* Posts by chort

15 posts • joined 10 Feb 2009

Spamhaus blocks fellow antispam outfit

chort
FAIL

spamhaus != SORBS

No wonder you post anonymously--it's embarrassing to be that stupid.

1
0
chort
Flame

Spamwise were spamming their services

I've seen a sample of what they were sending, and it includes this gem:

"Spamwise is ... a bona-fide IT

operation, offering a professional standard of advice and services to

business clients."

So basically this "awareness-raising" wasn't meant to educate people about e-mail, but rather to raise awareness of the creator's consulting business.

Also, the assertion that website-scraping leads to 90% of the spam is just laughable. How many of your relatives' e-mail addresses show up on a google search? The vast majority of people don't have a website, nor do they post to publicly-archived mailing-lists, so they cannot be easily scraped.

On the other hand, compromising someone's machine to dump their Outlook contacts, or hijacking their social media account to scrape their friends list WILL yield a large number of e-mail addresses. I could list half a dozen other great ways to generate e-mail lists off the top of my head, but that's pointless.

This guy is an idiot and got what was coming to him. Playing the victim only makes him look him worse.

5
0

Windows 7 Backup gets users' backs up

chort
Jobs Halo

Time Machine works great :)

Simply plug-in a blank drive, OS X asks you if you would like to use it for back-ups, click through 2 or so dialogs, and bingo, regular back-ups down to the hour. Restoring files and complete system images works great (have used both features).

How could Microsoft possibly fail so badly when there are many great references implementations available?

6
0

Fanbois howl over 'hang a lot' Safari 5

chort
Alert

Don't unstall unsupported plug-ins

Safari 5 has been nothing but great for me. Then again I don't try to cram my software full of third-party hacks and shims, so I can upgrade safely. This is exactly what Jobs was talking about in banning third-party development layers for iPhone: When Apple upgrades, the external developers won't properly modify their hacks in time and users will have a shitty experience.

0
0

Alt rock diva's nude snap 'leaked' to tweetosphere

chort
FAIL

Poor taste...

in lipstick. That color doesn't go with her hair or top at all.

0
0

Steve Jobs: 'Pad? That's my word'

chort
Alert

"Pad" isn't the problem; 'L' looks like 'I'

Lower-case 'L' looks too much like an upper-case 'I', which would make JournaLPad be JournaiPad, that's what they're objecting to. Whether that's a valid trademark complaint... we'll, I find that a bit tough to believe, but it's not like any app with "pad" in it will need to be renamed.

I search of iTunes for apps with the word "pad" turned up roughly 230, most of which have "pad" in their name. If they tried to get 230 app developers to change the name of their app, it would be a much bigger story.

1
2

Controversial email blocklist SORBS sold

chort
FAIL

Laughing stock buys laughing stock

The biggest joke of an e-mail security vendor (using the term loosely) buys the biggest joke of a DNSBL. They're made for each other.

0
0

BlackBerry snoopers can explain everything

chort
FAIL

Hmm 145,000 - 300 = 105,000?

Not only are handset infected, but calculators too, apparently.

0
0

iPhone's Wi-Fi problems cause heated speculation

chort
Unhappy

It would be a lot easier to get this fixed

If idiots who didn't manage to configure their wireless correctly would stop posting in that discussion thread. Probably a good third or more of the posts are due to user error, and then they come back triumphantly claiming the "fix" for everyone is to "turn on WPA on your router" or something asinine like that.

0
0

Deadfish iPhones send users into deep freeze

chort
Jobs Horns

Not jailbroken

I have this problem with my 1st gen iPhone and I've never installed an unapproved patch or application on it.

The issue *might* be isolated to WPA, since the only networks I connect to often are all WPA or WPA2.

0
0
chort
Jobs Horns

Happy to see this getting attention

It seems like the only thing that ever prods Apple into resolving issues is bad press. Thanks for the article :)

0
0

Mormons demand ICANN plugs net smut hole

chort
Thumb Up

Thanks for alerting the public

to this idiocy. ICANN comment = submitted!

0
0

New-age cyber-attack inflicts major damage with modest means

chort
Flame

Daniel, what are you smoking?

"if root servers change, I should be able to ask any DNS for this. But it seems that thanks to the botnets, this will be blocked as well."

Root server lists are still handled the same way they were back when I started using the Internet in the early '90s: a flat text file that you download from INTERNIC. There's also a fall-back copy hard-coded into BIND.

Also, the demise of the "interconnected" Internet didn't start with RFC1918 IP addresses, it started with the Morris Worm when people realized that a default-trusting security model didn't make any sense if there was so much as one malicious user on the network.

Get your history straight.

Since I'm writing this, I might as well tell Enigma9 to pull their head out from between their legs as well. Modern malware isn't written for clueless script kiddies, it's written for calculating criminals. Thinking that giving youngsters a sobering lesson will stop Internet attacks is mind-numbingly naïve. Are you perhaps an incarnation of n3td3v? You're as uninformed, but loudly opinionated as that twit. Get a job you waste of electrons.

--

chort

0
0
chort
Alert

RFC for spoofing

There's no RFC that I'm aware of that says providers should accept traffic from their customers with clearly forged origins. On the other hand, BCP38/RFC2827 has existed since 2000 and describes what ISPs should do to filter their traffic to prevent exactly this sort of attack. Sadly, most providers do not filter traffic from their customers to prevent packets with source IP addresses that are not within the networks they advertise.

0
0
chort
Alert

Reality less gloomy than article

For one thing, only version of BIND earlier than 9.4 are vulnerable in the "best practice" configuration to the amplification effect. In 9.4 and later with recursion disabled for external clients, the response to the forged requests is "REFUSED", rather than the list of root servers. This makes the reflected traffic actually slightly smaller than the original request, thus defeating the amplification.

Also, it is possible to block the forged datagrams with a firewall without blackholing the victim. The vast majority (all?) of the victim DNS servers are authoritative-only servers that don't service requests for recursion, so blocking datagrams coming "from" them that have a source port other than 53, and destination port of 53 is completely safe. It's also possible in some firewalls to use byte-offset inspection features to specifically block requests for '.' going to your DNS servers.

There have been extensive discussions on the NANOG, BIND-users, and dnsops mailing lists. It's certainly recommended reading. Google is your friend here (hint, use site:). Try "amplification", "queries for root", "./NS/IN", "dns ddos", etc...

http://www.merit.edu/mail.archives/nanog/

http://marc.info/?l=bind-users&r=1&w=2

https://lists.dns-oarc.net/pipermail/dns-operations/

As a final note, I wrote a quick & dirty log parser that examines BIND log for the current hour to see how many queries for '.' there have been and what IPs are being targeted by them:

http://www.SMTPS.net/pub/dns-amp-watch.pl

--

chort

0
0

Forums