On Sun, Feb 23, 2003 at 08:39:53PM -0700, Bob Bish wrote:
> At 07:36 PM 2/23/2003, Rich Kulawiec wrote:
> >Are you aware of the numerous instances in which folks have had their
> >address/domain forged into spam headers and have thus been subject
> >to indirect denial-of-service attacks (e.g. millions of bounces)
>
> What you are talking about here goes way beyond ordinary spam.
That depends on what you consider "ordinary". If it happens often,
is it "ordinary"?
(It does happen often, BTW. There are a few spam operations which do
it as a matter of course. Others do it as a form of revenge.)
Not to mention the impact on people who have their relays/proxies hijacked
and are thus denied service while millions of spams are shoved through them,
and then -- for good measure -- receive the resulting complaints. Sure,
they shouldn't have set their systems up in this fashion to begin with,
and it was a mistake for them to do so: but the consequences they bear
far outweigh the size of their mistake.
"Ordinary" spam is only seen these days from new spammers. The sophisticated
ones are organized, global, have multiple network connections, and some
surprisingly sophisticated software to maximize their ability to hijack
other systems to send their spam. They're using all sorts of clever tricks --
from asymmetric routing to frustrate people looking for them, to lots of
Javascript to obfuscate URLs in their messages. This stuff is WAY beyond
what career spammers like Wallace and Rines were doing just a few years ago.
> I'm sure you've seen things on the news about massive virus attacks crippling
> computers worldwide on occasion, but that goes way beyond something like
> the Klez and other ordinary email-bourne viruses I'm discussing.
It doesn't cripple computers which aren't susceptible to those
particular viruses. Let's be clear: for the most part, these aren't
computer virus problems: they're Microsoft Windows problems. Yes, the
side-effects can impact other people (e.g. one of my network connections
has rendered useless by the recent MS SQL problem because it's shared
with a company whose systems became infected) but the computers themselves
are unaffected.
> Gee, just think what they [AOL] could do if the spent one cent per user to
> fight viruses!
I can't believe I'm going to take AOL's side in this, but...
Why should AOL -- an Internet service provider -- compensate for the poor
choices of computing platforms by its users, or the failure of its users
to properly secure their own systems? Where's the responsibility of those
users who willingly connect their systems to the Internet? Why aren't *they*
held personally accountable for the impact/damage that their systems do?
---Rsk
References:
|
|
