Re: [9fans] ISP filtering - update

Re: [9fans] ISP filtering - update

[David Presotto]

> none of this works if spammers use dubious means
> (e.g. viruses) to harness home machines (and by implication
> the authentication info that allows the home user to send emails)
> to send their spam for them.
>
> doesn't this already happen?
> or is it just for the DDOS attacks?

Not really.  Most spam is generated willingly on machines.  Lots of
it is redirected using open relay sites.

The worm/virus problem is not really addressed.  If they take over
your machine and you have a legitimate way to send authenticated
email, we're screwed.

Re: [9fans] ISP filtering - update

[Dan Cross]

> The worm/virus problem is not really addressed.  If they take over
> your machine and you have a legitimate way to send authenticated
> email, we're screwed.

If they take over your machine, you're a lot more screwed than just by
them sending mail.

	- Dan C.

Re: [9fans] ISP filtering - update

[Wes Kussmaul]

> > The worm/virus problem is not really addressed.  If they take over
> > your machine and you have a legitimate way to send authenticated
> > email, we're screwed.
>
> If they take over your machine, you're a lot more screwed than just by
> them sending mail.

Yes, but with the latest worms you may not know you're screwed for months or
longer. Meanwhile your machine is cranking away as a spam server, espionage
server (credit card #s, kids' usernames etc.) and perhaps with a side job as
a DDOS server. The worms that immediately destroy registry files etc. seem
to get the media attention but they are relatively a thing of the past. The
modern ones don't call attention to themselves.

There is no doubt in my mind that some group among the worm underground is
planning attacks on critical infrastructure. They're just in development
mode now. If we don't do something, someday we will wish for the good old
days when the worst we had to worry about was spam.

Wes Kussmaul

Re: [9fans] ISP filtering - update

[David Presotto]

[-- Attachment #1: Type: text/plain, Size: 551 bytes --]

> > The worm/virus problem is not really addressed.  If they take over
> > your machine and you have a legitimate way to send authenticated
> > email, we're screwed.
>
> If they take over your machine, you're a lot more screwed than just by
> them sending mail.

I think you didn't read the sentence very well.  If they take over MY
machine, I am indeed screwed.  However, the sentence said YOUR and WE.
I was just agreeing with rog that if the prevalent source of spam were
attacks, then this would indeed be useless.  However, it is not.

[-- Attachment #2: Type: message/rfc822, Size: 3083 bytes --]

From: "Wes Kussmaul" <wes@village.com>
To: <9fans@cse.psu.edu>
Subject: Re: [9fans] ISP filtering - update
Date: Fri, 26 Sep 2003 13:23:24 -0400
Message-ID: <11f801c38452$e4a1cea0$6400a8c0@dell01>


> > The worm/virus problem is not really addressed.  If they take over
> > your machine and you have a legitimate way to send authenticated
> > email, we're screwed.
>
> If they take over your machine, you're a lot more screwed than just by
> them sending mail.

Yes, but with the latest worms you may not know you're screwed for months or
longer. Meanwhile your machine is cranking away as a spam server, espionage
server (credit card #s, kids' usernames etc.) and perhaps with a side job as
a DDOS server. The worms that immediately destroy registry files etc. seem
to get the media attention but they are relatively a thing of the past. The
modern ones don't call attention to themselves.

There is no doubt in my mind that some group among the worm underground is
planning attacks on critical infrastructure. They're just in development
mode now. If we don't do something, someday we will wish for the good old
days when the worst we had to worry about was spam.

Wes Kussmaul

Re: [9fans] ISP filtering - update

[David Presotto]

> a DDOS server. The worms that immediately destroy registry files etc. seem
> to get the media attention but they are relatively a thing of the past. The
> modern ones don't call attention to themselves.

Ehg noted recently that one DSL provider says that 1/3 of the machines attaching
to his service are already infected and the owners don't know it.  Perhaps they're
switching from Cable to DSL because the cable network seems to have gotten slower...

Re: [9fans] ISP filtering - update

[Wes Kussmaul]

> > > The worm/virus problem is not really addressed.  If they take over
> > > your machine and you have a legitimate way to send authenticated
> > > email, we're screwed.
> >
> > If they take over your machine, you're a lot more screwed than just by
> > them sending mail.
>
> I think you didn't read the sentence very well.  If they take over MY
> machine, I am indeed screwed.  However, the sentence said YOUR and WE.
> I was just agreeing with rog that if the prevalent source of spam were
> attacks, then this would indeed be useless.  However, it is not.

You're right, I didn't properly note the pronouns. I stand corrected.

However, the point remains that today's prevalent souce of spam may not be
tomorrow's. We're thinking about two different problems: fixing today's spam
problem asap and fixing the whole online infrastructure before it gets
hijacked.

I admit mine is OT. But it does need attention.

I'll go back to work now.

Re: [9fans] ISP filtering - update

[Dan Cross]

> > > The worm/virus problem is not really addressed.  If they take over
> > > your machine and you have a legitimate way to send authenticated
> > > email, we're screwed.
> >
> > If they take over your machine, you're a lot more screwed than just by
> > them sending mail.
>
> I think you didn't read the sentence very well.  If they take over MY
> machine, I am indeed screwed.  However, the sentence said YOUR and WE.
> I was just agreeing with rog that if the prevalent source of spam were
> attacks, then this would indeed be useless.  However, it is not.

There's that too.  The fact of the matter is, everybody's screwed.

``Can I screw you?''
``What would you want to screw me for?  I'm a lawyer!''
``Punative damages.  Screw you, screw me, screw everybody!''

	- Dan C.

(Apologies to the Jerky Boys.)

Re: [9fans] ISP filtering - update

[Ralph Corderoy]

Hi David,

> The worm/virus problem is not really addressed.  If they take over
> your machine and you have a legitimate way to send authenticated
> email, we're screwed.

What I don't understand is why the worms don't trigger some harm at some
point in the future, like setting the hard drive password to a random
string.  Requiring the `master' password from the drive manufacturer or
OEM would cause enourmous amounts of hassle.  The worm would have
meanwhile re-produced elsewhere so its not `shooting itself in the
head'.

Cheers,

--
Ralph Corderoy.      http://inputplus.co.uk/ralph/     http://troff.org/

Re: [9fans] ISP filtering - update

[David Presotto]

[-- Attachment #1: Type: text/plain, Size: 175 bytes --]

I didn't even realize that there were hardware enforced passwords on
disks.  I just looked up ata specs and found a whole slew of security
cruft I never knew about.  Thanks.

[-- Attachment #2: Type: message/rfc822, Size: 2535 bytes --]

From: Ralph Corderoy <ralph@inputplus.co.uk>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] ISP filtering - update
Date: Mon, 6 Oct 2003 09:01:20 GMT
Message-ID: <2889.3f7d9e85.4e7aa@blake.inputplus.co.uk>

Hi David,

> The worm/virus problem is not really addressed.  If they take over
> your machine and you have a legitimate way to send authenticated
> email, we're screwed.

What I don't understand is why the worms don't trigger some harm at some
point in the future, like setting the hard drive password to a random
string.  Requiring the `master' password from the drive manufacturer or
OEM would cause enourmous amounts of hassle.  The worm would have
meanwhile re-produced elsewhere so its not `shooting itself in the
head'.

Cheers,

--
Ralph Corderoy.      http://inputplus.co.uk/ralph/     http://troff.org/

Re: [9fans] ISP filtering - update

[Christopher Nielsen]

I discovered it when I implemented 48-bit LBA. I didn't
bother with it at the time, but adding support to the
driver might be useful for some.

Also, as soon as I can get my hands on a SATA card, I'll
add support to the ATA driver, unless someone beats me to
it.

On Mon, Oct 06, 2003 at 08:55:34AM -0400, David Presotto wrote:
> I didn't even realize that there were hardware enforced passwords on
> disks.  I just looked up ata specs and found a whole slew of security
> cruft I never knew about.  Thanks.

> From: Ralph Corderoy <ralph@inputplus.co.uk>
> To: 9fans@cse.psu.edu
> Date: Mon, 6 Oct 2003 09:01:20 GMT
> Subject: Re: [9fans] ISP filtering - update
>
> Hi David,
>
> > The worm/virus problem is not really addressed.  If they take over
> > your machine and you have a legitimate way to send authenticated
> > email, we're screwed.
>
> What I don't understand is why the worms don't trigger some harm at some
> point in the future, like setting the hard drive password to a random
> string.  Requiring the `master' password from the drive manufacturer or
> OEM would cause enourmous amounts of hassle.  The worm would have
> meanwhile re-produced elsewhere so its not `shooting itself in the
> head'.

--
Christopher Nielsen
"They who can give up essential liberty for temporary
safety, deserve neither liberty nor safety." --Benjamin Franklin

Re: [9fans] ISP filtering - update (fwd)

[Ralph Corderoy]

[-- Attachment #1: Type: text/plain, Size: 36 bytes --]

[Replace this with your comments.]

[-- Attachment #2: Type: message/rfc822, Size: 1883 bytes --]

From: Ralph Corderoy <ralph@inputplus.co.uk>
Subject: Re: [9fans] ISP filtering - update
Date: Mon, 25 Apr 2005 08:59:53 GMT
Message-ID: <a6c.426ac806.5d71f@blake.inputplus.co.uk>

Hi,

Presotto wrote:
> I wrote:
> > What I don't understand is why the worms don't trigger some harm at
> > some point in the future, like setting the hard drive password to a
> > random string.  Requiring the `master' password from the drive
> > manufacturer or OEM would cause enourmous amounts of hassle.  The
> > worm would have meanwhile re-produced elsewhere so its not `shooting
> > itself in the head'.
>
> I didn't even realize that there were hardware enforced passwords on
> disks.  I just looked up ata specs and found a whole slew of security
> cruft I never knew about.  Thanks.

c't have recently published an article covering the potential misuse of
the ATA security functions so perhaps we'll start seeing some exploits
of it now.

    http://www.heise.de/ct/english/05/08/172/

Cheers,


Ralph.