 
Mactron
el Camino Real
Premium
join:2001-12-16
CM94sv
edit:
November 13th, @09:24AM
| Whack a mole. "any time for celebration will be short lived"
 | |
|  | | | | 
S_engineer
join:2007-05-16
Chicago, IL
| Re: Whack a mole. Problem is they were shut down prematurely. Not all of McColos clients were spammers. They had legitimate sites being hosted. So this opens up liabilities on that front. Not to mention McColo hasn't been formally charged with anything.
"Also unclear is the extent to which McColo could be held legally responsible for the activities of the clients for whom it provides hosting services. There is no evidence that McColo has been charged with any crime, and these activities may not violate the law."
this is from krebs himself...»www.washingtonpost.com/wp-dyn/co···oduletmv
By talking these actions, McColo may not only be entitled to damages, but ironically enough so may their clients.
All Krebs had to do was contact the proper authorities. But he decided that the rag post needed a sales spike. This route almost guarantees McColo part deux 1
--
"For duty and humanity!"
- Moe Larry and Curly (MEN IN BLACK, 1934)...These are the guys we have in Congress | |
| | | | 
bent
not broken
Premium
join:2004-10-04
Longmont, CO
clubs:
 ·Comcast Formerly ..
edit:
November 13th, @04:06PM
| Re: Whack a mole. said by S_engineer  :Problem is they were shut down prematurely. Not all of McColos clients were spammers. They had legitimate sites being hosted. So this opens up liabilities on that front. Not to mention McColo hasn't been formally charged with anything. "Also unclear is the extent to which McColo could be held legally responsible for the activities of the clients for whom it provides hosting services. There is no evidence that McColo has been charged with any crime, and these activities may not violate the law." this is from krebs himself...» www.washingtonpost.com/wp-dyn/co···oduletmvBy talking these actions, McColo may not only be entitled to damages, but ironically enough so may their clients. All Krebs had to do was contact the proper authorities. But he decided that the rag post needed a sales spike. This route almost guarantees McColo part deux 1 Time for a law change. If it's on your servers and you know it's there, and you know it's illegal, you're complicit. The ISPs that pulled the plug were confronted with enough evidence that they really had no other choice, and the spam data certainly backs up their position. Im sure their TOS with McCulo (pun intended) included a prohibition against any illegal activity.
If you lie down with pigs, you get up smelling like shit. Next step should be the FBI seizing McCulos hardware as evidence and let a judge sort it out.
--
»www.lp.org/issues/family-budget
"That government is best which governs least" - Thoreau | |
| | | | | | | | | |
S_engineer
join:2007-05-16
Chicago, IL
| Everyones talking about a law change....but if your talking about a change in law then your admitting McColo didn't break any current law. I'm no advocate of McColo, but I find it funny that a newspaper can legitimately start a lynch mob, and without conviction have a company shut down. This is a horrible precedent. Guilty or not, bypassing the proper methods may give McColo an out, and may even enable them and their clients to seek damages against Global Crossing and hurricane.
This is going to be like a crime drama where the defendant gets released on a technicality. In this case, it will be the premature actions of Global and Hurricane, whom should also be complicit if they knew what was going on!
--
"For duty and humanity!"
- Moe Larry and Curly (MEN IN BLACK, 1934)...These are the guys we have in Congress | |
| | | | | |
bent
not broken
Premium
join:2004-10-04
Longmont, CO
clubs:
·Comcast Formerly ..
edit:
November 13th, @04:50PM
| Re: Whack a mole. said by S_engineer :Everyones talking about a law change....but if your talking about a change in law then your admitting McColo didn't break any current law. The WP says that unless it's k porn or copyright infringment, that's the case. However, the contract that McCulo had with their providers is a whole other ball of ear wax. The WP goes on to state that the commercial front-ends of several k porn rings were hosted by McCulo.
--
»www.lp.org/issues/family-budget
"That government is best which governs least" - Thoreau | |
| | | | | | | | | | | 
Sean
The Great Divide
join:2004-01-23
Richmond Hil
 ·Bell Sympatico
| said by bent :said by S_engineer :Problem is they were shut down prematurely. Not all of McColos clients were spammers. They had legitimate sites being hosted. So this opens up liabilities on that front. Not to mention McColo hasn't been formally charged with anything. "Also unclear is the extent to which McColo could be held legally responsible for the activities of the clients for whom it provides hosting services. There is no evidence that McColo has been charged with any crime, and these activities may not violate the law." this is from krebs himself...» www.washingtonpost.com/wp-dyn/co···oduletmvBy talking these actions, McColo may not only be entitled to damages, but ironically enough so may their clients. All Krebs had to do was contact the proper authorities. But he decided that the rag post needed a sales spike. This route almost guarantees McColo part deux 1 Time for a law change. If it's on your servers and you know it's there, and you know it's illegal, you're complicit. The ISPs that pulled the plug were confronted with enough evidence that they really had no other choice, and the spam data certainly backs up their position. Im sure their TOS with McCulo (pun intended) included a prohibition against any illegal activity. If you lie down with pigs, you get up smelling like shit. Next step should be the FBI seizing McCulos hardware as evidence and let a judge sort it out. Don't be a fascist. Only fascists make reactionary laws.
How do you propose you convince the judge and jury MyColo knew about what was going on? There aren't any current laws about HAVING to know what your clients are doing, because that in itself is absurd (imagine having to keep tabs on ALL of your clients, and then your client's clients, etc since they are on your server).
So,
a) you cannot realistically expect an operation to keep tabs on all of it's terabytes of data
b) you will not be able to prove that said company had any sort of idea of what was going on
Having said this, imagine the ramifications on the people of the state. Imagine a world where a publisher (web hosting company) can't publish (host) ideas and thoughts (websites) for fear of the government deeming it illegal. It would be the beginning of the end to all free speech.
Fascist, much?
What you are suggesting should not ever be considered, and it should not ever, ever become law. | |
| | | | | | amigo_boy
join:2005-07-22
Tempe, AZ
·Cox HSI
 ·magicjack.com
·EarthLink
edit:
November 14th, @03:13PM
| Re: Whack a mole. said by Sean :How do you propose you convince the judge and jury MyColo knew about what was going on? There aren't any current laws about HAVING to know what your clients are doing, because that in itself is absurd (imagine having to keep tabs on ALL of your clients, and then your client's clients, etc since they are on your server). Many laws are simply "what a reasonable person" should have been expected to know, or do. For example, laws concerning self defense don't spell out the exact action or moment that justifies the use of lethal force. They are worded "if you had reasonable fear for your life, the life of another, or grievous bodily injury."
"Reasonable" is what an average person considers to be reasonable. That's decided by a jury of your peers.
I see nothing wrong with a reasonableness test. It's not about finding the exact defining moment that an ISP would be complicit. It's about finding those cases (like this one) where an ISP's customer was hosting half the spammers on the internet. I don't think a jury would have trouble with the question of whether an ISP should have "reasonably" known.
Mark | |
| | | | amigo_boy
join:2005-07-22
Tempe, AZ
·Cox HSI
·magicjack.com
·EarthLink
| said by S_engineer :Problem is they were shut down prematurely. Not all of McColos clients were spammers. They had legitimate sites being hosted. That's convenient. An organization can act with obvious complicity hosting malicious sites, but as long as they have at least *one* legitimate site, they're immune from disconnection by their upstream providers?
said by S_engineer :McColo may not only be entitled to damages, but ironically enough so may their clients. Damages from whom? The Wash. Post is protected under the First Amendment, especially if what it printed is true (and in many ways even if it wasn't). I'm sure the upstream providers know what they're doing.
said by S_engineer :All Krebs had to do was contact the proper authorities. But he decided that the rag post needed a sales spike. This route almost guarantees McColo part deux 1 The scale of the problem makes a reasonable person wonder why the authorities hadn't tracked down long ago what Krebs did. I'm glad he published his story.
Remember, he quoted security experts who corroborated his findings. That means they hadn't notified authoties either.
My guess is (considering how many people knew about it), it was reported to authorities, but they chose to do nothing. Have you ever listed to Citizen Band Radio? The FCC knows there are widespread violations of the rules. It does very little.
Mark | |
| | | | |
S_engineer
join:2007-05-16
Chicago, IL
| Re: Whack a mole. but your convicting on speculation, and in this case, you've already passed sentence. Is this premise acceptable with other criminals?
He may have circumvented a pending investigation and given McColo an opportunity to trash illegal material. And even more, he could have documented his dealing with authorities in order to see what holes in the legal system needed to be plugged. This is a blown opportunity which has the potential to let McColo off of the hook!
--
"For duty and humanity!"
- Moe Larry and Curly (MEN IN BLACK, 1934)...These are the guys we have in Congress | |
| | | | | | amigo_boy
join:2005-07-22
Tempe, AZ
·Cox HSI
·magicjack.com
·EarthLink
| Re: Whack a mole. said by S_engineer :but your convicting And you're overstating the facts. Nobody was convicted. The author merely presented upstream (and seemingly more professional) providers information he and other researchers had discovered about one of those providers' customers. Those providers apparently determined that McColo violated their terms of service.
said by S_engineer :This is a blown opportunity Again, you're overstating the facts. You don't know if law enforcement was investigating McColo. You don't know if they would have if the author took the info to LE. (You don't know the author didn't.).
What we do know is that ISPs (including Hurricane and Global) will likely be more cautious about enforcing their terms of service. Consequently making it harder for spammers, et al., to get service (in the US at least).
Mark | |
| | | | | | |
S_engineer
join:2007-05-16
Chicago, IL
| Re: Whack a mole. said by amigo_boy :said by S_engineer :but your convicting And you're overstating the facts. Nobody was convicted. The author merely presented upstream (and seemingly more professional) providers information he and other researchers had discovered about one of those providers' customers. Those providers apparently determined that McColo violated their terms of service. said by S_engineer :This is a blown opportunity Again, you're overstating the facts. You don't know if law enforcement was investigating McColo. You don't know if they would have if the author took the info to LE. (You don't know the author didn't.). What we do know is that ISPs (including Hurricane and Global) will likely be more cautious about enforcing their terms of service. Consequently making it harder for spammers, et al., to get service (in the US at least). Mark If mcColo is complicit for the s**t that they were hosting, and this was a violation of terms from global and hurricane, then they too are complicit due to the amount of time that this has been going on. If this was common knowledge, then why didn't Global and Hurricane pull the plug earlier?
will they plead ignorance just as McColo will? | |
| | | | | | | | amigo_boy
join:2005-07-22
Tempe, AZ
·Cox HSI
·magicjack.com
·EarthLink
| Re: Whack a mole. said by S_engineer :If mcColo is complicit for the s**t that they were hosting, and this was a violation of terms from global and hurricane, then they too are complicit due to the amount of time that this has been going on. If this was common knowledge, then why didn't Global and Hurricane pull the plug earlier? Your position reminds me of the speeder pulled over by a traffic cop. As the cop stood there writing the ticket, the driver complained, "why did you pull me over? Look at all those people speeding? Like that a**hole? Or, that a**hole? (as each car passed by)."
The officer calmly replied, "One a**hole at a time, sir."
Don't let perfection be the enemy of good.
said by S_engineer :will they plead ignorance just as McColo will? I don't think anyone will plead anything. It's over. Everyone should have learned something from the experience.
Mark | |
| | | | | | | | |
S_engineer
join:2007-05-16
Chicago, IL
| Re: Whack a mole. If your saying the ends justifies the means, then fine. Stay consistent with your beliefs. Apply that premise to torture in war, the execution of prisoners sentenced to death, and the occasional vigilanty justice that happens (regardless of conviction) in our country.
And since your such a proponent of the common good, then I assume your for a Southern wall and against gay marriage.
Because the majority of voters believe thats for the common good.
Stay consistent
--
"For duty and humanity!"
- Moe Larry and Curly (MEN IN BLACK, 1934)...These are the guys we have in Congress | |
| | | | | | | | | | amigo_boy
join:2005-07-22
Tempe, AZ
·Cox HSI
·magicjack.com
·EarthLink
| Re: Whack a mole. said by S_engineer :Apply that premise to torture in war, the execution of prisoners sentenced to death, How do you compare those things to merely presenting a business with evidence that one of its customers may be violating the business's terms of service?
Mark | |
| | 
rahlquist
Redeye
join:2001-10-30
Villa Rica, GA
| 
Nice drop! |
--
Fed Up With Stupidity?
Patentlystupid.com | |
| 
Camelot One
Premium,MVM
join:2001-11-21
Sarasota, FL
clubs:
·VoicePulse
| Time for a BBR Task Force? The government/local LEOs form a "task force" for just about everything these days. Knowing that SO much spam comes through host, couldn't we put together our own BBR Task Force to track which ISP this one company moves to, and contact them? I'm sure it would be a never ending battle, but it's a start.
--
Intel Q6600 @3400Mhz/GA-EP35-DS3P/2x 2048Mb G.Skill/Seagate 750.10/EVGA 8800GT's SLI/Silverstone 850W/Custom water cooler | |
| | 
morbo
Complete Your Transaction
join:2002-01-22
00000
clubs: | Re: Time for a BBR Task Force? can we call ourself BANK BBR with a minor emphasis in spam fighting? that way, we at least can get a couple billion from the bailout. | |
| | | SilverSurfer
join:2007-08-19
| Re: Time for a BBR Task Force? said by morbo :can we call ourself BANK BBR with a minor emphasis in spam fighting? that way, we at least can get a couple billion from the bailout. And a tax break on top of it. | |
| | birdfeedr
Premium
join:2001-08-11
Warwick, RI
 ·Verizon FIOS
| Well, there's certainly plenty of talent that could be put to use for a BBR Task Force, but it remains to be seen what can be done about it. From the Washington Post article in yesterday's news item:
Multiple security researchers have recently published data naming McColo as the host for all of the top robot networks or "botnets," which are vast collections of hacked computers that are networked together to blast out spam or attack others online. These include SecureWorks, FireEye and ThreatExpert.
Reports by Joe Stewart, director of malware research for Atlanta-based SecureWorks, said that these known botnets: Mega-D, Srizbi, Pushdo, Rustock and Warezov, "have their master servers hosted at McColo.
Stewart said he has complained to McColo several times about botnets operating out of the company's servers, and each time, he said, the company claimed it was addressing the problem. But according to Stewart, they did so by just moving the offending Web sites to a different section of their network.
"McColo runs a service that offers its clients quite a bit more protection from takedowns than the average Web host," Stewart said. "If they get abuse complaints they will try to appease whoever is complaining, but the end result is usually they just end up moving their Internet addresses around." Of course, if SecureWorks, FireEye and ThreatExpert, and any newly established BBR Task Force makes a big splash about their findings, it might result in action sooner.
By going to McColo's providers, they (spammers and botnets) got shut down. | |
| | | 
Noah Vail
Premium
join:2004-12-10
Lorton, VA
·RoadRunner Cable
 ·Verizon BroadbandA..
·VoicePulse
| Re: Time for a BBR Task Force? said by birdfeedr :Of course, if SecureWorks, FireEye and ThreatExpert, and any newly established BBR Task Force makes a big splash about their findings, it might result in action sooner. By going to McColo's providers, they (spammers and botnets) got shut down. Plan 'B' might be to locate and openly publish the home address and phone number of the MoColo owners and operators along with some light reading about how much k-porn they host.
They CAN be found.
»en.wikipedia.org/wiki/Alan_Ralsky
NV
--
Abortion: A Republican Plot to Thin the Liberal Herd. | |
| 
Dennis
Premium,Mod
join:2001-01-26
Algonquin, IL | musical chairs Maybe this is why I noticed a spike in comment spam on my moveable type website yesterday. Sad to say they are just changing battle fronts until they can dig back in somewhere else. | |
| | 
fireflier
Coffee. . .Need Coffee
Premium
join:2001-05-25
Limbo
·Skype
·RoadRunner Cable
edit:
November 13th, @11:06AM
| Now embarrass those who failed to act. Now would be a good time to follow-up and name those people and entities who knew about this activity and were unwilling to do anything. Corporate and government.
The fact that action has been taken is suggestive that it's no longer a debatable issue as to whether there really was improper activity taking place. In addition, the fact that it WAS stopped is indicative of the fact that it could have been stopped earlier.
With that out of the way, they should move toward holding those who could have stopped it and were tasked with stopping this kind of activity accountable or at the very least embarrasing them so perhaps they'll move a little more swiftly in the future. The warnings from security firms and various IT personnel seems to be well documented. The lack of response to those warnings appears to be equally well documented. | |
| | 
IT Guy
Your God Smells Funny
join:2004-07-29
Las Cruces, NM
·Comcast
| Damn Spammers Our company uses Postini for spam filtering, and while I have noticed a significant drop in total spam volume over the past couple months, there has been a resurgence of attempted directory harvest attacks. I had notification of 5 attempts just this morning. To put it in perspective, I get **maybe** one attempt per month.
--
My time is a piece of wax, falling on a termite, that's choking on a splinter. --Beck | |
| 
DeeplyShrouded
@comcast.net
| It starts at your home PC Is your AV up to date?
Best way not to be part of a botnet is to be sure your own
PC is infection free. I was telling another gentleman
in another post that it's not the responsibility of an ISP
to regulate what data goes over it's network. That's up to
law enforcement and our courts.
What I WOULD like to see from an ISP or email provider is the
option to block out whole top level domains in their filtering
software. I don't know anyone who uses *.wannado.fr, nor do
I know any Prince, King, Barrister, or official from Nigeria.
I know it may not be much of a difference, but every piece of
spam I get, I forward it to the abuse department of the sender's ISP.
Does it help? I don't know. But I'd like to see the whole
net or at least the email protocol re-written so that
people can either block everything and let only what they
want in, or at least the ability to block mail from any
.TLD they don't know.
--Deeply Shrouded & Quiet
--Central Control! D-Dial #49 | |
| | | | |
bent
not broken
Premium
join:2004-10-04
Longmont, CO
clubs:
·Comcast Formerly ..
| Re: It starts at your home PC I'm almost never one to kiss Comcasts ass, but my comcast.net emails are almost spam-free. Good on 'em.
--
»www.lp.org/issues/family-budget
"That government is best which governs least" - Thoreau | |
| | |
DeeplyShrouded
@comcast.net
| True, but such programs don't work for webmail like Yahoo.
Although they have the ability to block an address, there
is no way to block *@wanadoo.fr or *@*.fr and with the rate
the spammers create new yahoo and gmail throwaway addresses,
the address blocked list fills up quickly.
I've been saying for years that the email system need to
be revamped, for instance, a person uses server A, and spoofs
an address on server B to send a message to server C.
Since there is no challenge-authentication, server C accepts
the message no matter what's in the header fields.
Now, suppose the person using server A tries the same thing
with a challenge-authenticate system?
Server C receives a message crafted to look like it came
from Server B. Server C queries server B asking, did you
send me this message and sends a timestamp and recipient.
If server B has no record, the message is trashed and never
delivered to the person on server C.
I do like the idea of distributed spam reporting.
If it's spam to one person, it's probably spam to everyone
else. I think between a challenge-authenticate system,
and a whitelist address book filter, spam would virtually
be eliminated.
--Deeply Shrouded & Quiet
--Central Control! D-Dial #49 | |
| | | | iansltx
join:2007-02-19
Fredericksburg, TX
·Comcast
·Qwest.net
·magicjack.com
·BeeCreek Communica..
·Sprint Mobile Broa..
| Re: It starts at your home PC If you want a challenge-response system, there are plenty of those. But for legitimate e-mail they're a a Royal Painen Diaz, as the folks from Car Talk would say. IMO distributed spam reporting is the best way to solve the problems, combining the best of Bayesian filtering with human intuition.The end result seems to be really good, at least for me.
What's interesting is that, on the e-mail addresses I'm careful about where I put them (AIM, Yahoo, school email) I might a spam message once in awhile,, but not really. Only on GMail do I get a lot of spam, and that's because that e-mail address is posted in several places on the web. Thankfully, 99.9% of the spam goes into the Spam folder, there to be ignored... | |
| 
Smith6612
Premium
join:2008-02-01
united state | Look at the bytes saved! Seems as though just cutting off these guys freed up some bandwidth on the internet. I was happy to log into my AIM mail and not see any spam in it today, and Verizon mail which had none in it as well. | |
| | | |
|
|
As Expected, Huge Spam Reduction To Be Short Lived
