Technology Blog

Here’s a great presentation from
Joe St Sauver presented at the London Action Plan meeting
recently: Infected PCs Acting As Spam
Zombies: We Need to Cure the Disease, Not Just Suppress the Symptoms

Some key points in brief:

Despite all our ongoing efforts: the spam problem continues to worsen, with
nine out of every ten emails now spam; spam volume has increased by 80% over
just the past few months and users face a constantly morphing flood of
malware trying to take over their computers. Bottom line: we’re losing the
war on spam.

The root cause of today’s spam problems is spam zombies, with 85% of all spam
being delivered via spam zombies.

The spam zombie problem grows worse every day (with over ninety one million
new spam zombies per year)

Users don’t, won’t, or can’t clean up their infected PCs; and ISPs can’t be
expected to clean up their infected customers’ PCs.

Filtering port 25 and doing rate limiting is like giving cough syrup to
someone with lung cancer — it may suppress some overt symptoms but it
doesn’t cure the underlying disease.

Filtered and rate-limited spam zombies CAN still be used for many, many OTHER
bad things, and they represent a huge problem if left to languish in a live
infected state.

Joe’s take — “we’re in the middle of a worldwide cyber crisis”. I agree.
He suggests a new strategy:

It is common for universities to produce and distribute a one-click
clean-up-and-secure CD for use by their students and faculty. It’s now time
for our governments to produce and distribute an equivalent disk for everyone
to use.

I agree the existing schemes are clearly not working; this is an interesting
suggestion. Read/listen to the presentation in full for more details; pick up PDF, PPT and video here.

Tags:anti spam botnets ddos internet joe st sauver london action plan security smtp windows zombies

This post was written by Justin, source: Spam zombies — we need to cure the disease, not suppress the symptoms

The European Health Insurance Card is dead handy,
providing access to healthcare for EU residents while travelling in Europe –
it’s definitely worth having one.

There were a few
reports in the
Irish newspapers last week of an announcement by the Health Service Executive,
warning of “a bogus website” which charges a fee of EUR22 to process
applications for this:

The HSE also warned that the site is asking applicants to submit detailed financial information. “It has come to the attention of the Health Service Executive that Irish residents are being targeted by a website which is unnecessarily charging people to apply for EHIC cards. The bogus site concerned — http://www.ehic-card.eu/ — is not connected to the HSE,” said the HSE in a statement.

I’d link to the HSE’s press release on the topic, but it’s down,
apparently — and that’s pretty indicative of the
problem. You see, I’ve been trying to apply for one of these recently.

The HSE has been announcing that there’s no need to use this “bogus site”,
since we can just use the “real” site at http://www.ehic.ie/ to apply for one.
Here’s what they neglect to mention:

• (a) that unless you’re a pensioner you can’t apply for one online — you
  have to print out a form, fill it in, and post it to your local health
  office.
• (b) there’s no indication on the site as to what exactly your “Local Health
  Office” may be, just a long list of mysterious locations.
• (c) in order to apply, the form demands that you supply all that ‘detailed
  financial information’ — namely your name, address, date of birth, proof
  of residency, and PPS number — anyway.
• (d) the “bogus site” isn’t really all that bogus after all.

If they had a simple and usable online application process, perhaps they
wouldn’t be plagued by other sites attempting to offer that service for what is
really a quite reasonable EUR22 fee?

This is a pretty frequent phenomenon on Irish
governmental websites; a half-assed attempt to bring
governmental services online, resulting in shiny informational sites, full
of clip-art of smiling people talking on the phone, which all come down to a
bottom line of “print this out and post it in” or “call this number” –
business as usual. Having said that, at least I can generally still get a human on the phone, which still
beats dealing with US government agencies, I guess!

BTW, I notice the HSE claim that it only takes 10 working days for an EHIC to arrive using their system. I applied for mine 3 weeks ago, and there’s been no word yet…

Tags:ehic eu government health hse internet ireland

This post was written by Justin, source: The EHIC and Irish government websites

Renesys Blog: The Bluesecurity
Fiasco
– in which Todd Underwood, CSO for Renesys Corporation, applies some
real-world knowledge of how the internet works to the “timeline of events”
press release, issued by
BlueSecurity
as part of their ongoing PR about the DDoS.

Judging by the
comments
at
Slashdot, this
really needs to be more widely read.

Here’s some highlights:

The timeline from BlueSecurity […] is frustratingly vague. It uses phrases
like ‘tampering with the Internet backbone using a technique called
“Blackhole Filtering”.’ As Thomas Pogge, a philosophy professor of mine, used
to say: that’s not even wrong yet. There is no “Internet backbone”, there is
no technique known as “Blackhole Filtering”, and blackhole routing is not
normally described as tampering. So the whole explanation is nonsense. […]
Let’s clear one thing up for the press and everyone else: this event just
wasn’t that interesting. The attack against bluesecurity was a
run-of-the-mill denial of service attack.

His conclusion:

I believe that the PR engine from BS is in overdrive spinning this event as
fast as they can. But the concrete facts being put out by them simply to not
add up. In the process they seem to be doing two things: 1) trying to imply
or state that someone at UUnet was bribed by a spammer. This is simply
ridiculous. I know many of the people who work for UUnet and they are honest,
hardworking and extraordinarily clever people. They would not be crooked, or
stupid, enough to do such a thing and if they were, they would have been
trivially caught by change-management procedures. Moreover, such a change at
UUnet (or BTN) wouldn’t have caused the event BS claims to have witnessed
anyway. Additionally, 2) BS is trying to deflect attention from the damage
that they caused at Six Apart. It would be much better if they could just
claim ignorance of the DOS, apologize and move on. I recognize that that
isn’t going to happen, but it sure would make this whole thing easier to
handle.

Well said.

Of course, this is pretty much immaterial — the people who are using Blue
Frog, and vocally supporting Blue Security, don’t really care what happened.
All they care about is that someone is taking some kind of direct action
against spammers, in some way or another, and if there’s a little “friendly
fire” and some bending of the truth, why, this is a war! What, do you support
the spammers?

It’s disappointing — the amount of disinformation being successfully pumped
out (and accepted!) on this story is massive.

Tags:anti spam blue frog bluesecurity ddos internet routing security

This post was written by Justin, source: Todd Underwood on BlueSecurity DDoS

One of the funniest things at the internet evangelism conference was when the blogging panel edited the Liberty University wikipedia page. “The University is also known for its draconian dress codes” became: “The University is also known for its interesting dress codes, and excellent Internet evangelism conferences.” I just went to see if those edits were still there… They’re gone, but those edits set off a series of others edits including this juicy one….

source: Dirt buried in the Wikipedia

In a speech to a bunch of newspaper editors: As one study said: “Even if the economics of journalism work themselves out, how can journalists work on behalf of a public they are coming to see as less wise and less able?” I’d put it more dramatically: newspapers whose employees look down on their readers can have no hope of ever succeeding as a business….

source: Rupert Murdoch just woke up

AllAboutGOD.com is an incredibly well-thought-out evangelistic search engine optimization firm: “These vortals are built and positioned as expert sites in the top search engines and will maintain top positions because of the sophisticated algorithmic structure and more importantly… your prayers! Please join us in praying that GOD would build HIS wall of truth on Google, Yahoo, AOL, and MSN using this new technology.”…

source: Praying for Google juice