saturday December 23, 2006 @09:43PM (#17351068) Homepage Journal
    I think that 2007 is the year we'll see action from ISPs to proactively neuter zombies on their network. It's been several years of DDOS's now and the technology to compile which IPs have been hacked is available. All we need is some incentive to push ISPs to look after their own network. Maybe make a public list of the worst ISPs for sending SPAM?
    • DONE! (Score:3, Informative)

      by sciop101 ( 583286 )
    • I wish that ISPs would cleanup the bots, but they won't because it would be too expensive. How would an ISP neuter a zombie without disrupting the idiot customer's PC? And if they sever the net connection of bot-infested machines, then who pays for the customer service costs of telling customers that it's the customer's fault that their PC was knocked offline. I'm thinking that each cranky bot-infested customer will cost the ISP $10-$30 in customer service costs (= long calls to explain why they were kno
      • The vast majority of people don't need to run an SMTP server at home. Just block troublesome IP addresses from sending to random IP addresses and let them use only the ISP's SMTP servers. The few folks who run a full mail server at home, like me, can find an alternate solution, like SMTP Smart Hosting - aka forwarding to the ISP's mail server.

        This wouldn't do anything to reduce DDOS's though.

      • Bucket filters - bandwidth limiting, will go a long way.
      • One of the problems is that most home ISP's do not design their networks with security in mind.

        If I were doing it, I'd setup multiple networks. Different clients have different characteristics so why shouldn't they be on different networks that support those characteristics? And each with its own outbound email servers.

        a. The cheapest monthly rate would go to customers who would accept a block on all outbound port 25 traffic. They only route to your email server and that is monitored. Anyone suddenly sendin
      • by bmo ( 77928 )
        How would an ISP neuter a zombie without disrupting the idiot customer's PC?

        This way:

        From me:

        Bonjour. J'avais reçu beaucoup d'email de quelqu'un en France dont l'ordinateur semble être infecté. C'est toujours les mêmes adresses d'IP et le même ou semblable attachement. Puisque j'emploie Linux, je suis immunisé contre l'attachement, mais je pense qu'il est temps de dire à l'expéditeur que son ordinateur est infecté et devrait être nettoyé. L'en-tête

    • So, 2007's the year for neutering on the desktop? I guess linux will have to wait until 2008.
    • by bigberk ( 547360 )

      We already know where the zombies are. Hard working volunteers collect and publish (among other things) zombies, an ever growing list of the nodes used to carry out spam runs, DoS attacks, and other mischief.

      cbl [abuseat.org], sorbs [sorbs.net], uceprotect [uceprotect.net], wpbl [wpbl.info], and others all publish this info in near realtime

      That's where the info is. A responsible ISP has to search the lists [pc-tools.net] for their hosts and then go from there.

  • Let me represent myself to you. This letter reaches your because you have been presented as a reasonable and trusted person.

    The attached image is my own personage representing me as a reasonable and trusted person. My truthful intentions are above reproach and presented to you in a reasonable and trusted manner.

    I get one of these about every other two or three months. I just build another filter and notify my ISP.

  • If they hadn't made such an insecure operating system, we wouldn't have any of these problems!!

    I hate that argument, because its completely incorrect. The vast majority of people who use computers have little idea how they work, or the difference between viruses and spyware and adware. If it's easy for them to do what they need to do, they'll be happy. Linux may be extremely secure, but the reason it is hardly used as a desktop OS is because the vast majority of people don't know how to easily do what the
    • by melikamp ( 631205 ) on Saturday December 23, 2006 @11:07PM (#17351426) Homepage Journal

      Microsoft has done quite a decent job of making this balance in Windows.

      What a joke. The following are purely design flaws which you cannot excuse by saying that they are being exploited only because Windows/Office are popular.

      1. By default, all userland applications are granted Administrator's privileges. I cannot think of a suitable comment for this stupidity.

      2. By default, IE is capable of running applets with the said privileges. This would be dumb even if they were user privileges. Executable code which affects the system should be downloaded and then run locally. Just two more clicks, but now even a very dim user knows that a program is being run, whereas before he assumed that he's just browsing the Web.

      3. The de-facto document exchange format, .doc, is imbued with executable code which, wait for it... runs with administrative privileges. Let's not whine about how .doc is not an exchange format, because it is. That's what people corroborate on and email each other for revisions. It has its flaws but it does a good job. Sticking VBA in it is like handing little Johnnie a vial of nitroglycerin and saying: now be a good kid; if you jump too much, you won't have a good time.

      4. Getting a program involves running an executable file. This is a very grave flaw in the design. Much malware would be curbed if MS switched to a good packaging scheme and eliminated the need of ever dealing with .exe (for a not-so-clever user, that is). Ubuntu can do it, why cannot Microsoft? On my laptop, the only program I ever had to install by hand was ies4lin. Everything else (and I am quite a whore when it comes to software) was available through the Multiverse. Once a user is shown the kosher way of installing new programs, i.e. from inside the package manager which talks to the trusted repositories, he will naturally regard standalone files as suspect, and most likely will not even encounter them.

      These are just off the top of my head. All four are atrocious decisions, given that catering to the lowest common denominator is in Microsoft's mission statement. All four became problems because MS chose to completely ignore the fact that every Windows computer is connected to the Internet. Why bother? The monopoly status works just fine.

      • > ... the only program I ever had to install by hand was ies4lin.

        Wow!, now how did you know you need to run "dfs3dse". Oops, sorry, it was "ies4lin". How did you know this?

        I really wish I could use Linux. Well, I managed to use it a little bit, but not in a very useful way. After Mandrake 9 failed to install completely leaving me with the task of providing a graphics driver for my very common ATI card from 1998 that it could not provide, and leaving me with a text only interface but with no instructions
        • You might want to get an old desktop box. Old but not too old: 3 years would do nicely. Avoid flashy components. Avoid wireless for now (some research might be required to make it work), get Intel accelerated on-board graphics. You can get that virtually for free these days. Put it in the corner of your flat (or, as we say on Slashdot, your parents' basement) and install the easy-going Ubuntu.

          I am not saying that GNU/Linux won't work with wireless, by the way. Almost any card is supported through the ndis

          • by hadaso ( 798794 )
            The box you describe is my "new" desktop (actually it's almost 4 years old now). The box I was trying to put Linux on is an 8 years old 500 MHz Pentium 3 with quite standard ASUS motherboard, ATI graphics card and SB soundcard, with 128MB RAM which is quite a lot compared to what used to be on PCs back when it was new, and I think the main reason that Knoppix 3.7 that happens to work on it is painfully slow is that Knoppix "steals" much of the RAM for the RAMdisk it "installs" itself on and not enough is
            • Well, dude, it will sound too obvious, but you cannot "give GNU/Linux a try" unless you get it running. It sounds like you are running a bad streak, but do not let that discourage you. Because of little to no hardware testing by the industry, installing Linux can range from a walk in a park to pulling live teeth. You just have to give it another try with different hardware. Just a few days ago I ran into an old IBM box which caused the latest Ubuntu (live) CD to crash with the kernel panic before I could go

    • Not exactly. (Score:5, Insightful)

      by khasim ( 1285 ) <brandioch.conner@gmail.com> on Saturday December 23, 2006 @11:14PM (#17351460)
      The vast majority of people who use computers have little idea how they work, or the difference between viruses and spyware and adware.

      Yes, I can agree with that.

      And it is not going to change. Which is why it is necessary for the OS vendors to ship their product so that the default configuration is as locked down as possible. In my opinion, Ubuntu achieves this in an admirable fashion.

      Linux may be extremely secure, but the reason it is hardly used as a desktop OS is because the vast majority of people don't know how to easily do what they need to do using it.

      Actually, that would be because of Microsoft's monopoly on the desktop. Breaking free of the monopoly takes a LOT of effort.

      To meet all users desires, you'll always have to sacrifice some security for ease-of-use. IMHO, Microsoft has done quite a decent job of making this balance in Windows.

      Nope. Look at a Mac. Talk to Mac users. They don't need to become experts on their systems to use them more securely than Windows. This is because Apple has implemented a more effective security model than Microsoft.

      The fact is that you'll always have a lot people who use the easiest thing available, even if it is insecure.

      But it is Microsoft that is using the monopoly to restrict access to more secure systems. Don't blame the users if the monopoly is actively trying to limit the options.

      You'll always have the people who turn off the firewall because it makes their IM program not work, you'll always have the people who ignore the 'This file may harm your computer!' dialog. As a result, malware, worms, etc. will always be a problem.

      Why do you have to turn off the firewall so you can run your IM program? Would you accept a car that you had to disable the air bag in order to play a CD? Ubuntu is effectively immune to worms because it, by default, does not have any open ports.

      Microsoft is skipping the FIRST rule of security: do not run anything that is not absolutely necessary.

      The reason that so many Windows machines are infected is NOT because they're running some IM client without a firewall. It's because the default configuration was insecure. Too many services that were not needed were running and vulnerable.

      If 100% of the Windows boxes start vulnerable - you need a LOT of extra work to secure them.

      If 100% of the boxes start without open ports - you'll need a LOT of extra work just to make them vulnerable.

      In the end, it all comes down to how much effort is needed. Start secure and you'll always win that scenario.
  • Old people! (Score:5, Informative)

    by autophile ( 640621 ) on Saturday December 23, 2006 @09:55PM (#17351102)

    An anonymous reader writes to point out the Washington News's analysis of this year's spike in telemarketers gulling lonely old people, such as lonely old men and lonely old women, out of their life's savings.

    "Experts worry that older people will be slow to switch to the [old folk's home]. And even if consumers rush to put in a home existing old people or purchase new ones that include no life's savings, younger folks will continue to battle security holes in legacy versions of the Old version of People, which are expected to remain in widespread use, and even grow, for the next 5-10 years."

    As long as there is prey, there will be predators. Stamping out the predators is a game of whack-a-mole, so the best solution is to try to educate the prey. And if you can't, well, what are you going to do? Legislate against it? Pfft!

    --Rob

    • Gullible people - The amount of money skimmed by churches, especially this time of year, probably make any spam-scam operation pale into insignificance.
    • by Tom ( 822 )

      so the best solution is to try to educate the prey

      They breed faster than you can educate them. Until "do not buy from spammers" becomes something every 4-year old is told together with "don't take candy from strangers", education is and will remain a total failure.

      I've been doing security for 10 years now. User education is a desaster, a failure and a total waste of time. I have yet to see a single security problem being solved by user education. In the corporate environment especially giving an order and threaten everyone with being fired if they don't o

  • Why is Vista mentioned at all? Vista will do nothing to curb the distribution and installation of trojan horses, much less the distribution of spam.

    Honestly, if you eagerly waiting for Vista to accomplish anything for you other than make you $200 poorer, you're fooling yourself.

    Schwab

  • Random Thoughts (Score:4, Insightful)

    by ewhac ( 5844 ) on Saturday December 23, 2006 @11:03PM (#17351402) Homepage Journal
    This has clearly become a real economic problem. I'm surprised our Feck^H^Harless Leader hasn't declared spam a form of economic terrorism, and acted correspondingly. Of course, the ideal solution is to start brutally killing spammers and putting their heads on pikes in the town square. But nobody seems to be willing to do that, so all we have to play with is the network.

    So, under the auspices of Economic Security, some random ideas to rebuild confidence in the email network:

    • Harden DNS
      The domain name is the primary reference point for a reputation base. If a domain can be spoofed, reputation fraud ("Identity theft") becomes more likely. So, harden DNS with some ubiquitous public key crypto. If you want a domain, you must provide a public key; the key authenticates you to modify the entry. If you lose the key, tough cookies; you'll have to wait for the registration to expire before you can regain control of it.
    • Make SMTP AUTH Mandatory, Preferably Over SSL
      All clients presenting mail for delivery must present credentials. No credentials, no delivery. In an ideal universe, the client's credentials (public key?) would be presented as part of the SSL connection, so the SMTP server wouldn't have to do anything special.
    • SMTP Servers Refuse Connections From IPs with No MX Record
      If you're not on the local subnet, and your IP is not registered as a Mail Exchange, then no relaying for you without prior arrangement. Assuming a hardened DNS, we can reasonably rely on the authenticity of the MX record.
    • Throttle Excessive Port 25 Activity
      Blanket blocking of connections on port 25 is excessive -- some people have a legitimate need to drop mail on smarthosts outside the local subnet. However, if the routers observe an internal IP address spraying port 25 connections to, say, a dozen different IPs over the course of a minute, then that's probably something the network admins would want to look at more closely. This would do nothing to thwart a parallel "shadow" network of compromised hosts acting as spam relays for the subnets on which they're located. But for a while you'd get a pretty good map of machines to clean up.

    Schwab

    • http://craphound.com/spamsolutions.txt [craphound.com]

      Your post advocates a

      (*) technical ( ) legislative ( ) market-based ( ) vigilante

      approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

      ( ) Spammers can easily use it to harvest email addresses
      ( ) Mailing lists and other legitimate email uses would be affected
      ( ) No one will be ab
  • There really is a need for ideas for the next generation of e-mail.

    If reports are to believed we're closing in on a point when nearly 100 percent of messages will be spam. The spam blockers that were effective a year ago are becoming increasingly leaky.

    Whitelists may work for some people, but not for anyone running a business. Proposals that require tens of thousands of ISPs to significantly change how they handle mail probably aren't going to fly unless legislated. And legislation will only work within t
  • by twitter ( 104583 ) on Sunday December 24, 2006 @12:43AM (#17351794) Homepage Journal

    ... thinks Vista will change anything? The exploits are already being marketed and published. It reminds me of the "use XP SP2" chorus, when the only thing that did was break existing applications and push more obnoxious EULAs and DRM. We will soon see the Vista added to the list of threats which currently list XP, 2000, XP, 98 etc back to the earliest version the watchers care to add. The reason those threats typically break every previous version of Windoze is because M$ rarely rewrites anything and the same old binaries are passed on from version to version. Vista was made the same way the other versions were and the same old process is going to yield the same old results. Vista is the same old same old.

  • And even if consumers rush to upgrade exiting machines or purchase new ones that include Vista, Microsoft will continue to battle security holes in legacy versions of Microsoft Office, which are expected to remain in widespread use for the next 5-10 years."


    So, let me get this straight, even if customers rush to upgrade exiting machines.... wait, brainfry.

    Let me try that again.... Exiting machines...

    Nope, there goes my brain.
  • by jdcope ( 932508 ) on Sunday December 24, 2006 @01:51AM (#17352090)
    If MS is supposed to "fix everything" with Vista, then why are they pushing Live One Care so hard?


    And if they can fix security problems with One Care, why couldnt they fix them in the OS in the first place?


    So first, we pay MS for the OS... then we have to pay them again to make it secure? Sounds like a scene from The Godfather.

  • Anti-botnet botnet? (Score:3, Interesting)

    by bucky0 ( 229117 ) on Sunday December 24, 2006 @02:02AM (#17352124)
    Now, I know someone already tried to write an anti-botnet botnet for code red, but couldn't someone start hijacking computers that would monitor honeypot spam addresses for spam, then by reading the headers, see what exploited machines were spewing spam, then hack into them, patching the security holes and shutting off the spam trojans?

    Of course, with as much money as there is in hacking type stuff, I'd be afraid of the enemies I'd be making.
  • Experts worry that businesses will be slow to switch to the [Windows Vista]

    Oh yeah, the "most secure windos ever". That's like saying you've just created the least leaky sieve ever. Come on, the consumer version isn't even out yet and there are already exploits. Within a year, Vista will be full of holes just like XP is today. Doesn't anyone remember that they made the identical claims regarding security when XP replaced 98/ME ?

    Shut down bots. Only option to get rid of the networks. Make people care. Pass a law that forces ISPs to shut down known bot-infected customers until they

  • Considering the cost of Windows Upgrades in General I realy cannot see Vista taking over on a consumer level any way other than new machine purchases.
  • They actually mention that the botnets and security flaws they are talking about are Microsoft problems, and not some flaw with the Internet or "PCs" in general. Seriously, every last single dire article about the state of internet security that appears in the Edmonton Journal (for eg) steadfastly refuses to lay the sorry state of home users security at the feet of the company almost entirely to blame. It's amazing how general they keep the articles in order not to admit the obvious.
  • Along these lines, last Wednesday the INquirer ran a piece of mine, an interview with Scott Chasin, CTO of MX Logic [theinquirer.net], talking about the techniques in use by the spammers (branching out into p2p architecture). Chasin, too, believes things will get worse. And, from the sounds of it, the measures taken by service providers and others will continue to make the Net a far more restrictive place than it was originally designed to be.

    wg
  • ... just charge 0.5 cents for sending an email. Once Joe Sixpack gets a bill for $5000 for emails sent by his Windows bot, a.k.a. PC, he will start to take security seriously. His first question is going to be" What can I do to stop this?", and then maybe he'll listen to the advice we've been trying for years to get through to him. Secondly, even if spammers send out emails from their own accounts, charging for it would quickly raise the bar to the point that it's no longer profitable.

He has not acquired a fortune; the fortune has acquired him. -- Bion

Working...