Re: [funsec] 95% of User Generated Content is spam or malicious

[ Please do not send redundant copies of on-list traffic. ] On Mon, Feb 22, 2010 at 12:15:43AM -0500, Dan Kaminsky wrote: > My sense is that SPAM filtering is ghettoizing, i.e. there's a very > small community of extraordinarily miserable people whose job it now > is to deal with SPAM for the rest

Re: [funsec] 95% of User Generated Content is spam or malicious

On Sun, Feb 21, 2010 at 08:53:29PM -0800, Tomas L. Byrnes wrote: > If you think those who have to, by virtue of commercial need or policy, > run "wide open and only deny known bad" networks are "lucky", you have > an odd definition of luck. That is not what I said. What I said was: Perha

Re: [funsec] 95% of User Generated Content is spam or malicious

>        "An entire industry has grown up around the flawed assumption >        that it is feasible to seperate the wheat from the chaff in >        our mail flows by inspecting every grain (message).  There are >        two groups which benefit from the acceptance of this myth: the >        vendor

Re: [funsec] 95% of User Generated Content is spam or malicious

On Mon, Feb 22, 2010 at 6:55 AM, Rich Kulawiec wrote: > [ Please do not send redundant copies of on-list traffic. ] > > On Mon, Feb 22, 2010 at 12:15:43AM -0500, Dan Kaminsky wrote: >> My sense is that SPAM filtering is ghettoizing, i.e. there's a very >> small community of extraordinarily miserab

Re: [funsec] 95% of User Generated Content is spam or malicious

On Mon, Feb 22, 2010 at 07:34:56AM -0500, Dan Kaminsky wrote: > All I know is that I have a couple of email accounts that get > negligible amounts of spam. Oh, they're *sent* huge amounts, but they > receive almost none. But this is not the only metric with which to evaluate mail defenses. Vendor

Re: [funsec] 95% of User Generated Content is spam or malicious

On Mon, Feb 22, 2010 at 8:23 AM, Rich Kulawiec wrote: > On Mon, Feb 22, 2010 at 07:34:56AM -0500, Dan Kaminsky wrote: >> All I know is that I have a couple of email accounts that get >> negligible amounts of spam.  Oh, they're *sent* huge amounts, but they >> receive almost none. > > But this is n

[funsec] Chuck Norris Botnet and Broadband Routers

Last week Czech researchers released information on a new worm which exploits CPE devices (broadband routers) by means such as default passwords, constructing a large DDoS botnet. Today this story hit international news. Original Czech: http://praguemonitor.com/2010/02/16/czech-experts-uncover-

[funsec] Email Portability Approved by Knesset Committee

The email portability bill has just been approved by the Knesset's committee for legislation, sending it on its way for the full legislation process of the Israeli parliament. While many users own a free email account, many in Israel still make use of their ISP's email service. According to th

Re: [funsec] 95% of User Generated Content is spam or malicious

> It's simply not efficient or cost-effective any more (at least for > the operations I'm involved with) to grant mail privileges to > everyone on the planet by default. Nor is it desirable to do so and > then attempt to winnow wheat from chaff, as this is more difficult > and more expensive and m

Re: [funsec] 95% of User Generated Content is spam or malicious

>> Perhaps some lucky folks can still get away with it: if so, great. > If you think those who have to, by virtue of commercial need or > policy, run "wide open and only deny known bad" networks are "lucky", > you have an odd definition of luck. I think rsk wasn't so much talking about those for w

Re: [funsec] Email Portability Approved by Knesset Committee

> According to this proposed bill, when a client transfers to a > different ISP the email address will optionally be his to take along, > "just like" mobile providers do today with phone numbers. Ooo. I smell a huge unfunded mandate. /~\ The ASCII Mouse \ / Ribbon Cam

Re: [funsec] Email Portability Approved by Knesset Committee

cue the dancing cluetards! On 2/22/2010 7:45 PM, der Mouse wrote: >> According to this proposed bill, when a client transfers to a >> different ISP the email address will optionally be his to take along, >> "just like" mobile providers do today with phone numbers. > > Ooo. I smell a huge unfunded

Re: [funsec] big brother at school

More updatey goodness: http://feeds.boingboing.net/~r/boingboing/iBag/~3/1JfFLMBEhaY/laptop-surveillance.html On Sat, Feb 20, 2010 at 6:59 AM, Rich Kulawiec wrote: > On Fri, Feb 19, 2010 at 02:23:54PM -0800, Rob, grandpa of Ryan, Trevor, > Devon & Hannah wrote: > > I *really* hate to pour cold w

Re: [funsec] big brother at school

Interesting: http://strydehax.blogspot.com/2010/02/spy-at-harrington-high.html On Mon, Feb 22, 2010 at 4:37 PM, Benjamin Brown wrote: > More updatey goodness: > http://feeds.boingboing.net/~r/boingboing/iBag/~3/1JfFLMBEhaY/laptop-surveillance.html

Re: [funsec] big brother at school

>From another list http://www.youtube.com/watch?v=oLB4LNFvbFI a youtube video allegedly narrated by an alleged staff member of Lower Merion lauding the LANrev management suite allegedly used in the alleged incident. On Feb 22, 2010, at 3:58 PM, Benjamin Brown wrote: > Interesting: http://stryd

Re: [funsec] big brother at school

On Mon, 2010-02-22 at 16:58 -0500, Benjamin Brown wrote: > Interesting: > http://strydehax.blogspot.com/2010/02/spy-at-harrington-high.html So do you get expelled if you put a bit of electrical or duct tape over the camera now? --Chris ___ Fun and Misc

[funsec] why doesn't Zeus just steal cookies?

One thing I've never understood about man-in-the-browser attacks is why a trojan bothers with all that in the first place. I don't see how more conventional attacks are obsolete. Enhanced "MFA" (rarely are they true multi-factor) login systems banks use rely on setting a cookie to recognise the de