15 posts • joined 10 Feb 2009
spamhaus != SORBS
No wonder you post anonymously--it's embarrassing to be that stupid.
Spamwise were spamming their services
I've seen a sample of what they were sending, and it includes this gem:
"Spamwise is ... a bona-fide IT
operation, offering a professional standard of advice and services to
So basically this "awareness-raising" wasn't meant to educate people about e-mail, but rather to raise awareness of the creator's consulting business.
Also, the assertion that website-scraping leads to 90% of the spam is just laughable. How many of your relatives' e-mail addresses show up on a google search? The vast majority of people don't have a website, nor do they post to publicly-archived mailing-lists, so they cannot be easily scraped.
On the other hand, compromising someone's machine to dump their Outlook contacts, or hijacking their social media account to scrape their friends list WILL yield a large number of e-mail addresses. I could list half a dozen other great ways to generate e-mail lists off the top of my head, but that's pointless.
This guy is an idiot and got what was coming to him. Playing the victim only makes him look him worse.
Time Machine works great :)
Simply plug-in a blank drive, OS X asks you if you would like to use it for back-ups, click through 2 or so dialogs, and bingo, regular back-ups down to the hour. Restoring files and complete system images works great (have used both features).
How could Microsoft possibly fail so badly when there are many great references implementations available?
Don't unstall unsupported plug-ins
Safari 5 has been nothing but great for me. Then again I don't try to cram my software full of third-party hacks and shims, so I can upgrade safely. This is exactly what Jobs was talking about in banning third-party development layers for iPhone: When Apple upgrades, the external developers won't properly modify their hacks in time and users will have a shitty experience.
in lipstick. That color doesn't go with her hair or top at all.
"Pad" isn't the problem; 'L' looks like 'I'
Lower-case 'L' looks too much like an upper-case 'I', which would make JournaLPad be JournaiPad, that's what they're objecting to. Whether that's a valid trademark complaint... we'll, I find that a bit tough to believe, but it's not like any app with "pad" in it will need to be renamed.
I search of iTunes for apps with the word "pad" turned up roughly 230, most of which have "pad" in their name. If they tried to get 230 app developers to change the name of their app, it would be a much bigger story.
Laughing stock buys laughing stock
The biggest joke of an e-mail security vendor (using the term loosely) buys the biggest joke of a DNSBL. They're made for each other.
Hmm 145,000 - 300 = 105,000?
Not only are handset infected, but calculators too, apparently.
It would be a lot easier to get this fixed
If idiots who didn't manage to configure their wireless correctly would stop posting in that discussion thread. Probably a good third or more of the posts are due to user error, and then they come back triumphantly claiming the "fix" for everyone is to "turn on WPA on your router" or something asinine like that.
I have this problem with my 1st gen iPhone and I've never installed an unapproved patch or application on it.
The issue *might* be isolated to WPA, since the only networks I connect to often are all WPA or WPA2.
Happy to see this getting attention
It seems like the only thing that ever prods Apple into resolving issues is bad press. Thanks for the article :)
Thanks for alerting the public
to this idiocy. ICANN comment = submitted!
Daniel, what are you smoking?
"if root servers change, I should be able to ask any DNS for this. But it seems that thanks to the botnets, this will be blocked as well."
Root server lists are still handled the same way they were back when I started using the Internet in the early '90s: a flat text file that you download from INTERNIC. There's also a fall-back copy hard-coded into BIND.
Also, the demise of the "interconnected" Internet didn't start with RFC1918 IP addresses, it started with the Morris Worm when people realized that a default-trusting security model didn't make any sense if there was so much as one malicious user on the network.
Get your history straight.
Since I'm writing this, I might as well tell Enigma9 to pull their head out from between their legs as well. Modern malware isn't written for clueless script kiddies, it's written for calculating criminals. Thinking that giving youngsters a sobering lesson will stop Internet attacks is mind-numbingly naïve. Are you perhaps an incarnation of n3td3v? You're as uninformed, but loudly opinionated as that twit. Get a job you waste of electrons.
RFC for spoofing
There's no RFC that I'm aware of that says providers should accept traffic from their customers with clearly forged origins. On the other hand, BCP38/RFC2827 has existed since 2000 and describes what ISPs should do to filter their traffic to prevent exactly this sort of attack. Sadly, most providers do not filter traffic from their customers to prevent packets with source IP addresses that are not within the networks they advertise.
Reality less gloomy than article
For one thing, only version of BIND earlier than 9.4 are vulnerable in the "best practice" configuration to the amplification effect. In 9.4 and later with recursion disabled for external clients, the response to the forged requests is "REFUSED", rather than the list of root servers. This makes the reflected traffic actually slightly smaller than the original request, thus defeating the amplification.
Also, it is possible to block the forged datagrams with a firewall without blackholing the victim. The vast majority (all?) of the victim DNS servers are authoritative-only servers that don't service requests for recursion, so blocking datagrams coming "from" them that have a source port other than 53, and destination port of 53 is completely safe. It's also possible in some firewalls to use byte-offset inspection features to specifically block requests for '.' going to your DNS servers.
There have been extensive discussions on the NANOG, BIND-users, and dnsops mailing lists. It's certainly recommended reading. Google is your friend here (hint, use site:). Try "amplification", "queries for root", "./NS/IN", "dns ddos", etc...
As a final note, I wrote a quick & dirty log parser that examines BIND log for the current hour to see how many queries for '.' there have been and what IPs are being targeted by them:
- Leaked screenshots show next Windows kernel to be a perfect 10
- Product round-up Coming clean: Ten cordless vacuum cleaners
- Something for the Weekend, Sir? I need a password to BRAKE? What? No! STOP! Aaaargh!
- Episode 13 BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
- Vulture at the Wheel Ford's B-Max: Fiesta-based runaround that goes THUNK