Archive for the ‘Security’ Category


Loren Wiener aka mrinternet
Melbourne Australia
10 August 2012 (tomorrow for many of you)

Convenience  vs.  Security You Do not Have to Choose 

We are all grateful for Mat Honan from Wired full story here raising to our attention the ease that we sometimes offer hackers. I was in charge of Business Internet Products and Security in a previous life for a large Telco and I wasn’t even aware of how easy some of this was, for the hacker.  The daisy chain effect where accounts are linked etc. was part of the issue, and not a relatively new event (5 years or less old) the not so tight processes at Amazon and Apple (now changed thanks to Mat ) was another part also not new. But the part where it pretty much all started is the part many take for granted, and the oldest issue, that many is that of the domain name. Mad had linked (daisy chained) various accounts) in the process of identification a home address was needed, and this was freely offered by looking up Mat Honan’s address from his domain name. Public addresses, for all domain is public by default as technical, billing, and domain owner name is required. There are options for all domain names to hide this information, and you can usually just not put in address in this. If we learn nothing else here (besides doing back-ups) is hide, use a PO box, or do not offer your address on your public domain name info.

Note: I hope Mat gets back his data, and I for one would contribute to any costs in helping him do that. We need more Mats’


How did the U.S. Air Force respond on 9/11? MINUTE BY MINUTE
HEAR THE TAPES (as NORAD manages the launching of the military response)
After hearing 30 hours of never-before-released tapes from the control room of NORAD’s Northeast headquarters, the author reconstructs the chaotic military history of that dayand the Pentagon’s apparent attempt to cover it up. A MUST.

read more | digg story


Social networking site MySpace.com is offline currently, attributing the downtime to a power outage in its data center. It was inaccessible for more than 90 minutes, and then displayed a brief message alerting users to the problems: “Hey everyone! There’s been a power outage in our data center. we’re in the process of fixing it right now, so sit tight. – Tom” (presumably MySpace co-founder Tom Anderson).

With MySpace unavailable, many of the service’s users began posting blog items at LiveJournal, another free blogging service popular with U.S. teenagers

A dynamically updating chart of the web site performance of myspace.com is available. Netcraft offers a web site performance monitoring service that provides detailed uptime charts, along with e-mail alerts when an outage occurs.

The message at MySpace did not specify which of its data centers had experienced the power outage. MySpace.com appears to use two, one at CWIE.net in Tempe, Ariz. and another in a new Equinix data center in El Segundo, Calif. The temporary message was being displayed from the Tempe IP address.

MySpace.com is ranked the 77th most visited site on the internet amongst users of the Netcraft toolbar, although some other services place it higher and Hitwise ranks it 1st, in front of Google.

Rupert Murdoch’s News Corp. bought the site for $580 million last July. In May MySpace said the expansion into Equinix’s data center will allow it to improve peering with network service providers, which will help in managing traffic surges and high-bandwidth features such as multimedia streaming.

Story by Rich Miller & Mr-Internet


 

 

 

 

Updated 19 July 2006

Howdy,

Being that I own a few dozen or so domain names of my own (as a hobby not as an extortionist), I often get asked about spam especially since the death of Blue Frog.

So how bad is it especially since I have been pretty high profile and using the some of the same email addresses for (gulp) over a dozen years.

Unfiltered I get 500 spam emails a day. Filtered I get less than 5 (these 5 usually pretend to be from one of my own email addresses ‘spoofed’ as they say).

So what now?
Easy answer is it has been much worse and I pretty much run a spam free life these days, but it is getting harder to do so.

I essentially suggest a few things that are very simple for anyone to do.

Quick Definitions

  • ‘Server side’ – just means it is done at the ISP (and doesn’t impact anything you do on the PC). It’s usually free…..
  • ‘Client Side’– for this discussion just means it is running on your PC.
  • ‘Black Lists‘ – A list based on all the email address of those that you know are from spammers (this can be from spam you have received or public lists from programs and services that offer list of known spammers and spamming organisations). Sometimes the list form 3rd parties are referred to as RBL or Real-time block lists.
  • ‘White lists’ – A list of everyone you know that you want to get email from.

  • ‘RBL lists’Real-time Block Lists (RBL) are powerful spam blocking lists which maintain an active database of known spammers and domains which use Open Relay Mail Servers, which are often used to send spam. By employing these lists in your filtering, you will block a majority of spam before it reaches your inbox.  Some examples of theses are:  

sbl-xbl.spamhaus.org, blackholes.easynet.nl , blackholes.mail-abuse.org, bl.spamcop.net, cbl.abuseat.org, dialups.mail-abuse.org,  dnsbl.sorbs.net,  flowgoaway.com,  list.dsbl.org,  relays.ordb.org Your ISP’s list will vary.

 

TIP: Due to the daily growth in black lists (public and personal) of known spammers, it is no longer suggested you filter email by black lists only. But increase the quality of your own white lists and include as many RBL lists as possible.

What I do.

1) I run a ‘server side’ anti-virus and anti-spam (for free from my ISP) definitions per above, as well as server side RBL lists and a top tier white list (of the top 50 email addresses I never want to miss emails from).

2) I run automatic ‘client side’ black and white lists that filter my email prior to getting to my email client (Outlook 2003/2007). definitions per above.

This allows me to have Outlook 100% spam free.

Tip: When you have your own domain name (yourcompany.com) you will get more spam than most people that do not have one.

Server Side Anti-Spam Settings

· Often has a setting between 1-10 (or in my ISP’s case 10-20). The higher the number the better the filtering. However, this also means the higher the number the more likely you will miss legitimate emails. This is unless you use what are called black and white lists (per 2&3 below).

Tip: It is best to choose to set spam filtering only at a medium setting (4 or 14 per above) in the beginning with no black/white lists. If you start missing email (hard to tell sometimes) you just change your settings a little bit, if you are still getting lots of spam you adjust the setting the other way. This is because every server side spam filtering service is a bit different and if you set it too high you can miss all your email (hmm not a bad idea perhaps).

As obvious as it sounds most people that have free spam filtering available to them DO NOT USE IT.

Check with your ISP !!

  • Warning: Keep in mind as simple as it sounds black and white lists are just that black and white. You could set-up email to only come from white lists , but you could miss someone you haven’t heard from for a while, or missed etc. You could get email from everyone but blacklists but new ones show up daily so it is a tool but not perfect.

 

Client Side Products

· I use black/white lists (per above) but on my client site filtering (on my PC) via a program called mail washer pro® , It shows legit emails in any color you want green for me and spam in another red in my case (it could just delete everything it thinks is spam but for me it is only 98% accurate).

· It automatically sets up to check email before you open outlook and it lets you see all the email and shows the result of white list and black lists.

· You then change any mistakes it makes (it learns from its mistakes), accept the legit email (if there is any).

· It even bounces the spam back to the spammer, and sends the good mail (ONLY) to outlook (that it then opens Outlook or most other email clients automatically for you).

· This means outlook in my case Outlook stays 110% spam free, but takes me an extra 10 seconds to check email every time. It also lets you view all emails, if you get a good email (IN GREEN) want to read it but not save it, it will show you the email then you can delete it.

· The program is even available for a free trial I think.

In Australia we get charged for the bandwidth you use (including emails). This sort of product (as did Blue Frog), reduces the amount of junk email you have to download before it is filtered.

Caveats: I have looked only at a scenario where I MUST USE OUTLOOK. Other programs may work much better or not for outlook. Also Outlook has its own filtering of spam filtering built in but is far from perfect but is getting better all the time. Also this is not an ad for Mailwasher Pro I just happen to be a fan, if you know if anything better let me know (PLEASE). I do not claim to know it all (or much), this is just something I get asked for so thought I would share it.

As you can tell it is far from rocket science but there are a couple of variables that you could consider per above. Also if this seems like a lot time is needed for this, once it is set up it  only needs the minimum of matinence.

I hope this is useful let me know.

 

 


A targeted denial-of-service attack from the US failed in its mission over the weekend to shut down an Australian website promoting a controversial calendar showcasing the sexy side of women who work in the IT sector.

read more | digg story