Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
--
Julian V. Noble
Professor Emeritus of Physics jv*@lessspamformother.virginia.edu
^^^^^^^^^^^^^^^^^^ http://galileo.phys.virginia.edu/~jvn/
"Science knows only one commandment: contribute to science."
-- Bertolt Brecht, "Galileo". 44  4853 
Julian V. Noble wrote: Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
Yes. I am getting ~200/day but I made mozilla identify them as spam and
not download any attachments bigger than 50k so they are quickly deleted
--
Ian Tuomi
Jyväskylä, Finland
"Very funny scotty, now beam down my clothes."
GCS d- s+: a--- C++>$ L+>+++$ E- W+ N+ !o>+ w---
!O- !M- t+ !5 !X R+ tv- b++ DI+ !D G e->+++ h!
NOTE: Remove NOSPAM from address
Ian Tuomi <ia*******@co.jyu.fi> writes: Julian V. Noble wrote:
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox? I
neglected to spoof my header, and since Hurricane Isabel I have
gotten well over 10K such messages.
Yes. I am getting ~200/day but I made mozilla identify them as spam
and not download any attachments bigger than 50k so they are quickly
deleted
For me, these two procmail rules got the signal/noise ratio down to
levels manageable by Gnus. (But then I was getting more like ~1000
messages/day for a few days there).
:0 B
* ^Content-Type:.application/(msword|(x-)?msdownload|vnd.ms-[aptw].*)
{
LOG="[worm] "
:0
/dev/null
}
:0 B
* ^Content-Transfer-Encoding:.*base64
* ^TVqQAAMAAAAEAAAA//8AALg
* 4fug4AtAnNIbg
{
LOG="[worm] "
:0
/dev/null
}
--
Björn Lindström <bk**@elektrubadur.se> http://bkhl.elektrubadur.se/
Hearken to the new *Elektrubadur* demo at http://elektrubadur.se/
Julian V. Noble wrote: Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
Yes. I am getting ~200/day but I made mozilla identify them as spam and
not download any attachments bigger than 50k so they are quickly deleted
--
Ian Tuomi
Jyväskylä, Finland
"Very funny scotty, now beam down my clothes."
GCS d- s+: a--- C++>$ L+>+++$ E- W+ N+ !o>+ w---
!O- !M- t+ !5 !X R+ tv- b++ DI+ !D G e->+++ h!
NOTE: Remove NOSPAM from address
Ian Tuomi <ia*******@co.jyu.fi> writes: Julian V. Noble wrote:
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox? I
neglected to spoof my header, and since Hurricane Isabel I have
gotten well over 10K such messages.
Yes. I am getting ~200/day but I made mozilla identify them as spam
and not download any attachments bigger than 50k so they are quickly
deleted
For me, these two procmail rules got the signal/noise ratio down to
levels manageable by Gnus. (But then I was getting more like ~1000
messages/day for a few days there).
:0 B
* ^Content-Type:.application/(msword|(x-)?msdownload|vnd.ms-[aptw].*)
{
LOG="[worm] "
:0
/dev/null
}
:0 B
* ^Content-Transfer-Encoding:.*base64
* ^TVqQAAMAAAAEAAAA//8AALg
* 4fug4AtAnNIbg
{
LOG="[worm] "
:0
/dev/null
}
--
Björn Lindström <bk**@elektrubadur.se> http://bkhl.elektrubadur.se/
Hearken to the new *Elektrubadur* demo at http://elektrubadur.se/
Julian V. Noble wrote: Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
You are off topic here, but it is propably Swen that you are seeing,
read more about it for example from here: http://www.f-secure.com/v-descs/swen.shtml
Julian V. Noble wrote: Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
You are off topic here, but it is propably Swen that you are seeing,
read more about it for example from here: http://www.f-secure.com/v-descs/swen.shtml
On Wed, 24 Sep 2003, Julian V. Noble wrote: Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
I used to get less than a dozen a day so I never worried about spoofing my
return address. As you can see, I now spoof my return address. I'm getting
around 500 a day now. I didn't read my email over the weekend and had over
1300 messages waiting for me.
If you are on a Unix box you can look into using procmail to filter your
incoming.
--
Julian V. Noble
Professor Emeritus of Physics
jv*@lessspamformother.virginia.edu
^^^^^^^^^^^^^^^^^^
http://galileo.phys.virginia.edu/~jvn/
"Science knows only one commandment: contribute to science."
-- Bertolt Brecht, "Galileo".
--
darrell at cs dot toronto dot edu
or
main(){int j=1234;char t[]=":@abcdefghijklmnopqrstuvwxyz.\n",*i=
"iqgbgxmdbjlgdv.lksrqek.n";char *strchr(const char *,int);while(
*i){j+=strchr(t,*i++)-t;j%=sizeof t-1;putchar(t[j]);} return 0;}
On Wed, 24 Sep 2003, Julian V. Noble wrote: Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
I used to get less than a dozen a day so I never worried about spoofing my
return address. As you can see, I now spoof my return address. I'm getting
around 500 a day now. I didn't read my email over the weekend and had over
1300 messages waiting for me.
If you are on a Unix box you can look into using procmail to filter your
incoming.
--
Julian V. Noble
Professor Emeritus of Physics
jv*@lessspamformother.virginia.edu
^^^^^^^^^^^^^^^^^^
http://galileo.phys.virginia.edu/~jvn/
"Science knows only one commandment: contribute to science."
-- Bertolt Brecht, "Galileo".
--
darrell at cs dot toronto dot edu
or
main(){int j=1234;char t[]=":@abcdefghijklmnopqrstuvwxyz.\n",*i=
"iqgbgxmdbjlgdv.lksrqek.n";char *strchr(const char *,int);while(
*i){j+=strchr(t,*i++)-t;j%=sizeof t-1;putchar(t[j]);} return 0;}
On Wed, 24 Sep 2003 19:22:05 +0300, Ian Tuomi wrote: Julian V. Noble wrote:
Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
I got suprised one day as it turned out that I had ~200 messagess waiting
for me. The bad thing is that I have *slow* connection and those messages
were simply killing my system. I had 100+ of sendmails hanging around and
waiting forever for the mail to arrive.
To be topical: what is the keyword "restricted" for, how old is it? I've
noticed a couple of people giving little hints that it's for telling the
programmer/compiler it's illegal to pass the same thing more than once. I
dont know if I got it correctly or is it just my imagination working.
Anyway what is the reason for such a construct? The olny example I could
think of was something like memcpy - memove (it's a little slopy, I know
it's not exactly the same).
Fell free to correct me
Zygmunt
On Wed, 24 Sep 2003 19:22:05 +0300, Ian Tuomi wrote: Julian V. Noble wrote:
Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
I got suprised one day as it turned out that I had ~200 messagess waiting
for me. The bad thing is that I have *slow* connection and those messages
were simply killing my system. I had 100+ of sendmails hanging around and
waiting forever for the mail to arrive.
To be topical: what is the keyword "restricted" for, how old is it? I've
noticed a couple of people giving little hints that it's for telling the
programmer/compiler it's illegal to pass the same thing more than once. I
dont know if I got it correctly or is it just my imagination working.
Anyway what is the reason for such a construct? The olny example I could
think of was something like memcpy - memove (it's a little slopy, I know
it's not exactly the same).
Fell free to correct me
Zygmunt
"Zygmunt Krynicki" <zyga@_CUT_2zyga.MEdyndns._OUT_org> wrote in message To be topical: what is the keyword "restricted" for, how old is it? I've
noticed a couple of people giving little hints that it's for telling the
programmer/compiler it's illegal to pass the same thing more than once.
Say we've got the following function
int mean(int *data, int N, int *err)
{
/* add up the data, if you get an overflow then set err */
}
The problem comes when err points to one of the data elements pointed to by
data. This is obviously pathological from the point of view of a human
programmer who knows the intent of the function, but to the compiler it is
legal C.
The need to handle pointer aliasing may make it difficult to optimise the
function. For instance, if integers are four bytes but the architecture
allows 8 bytes to be read from memory at one cycle, the compiler cannot take
advantage of this because of the possibility that a write to *err has
invalidated the second data item.
"Zygmunt Krynicki" <zyga@_CUT_2zyga.MEdyndns._OUT_org> wrote in message To be topical: what is the keyword "restricted" for, how old is it? I've
noticed a couple of people giving little hints that it's for telling the
programmer/compiler it's illegal to pass the same thing more than once.
Say we've got the following function
int mean(int *data, int N, int *err)
{
/* add up the data, if you get an overflow then set err */
}
The problem comes when err points to one of the data elements pointed to by
data. This is obviously pathological from the point of view of a human
programmer who knows the intent of the function, but to the compiler it is
legal C.
The need to handle pointer aliasing may make it difficult to optimise the
function. For instance, if integers are four bytes but the architecture
allows 8 bytes to be read from memory at one cycle, the compiler cannot take
advantage of this because of the possibility that a write to *err has
invalidated the second data item.
Julian V. Noble wrote: Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
I do get emails from Swen infected users, to my one and only public
email address, probably collected from c.l.c when I was posting without
mangling it. For some reason, though, I do not get any unmanageable
amount :-/ Maybe 50 emails tops since last friday...
--
Bertrand Mollinier Toublet
"In regard to Ducatis vs. women, it has been said: 'One is a sexy thing
that you've just got to ride, even if it breaks down a lot, costs a lot
of money, and will probably try to kill you'. However, nowadays I can't
seem to remember which one is which." -- Peer Landa
Julian V. Noble wrote: Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
I do get emails from Swen infected users, to my one and only public
email address, probably collected from c.l.c when I was posting without
mangling it. For some reason, though, I do not get any unmanageable
amount :-/ Maybe 50 emails tops since last friday...
--
Bertrand Mollinier Toublet
"In regard to Ducatis vs. women, it has been said: 'One is a sexy thing
that you've just got to ride, even if it breaks down a lot, costs a lot
of money, and will probably try to kill you'. However, nowadays I can't
seem to remember which one is which." -- Peer Landa
"Julian V. Noble" <jvn-at-virginia.edu> wrote: Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
Since 2003/9/18 I have received about 4000 copies of the worm
Swen.A. That's about 600 megabytes added to my monthly quota :(
I think a lot of people on comp.lang.c are affected according to a bounce message I received:
---
The file (part0004:q834994.exe) attached to mail (with subject: Current Net Critical Pack) sent by
sales.dep-at-xnet.ro to jens.toerring-at-physik.fu-berlin.de, 80bluesky-at-gmx.at,
calum.bulk-at-ntlworld.com, jacob.navia-at-jacob.remcomp.fr, thomas.pfaff-at-tiscali.no,
nicole0169-at-citiz.net, christian.bau-at-cbau.freeserve.co.uk, sbiber-at-optushome.com.au,
foo.foo-at-gmx.net, debashis_kolkata-at-rediffmail.com, nimel-at-passagen.se, a.litowka-at-gmx.de,
gah-at-ugcs.caltech.edu, gin-at-binky.homeunix.org, dagwyn-at-null.net, mambuhl-at-earthlink.net,
mason_verger-at-skincare.com, lawrence.jones-at-eds.com, klachemin-at-home.com,
pyf-at-mail.zjitc.net, nzanella-at-cs.mun.ca, francischeng-at-hong-kong.crosswinds.net,
jcook-at-strobedata.com, emonk-at-slingshot.co.nz.no.uce, pushkar-at-erc.msstate.edu,
lfw-at-airmail.net, binary-at-eton.powernet.co.uk, airia-at-acay.com.au, chris-at-sonnack.com,
kst-at-cts.com, derkgwen-at-hotpop.com, dontmail-at-address.co.uk.invalid, mkwahler-at-mkwahler.net,
os2guy-at-pc-rosenau.de, richmond-at-ev1.net, horpner-at-yahoo.com, nglen702-at-netscape.net,
stewart.brodie-at-ntlworld.com, ayeameen-at-yahoo.com, parinioa-at-hotmail.com,
malcolm-at-55bank.freeserve.co.uk, joewwright-at-earthlink.net, m_donaghy50-at-hotmail.com,
robertvazan-at-privateweb.sk, kevin.bracey-at-tematic.com, dan.pop-at-cern.ch, thadsmith-at-acm.org,
nethlek-at-tokyo.com, koster_thomas-at-yahoo.com.sg, ajo-at-andrew.cmu.edu,
first.last-at-company.com, aurer-at-axis.com, palaste-at-cc.helsinki.fi, eric.sosman-at-sun.com,
msgregoryz-at-earthlink.net, kers-at-hpl.hp.com, d99alu-at-efd.lth.se, cmccormick-at-mailsnare.net,
chrisval-at-bigpond.com.au, kuyper-at-saicmodis.com, deliberately-at-made.invalid,
ak+usenet-at-freeshell.org, irrwahn-at-freenet.de, xal-at-abowers.combase.com,
s030768-at-student.dtu.dk, pfiland-at-mindspring.com, scs-at-eskimo.com, noizetogo-at-direct.ca,
glenhallick-at-sprint.ca, cdvanos-at-telus.net, n36170-at-hotmail.com, me-at-here.com,
danmc-at-shaw.ca, magpie-at-shinythings.com, keimdf-at-softek-net.com is infected with virus:
Win32/Swen.A-at-mm.
---
(@ replaced with -at- in this message to try to prevent this
email list from being picked up by spambots.)
--
Simon.
"Julian V. Noble" <jvn-at-virginia.edu> wrote: Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
Since 2003/9/18 I have received about 4000 copies of the worm
Swen.A. That's about 600 megabytes added to my monthly quota :(
I think a lot of people on comp.lang.c are affected according to a bounce message I received:
---
The file (part0004:q834994.exe) attached to mail (with subject: Current Net Critical Pack) sent by
sales.dep-at-xnet.ro to jens.toerring-at-physik.fu-berlin.de, 80bluesky-at-gmx.at,
calum.bulk-at-ntlworld.com, jacob.navia-at-jacob.remcomp.fr, thomas.pfaff-at-tiscali.no,
nicole0169-at-citiz.net, christian.bau-at-cbau.freeserve.co.uk, sbiber-at-optushome.com.au,
foo.foo-at-gmx.net, debashis_kolkata-at-rediffmail.com, nimel-at-passagen.se, a.litowka-at-gmx.de,
gah-at-ugcs.caltech.edu, gin-at-binky.homeunix.org, dagwyn-at-null.net, mambuhl-at-earthlink.net,
mason_verger-at-skincare.com, lawrence.jones-at-eds.com, klachemin-at-home.com,
pyf-at-mail.zjitc.net, nzanella-at-cs.mun.ca, francischeng-at-hong-kong.crosswinds.net,
jcook-at-strobedata.com, emonk-at-slingshot.co.nz.no.uce, pushkar-at-erc.msstate.edu,
lfw-at-airmail.net, binary-at-eton.powernet.co.uk, airia-at-acay.com.au, chris-at-sonnack.com,
kst-at-cts.com, derkgwen-at-hotpop.com, dontmail-at-address.co.uk.invalid, mkwahler-at-mkwahler.net,
os2guy-at-pc-rosenau.de, richmond-at-ev1.net, horpner-at-yahoo.com, nglen702-at-netscape.net,
stewart.brodie-at-ntlworld.com, ayeameen-at-yahoo.com, parinioa-at-hotmail.com,
malcolm-at-55bank.freeserve.co.uk, joewwright-at-earthlink.net, m_donaghy50-at-hotmail.com,
robertvazan-at-privateweb.sk, kevin.bracey-at-tematic.com, dan.pop-at-cern.ch, thadsmith-at-acm.org,
nethlek-at-tokyo.com, koster_thomas-at-yahoo.com.sg, ajo-at-andrew.cmu.edu,
first.last-at-company.com, aurer-at-axis.com, palaste-at-cc.helsinki.fi, eric.sosman-at-sun.com,
msgregoryz-at-earthlink.net, kers-at-hpl.hp.com, d99alu-at-efd.lth.se, cmccormick-at-mailsnare.net,
chrisval-at-bigpond.com.au, kuyper-at-saicmodis.com, deliberately-at-made.invalid,
ak+usenet-at-freeshell.org, irrwahn-at-freenet.de, xal-at-abowers.combase.com,
s030768-at-student.dtu.dk, pfiland-at-mindspring.com, scs-at-eskimo.com, noizetogo-at-direct.ca,
glenhallick-at-sprint.ca, cdvanos-at-telus.net, n36170-at-hotmail.com, me-at-here.com,
danmc-at-shaw.ca, magpie-at-shinythings.com, keimdf-at-softek-net.com is infected with virus:
Win32/Swen.A-at-mm.
---
(@ replaced with -at- in this message to try to prevent this
email list from being picked up by spambots.)
--
Simon.
In article
<pan.2003.09.24.21.21.18.477679@_CUT_2zyga.MEdyndn s._OUT_org>,
"Zygmunt Krynicki" <zyga@_CUT_2zyga.MEdyndns._OUT_org> wrote: On Wed, 24 Sep 2003 19:22:05 +0300, Ian Tuomi wrote:
Julian V. Noble wrote:
Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
I got suprised one day as it turned out that I had ~200 messagess waiting
for me. The bad thing is that I have *slow* connection and those messages
were simply killing my system. I had 100+ of sendmails hanging around and
waiting forever for the mail to arrive.
Recommendation: Use Mozilla Firebird. It lets you choose "don't download
messages over xx Kilobyte", so it downloads only about 1KB of each of
these messages and then you can delete them.
To be topical: what is the keyword "restricted" for, how old is it? I've
noticed a couple of people giving little hints that it's for telling the
programmer/compiler it's illegal to pass the same thing more than once.
It is there since C99. There are two uses:
1. If you use a pointer like "int * restrict p", then it is undefined
behavior if you modify an object through an expression that is derived
from the value of p, and access it through a different pointer; and it
is also undefined behavior if you access an object through an expression
that is derived from the value of p, and access it modify it through a
different pointer.
This is important for an optimising compiler. Example:
int *restrict p;
int *q;
int x = *q, y;
*p = 2;
y = *q;
The compiler can assume that y == x because the assignment to *p cannot
change *q (if it did you would have violated the first rule).
2. If you use a pointer like "const int * restrict p", then it is
undefined behavior if you modify an object that is accessed through an
expression that is derived from the value of p. In other words, *p
cannot be modified as long as the pointer p exists. Usually, if you have
a const* pointer then the object pointed to can still be modified by
other means, or by casting the const-ness away. Not if it is a const
*restrict pointer.
I dont know if I got it correctly or is it just my imagination working.
Anyway what is the reason for such a construct? The olny example I could
think of was something like memcpy - memove (it's a little slopy, I know
it's not exactly the same).
In article
<pan.2003.09.24.21.21.18.477679@_CUT_2zyga.MEdyndn s._OUT_org>,
"Zygmunt Krynicki" <zyga@_CUT_2zyga.MEdyndns._OUT_org> wrote: On Wed, 24 Sep 2003 19:22:05 +0300, Ian Tuomi wrote:
Julian V. Noble wrote:
Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
I got suprised one day as it turned out that I had ~200 messagess waiting
for me. The bad thing is that I have *slow* connection and those messages
were simply killing my system. I had 100+ of sendmails hanging around and
waiting forever for the mail to arrive.
Recommendation: Use Mozilla Firebird. It lets you choose "don't download
messages over xx Kilobyte", so it downloads only about 1KB of each of
these messages and then you can delete them.
To be topical: what is the keyword "restricted" for, how old is it? I've
noticed a couple of people giving little hints that it's for telling the
programmer/compiler it's illegal to pass the same thing more than once.
It is there since C99. There are two uses:
1. If you use a pointer like "int * restrict p", then it is undefined
behavior if you modify an object through an expression that is derived
from the value of p, and access it through a different pointer; and it
is also undefined behavior if you access an object through an expression
that is derived from the value of p, and access it modify it through a
different pointer.
This is important for an optimising compiler. Example:
int *restrict p;
int *q;
int x = *q, y;
*p = 2;
y = *q;
The compiler can assume that y == x because the assignment to *p cannot
change *q (if it did you would have violated the first rule).
2. If you use a pointer like "const int * restrict p", then it is
undefined behavior if you modify an object that is accessed through an
expression that is derived from the value of p. In other words, *p
cannot be modified as long as the pointer p exists. Usually, if you have
a const* pointer then the object pointed to can still be modified by
other means, or by casting the const-ness away. Not if it is a const
*restrict pointer.
I dont know if I got it correctly or is it just my imagination working.
Anyway what is the reason for such a construct? The olny example I could
think of was something like memcpy - memove (it's a little slopy, I know
it's not exactly the same).
"Simon Biber" <sb****@optushome.com.au> wrote: "Julian V. Noble" <jvn-at-virginia.edu> wrote: Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
Since 2003/9/18 I have received about 4000 copies of the worm
Swen.A. That's about 600 megabytes added to my monthly quota :(
I think a lot of people on comp.lang.c are affected according to a bounce message I received:
<who-is-who in c.l.c snipped>
Just what I thought. I had to re-route the traffic to the address I
used when posting here to /dev/null, after receiving about forty virus-
or bounce-messages per hour. The new alias redirects to a working
spam-free account (after removing the capitals).
Irrwahn
(currently using his old 14.4K Hayes Optima on a flaky phone line)
--
Close your eyes and press escape three times.
On Wed, 24 Sep 2003 19:22:05 +0300, Ian Tuomi <ia*******@co.jyu.fi> wrote: Julian V. Noble wrote:
Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
Yes. I am getting ~200/day but I made mozilla identify them as spam and
not download any attachments bigger than 50k so they are quickly deleted
Are you saying that inspite of mangling your address with nospam you get the spam messages?
--
main(){char s[19]="SbwjCAUpvhiHvz/ofu";
int i;for(i=0;i<18;putchar(s[i++]-1));}
> Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
I get about 100 mails every day :(
Christian Bau <ch***********@cbau.freeserve.co.uk> spoke thus: 1. If you use a pointer like "int * restrict p", then it is undefined
behavior if you modify an object through an expression that is derived
from the value of p, and access it through a different pointer; and it
is also undefined behavior if you access an object through an expression
that is derived from the value of p, and access it modify it through a
different pointer.
This is important for an optimising compiler. Example:
int *restrict p;
int *q;
int x = *q, y;
*p = 2;
y = *q;
(I'm assuming you ommitted the calls to malloc() for simplicity...)
The compiler can assume that y == x because the assignment to *p cannot
change *q (if it did you would have violated the first rule).
So basically the restrict keyword means that p may not share write access to a
given area of memory with another pointer?
2. If you use a pointer like "const int * restrict p", then it is
undefined behavior if you modify an object that is accessed through an
expression that is derived from the value of p. In other words, *p
cannot be modified as long as the pointer p exists. Usually, if you have
a const* pointer then the object pointed to can still be modified by
other means, or by casting the const-ness away. Not if it is a const
*restrict pointer.
So restrict is a way of forcing strict const-ness?
--
Christopher Benson-Manica | Jumonji giri, for honour.
ataru(at)cyberspace.org |
On 24 Sep, in message <87***************@lucien.dreaming> bk**@elektrubadur.se (Björn Lindström) wrote: Ian Tuomi <ia*******@co.jyu.fi> writes:
Julian V. Noble wrote:
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox? I
neglected to spoof my header, and since Hurricane Isabel I have
gotten well over 10K such messages.
Yes. I am getting ~200/day but I made mozilla identify them as spam
and not download any attachments bigger than 50k so they are quickly
deleted
For me, these two procmail rules got the signal/noise ratio down to
levels manageable by Gnus.
[snip]
From Message-ID <bk**********@nntp0.reith.bbc.co.uk> on
comp.sys.acorn.misc the following procmail recipe will catch the virus
itself, but not the faked bounces - I've had none since installing it on
my ISPs server.
:0
* > 140000
* < 165000
{
:0 BD
* b3IAAABBZG1pbgAAAEdFVCBodHRwOi8vd3cyLmZjZS52dXRici 5jei9iaW4vY291bnRlci5naWYv
/dev/null
}
FYI: that string contains a base64-encoded URL of a vanity counter that
the virus apparently has hard-coded in it
Yours,
Phil L.
-- http://www.philipnet.com http://director.sourceforge.net
The From address is valid, but anything over 32k is deleted by the server
i ou a uea i e a o ie e a o a a oue oae
In article <bk**********@chessie.cirr.com>,
Christopher Benson-Manica <at***@nospam.cyberspace.org> wrote: So basically the restrict keyword means that p may not share write access to a
given area of memory with another pointer?
Slightly more. As you said, only one pointer is allowed to write in that
area. But if one of the pointers writes, then the other pointer is not
even allowed to read from the same area.
That allows an optimising compiler to reorder read and write accesses
through both pointers. 2. If you use a pointer like "const int * restrict p", then it is
undefined behavior if you modify an object that is accessed through an
expression that is derived from the value of p. In other words, *p
cannot be modified as long as the pointer p exists. Usually, if you have
a const* pointer then the object pointed to can still be modified by
other means, or by casting the const-ness away. Not if it is a const
*restrict pointer.
So restrict is a way of forcing strict const-ness?
By using const + restrict, _you_ guarantee to the compiler that nothing
will try to change an object, as long as the const+restrict pointer
variable exists. As soon as the const+restrict pointer variable
disappears, you are allowed to modify the object again, unless it is
really const, of course. For example, if a function argument is a
const+restrict pointer, and you pass the address of an object to that
function, then you can modify the object again after the function call
is finished.
in comp.lang.c i read: Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
I get about 100 mails every day :(
a spoofed from header is against my custom. things have calmed down a
little, so i only get around 150 per minute of these swen worms.
--
a signature
those who know me have no need of my name wrote:
in comp.lang.c i read: Dear C Mavens, Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
I get about 100 mails every day :(
a spoofed from header is against my custom. things have calmed down a
little, so i only get around 150 per minute of these swen worms.
I get about 50 an hour. Apparently Verisign is doing it to us. They
handle the DNS for .com and .net domains for the entire Internet. Sven
is emailed from non-existent domains and used to be effectively blocked
by anti-spam software which would look up Sven's domain, not find it and
therefore reject the email. Now that no longer works. Verisign's DNS
returns 'found' signal for all domains since early last week. Part of
their SiteFinder feature.
They are being sued. They have to be stopped.
--
Joe Wright mailto:jo********@earthlink.net
"Everything should be made as simple as possible, but not simpler."
--- Albert Einstein ---
in comp.lang.c i read:
[re: the swen worm and it's bounces] I get about 50 an hour. Apparently Verisign is doing it to us.
only indirectly. the worm doesn't synthesize a (potentially non-existent)
domain, it uses the domains present in e-mail addresses it finds in msoe's
local cache, some of which will be invalid yet within .com or .net, so some
of the messages might have been rejected by some mta's were it not for the
wildcard.
--
a signature
In article <m1*************@usa.net>,
those who know me have no need of my name <no****************@usa.net>
wrote: in comp.lang.c i read: Dear C Mavens, Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
I get about 100 mails every day :(
a spoofed from header is against my custom. things have calmed down a
little, so i only get around 150 per minute of these swen worms.
I was thinking about doing lots of posts with forged sender address of ab***@freeserve.com. Maybe if they get 100 or so 150KB emails per minute
they will figure out that there is a problem and what to do.
My ISPs idea is that whenever I get an Swen32 email I should complain
about it at their "abuse" email address, in which case they would then
find out who sent it (fat chance since the address is forged anyway) and
then probably do nothing about it because it's just a guy with an
infected PC.
What they could do quite easily: Find out which ones of _their own
customers_ are infected. That is quite simple; they only let you access
the Internet through their servers if you call from the right phone
number. So if one of their customers connects and starts sending 150 KB
emails, then some simple programming would direct that customer to a
webpage telling them their computer is infected the next time they try
to connect to any webpage. Install that software with every ISP, and
within a week Swen is gone.
You would think they would come up with something like that, because it
is their money too. Actually, it is only their money, it costs me only
time and nothing else.
In article <m1*************@usa.net>,
those who know me have no need of my name <no****************@usa.net>
wrote: in comp.lang.c i read:
[re: the swen worm and it's bounces]
I get about 50 an hour. Apparently Verisign is doing it to us.
only indirectly. the worm doesn't synthesize a (potentially non-existent)
domain, it uses the domains present in e-mail addresses it finds in msoe's
local cache, some of which will be invalid yet within .com or .net, so some
of the messages might have been rejected by some mta's were it not for the
wildcard.
I found a few messages that told me that a virus sent from _my_ email
address was caught and not delivered. Since I use a Macintosh I am quite
sure that my computer is not infected; since there are emails going it
with my address as the sender I know that the virus uses real, but
forged, email addresses.
That doesn't mean that Verisign's land grab isn't disgusting and must be
stopped. By the way, the guys are already convicted for sending forged
letters to domain owners where they claim a domain name is up for
renewal (which it usually isn't), and if you fill out the forms and send
them back then you just transferred your domain to Verisign which
charges more than your old name registrar.
hey guys
same here .. i have been getting abt 50 mails / hr since last thursday
... i think it is W32.Swen.A@mm on one of the Google servers ... refer
to http://securityresponse.symantec.com...******@mm.html
for an interesting read..
can we somehow request Google to run the anti-virus check on their
servers ? this virus is really driving me crazy..
rgds
aishwarya
>My ISPs idea is that whenever I get an Swen32 email I should complain about it at their "abuse" email address, in which case they would then
find out who sent it (fat chance since the address is forged anyway) and
then probably do nothing about it because it's just a guy with an
infected PC.
What they could do quite easily: Find out which ones of _their own
customers_ are infected. That is quite simple; they only let you access
the Internet through their servers if you call from the right phone
number.
Most ISPs let you access the Internet through *ROUTERS*, not servers.
Routers don't do store-and-forward. By the time you get to the end
of the message so you can see that it's 150 KB (vs. 2 MB or whatever),
the destination has already gotten most of the message. Some ISPs
insist that you send mail out through THEIR mail servers; in this
case, the whole message is available for inspection at one time,
and it's much easier to run a virus scanner on it. The mail server
does not necessarily know what account sent the message, however.
So if one of their customers connects and starts sending 150 KB
emails,
It is unacceptable to block emails simply because they are of a
particular size like "about 150 KB" (Swen sizes seem to vary quite
a bit). Most worms don't fit that size profile (Swen certainly
isnt the only worm, not even the only one this month) but "more
than 10 KB" probably covers most worms (and most non-worm email),
but you could get most of the worms by blocking emails "with an
attachment". Of course, that's going to cause a riot among customers.
then some simple programming would direct that customer to a
webpage telling them their computer is infected the next time they try
to connect to any webpage.
That only works if the ISP uses their own proxy for all web requests,
and their web proxy is aware of who's logged in where. It could
work "the next time they try to connect to THE ISP's webpage" but
you'd have to gimmick up the ISP's web server.
Also, many people simply do not use the web at all (some on the
grounds that "it's nothing but porn"). And there are great
opportunities for damage from suddenly redirecting a user's web
page to elsewhere: not all web requests are made by humans. Suppose,
for example, the customer was in the middle of updating their system
with Windows Update, and the answer to a query by Windows Update
for patches that needed to be installed suddenly turned into a
complaint/notification about a virus. Windows Update aborting in
the middle of an update can get rather messy (although in the case
I'm thinking of, it was probably a person trying to make a voice
phone call from an extension rather than anyone redirecting the web
page request) and sometimes involves reinstalling from scratch,
THEN getting lots and lots of updates.
It is also amazing how ineffective a *telephone call* from the ISP's
abuse department can be until they use the big hammer and turn off
the account.
Install that software with every ISP, and
within a week Swen is gone.
And within a week something else replaces it.
You would think they would come up with something like that, because it
is their money too. Actually, it is only their money, it costs me only
time and nothing else.
Compiling a void main() program on a DS9000 might eliminate the
problem. And the human race also.
Gordon L. Burditt
On Fri, 26 Sep 2003 08:00:53 +0100, in comp.lang.c , Christian Bau
<ch***********@cbau.freeserve.co.uk> wrote: What they could do quite easily: Find out which ones of _their own
customers_ are infected. That is quite simple; they only let you access
the Internet through their servers if you call from the right phone
number. So if one of their customers connects and starts sending 150 KB
emails, then some simple programming would direct that customer to a
webpage telling them their computer is infected the next time they try
to connect to any webpage. Install that software with every ISP, and
within a week Swen is gone.
My ISP has done this, and furthermore when you get to the page, it
forces you to patch your box.
--
Mark McIntyre
CLC FAQ <http://www.eskimo.com/~scs/C-faq/top.html>
CLC readme: <http://www.angelfire.com/ms3/bchambless0/welcome_to_clc.html> go***********@sneaky.lerctr.org (Gordon Burditt) wrote: It is unacceptable to block emails simply because they are of a
particular size like "about 150 KB" (Swen sizes seem to vary quite
a bit). Most worms don't fit that size profile
About 95% are, by my logs ... which pretty much dispels that myth.
It is unacceptable [... above ...]
More appropriately, this should read: it's unacceptable to SEND emails
beyond a certain size. E-mail is intended specifically for personal
communications in short ASCII text, like ordinary letters. You
already have FTP, the WWW and other resources for large transfers
and these are what are (and have always been) meant to be used instead.
Trying to use email as a surrogate FTP or WWW is a major abuse of
resources in and of itself.
In article <e5**************************@posting.google.com >, wh******@csd.uwm.edu (Alfred Einstead) wrote: go***********@sneaky.lerctr.org (Gordon Burditt) wrote: It is unacceptable to block emails simply because they are of a
particular size like "about 150 KB" (Swen sizes seem to vary quite
a bit). Most worms don't fit that size profile
About 95% are, by my logs ... which pretty much dispels that myth.
It is unacceptable [... above ...]
More appropriately, this should read: it's unacceptable to SEND emails
beyond a certain size. E-mail is intended specifically for personal
communications in short ASCII text, like ordinary letters. You
already have FTP, the WWW and other resources for large transfers
and these are what are (and have always been) meant to be used instead.
Trying to use email as a surrogate FTP or WWW is a major abuse of
resources in and of itself.
My ISP tries to impose a limit of 1000 messages or 100MB per mailbox;
that seems to imply that they expect 100KB average size. I don't mind
the occasional large message, as long as the sender knows that the
recipient wants to accept the message and knows that it doesn't cause
problems. Of course I do mind 4000 messages of 150KB.
In the case of the Swen worm, that worm is easily identifiable. I know
because I get tons of messages from servers that have identified the
worm and then passed the message on without it; some even encapsulated
it in some way so that if I _wish_ to infect my machine I can do so, so
you _can_ identify them. And any worm or virus can be identified at
least a few days after it starts.
And my ISP _can_ identify all his customers. When I connect to them
through ADSL, they check the phone number that is used, look it up in
the list of phone numbers of paying customers, and if it doesn't match
then they refuse the connection. Everyone connecting directly through
their modem hardware or ADSL hardware is their customer. If they are not
capable of using that information, that is their problem.
And I think it is quite likely that there is a paragraph in their terms
of usage that allows them to cut out customers who are using infected
machines that try to spread worms. Stopping everything over 150KB is
overly simplistic, but stopping everything containing worms is not. And
forcing your customers to do something about infected machines is doing
them a service.
What Gordon Burditt also missed is the fact that sending me thousands of
150KB emails _does_ block legitimate emails out, because my ISP deletes
the oldest mails once my mailbox reaches 100 MB. If I had been on
holiday for a week, all my legitimate email would have been lost.
On Wed, 24 Sep 2003 12:07:59 -0400, "Julian V. Noble"
<jv*@virginia.edu> wrote: Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
This is odd. I got a special id to get some spam and till
now I have got only 5 mails containing the worm :( Sw******@fastmail.fm
(please send some)
--
main(){char s[40]="sbwjAeftqbnnfe/dpn!ps!CSbwjACjhgppu/dpn";
int i;for(i=0;i<39;putchar(s[i++]-1));return 0;} http://linux-bangalore.org
>> go***********@sneaky.lerctr.org (Gordon Burditt) wrote: > It is unacceptable to block emails simply because they are of a
> particular size like "about 150 KB" (Swen sizes seem to vary quite
> a bit). Most worms don't fit that size profile
About 95% are, by my logs ... which pretty much dispels that myth.
> It is unacceptable [... above ...]
More appropriately, this should read: it's unacceptable to SEND emails
beyond a certain size. E-mail is intended specifically for personal
communications in short ASCII text, like ordinary letters. You
Intended by *WHOM*? I also think I have written, on occasion but
decades ago, handwritten, the equivalent of 150K bytes and sent it
by postal mail to my parents. And I've certainly seen contracts
longer than that. I'd hate to try an argue that sending of huge
spreadsheets is an abuse of resources to the management of my ISP,
because *they* do it all the time, in ways I consider just begging
for viruses. If one gets a virus, soon they'll all have it.
already have FTP, the WWW and other resources for large transfers
and these are what are (and have always been) meant to be used instead.
Trying to use email as a surrogate FTP or WWW is a major abuse of
resources in and of itself.
Two people have typical dialup or DSL accounts. Neither has a
static IP. One wants to send a long, complicated *PRIVATE* business
proposal (text) to the other (the recipient is taking bids from
contractors to build a house - that's personal for the recipient,
although a lot of ISPs will object to the suggestion that you can't
do business via email over the Internet (and I'm not talking about
marketing-SPAM, I'm talking about orders, bids, tech support, etc.
between two people who want to talk to each other)).
Describe how this is done, not using email to transport the whole
thing (but short notes "go get this HERE" are OK - right?). Neither
has a FTP server, and although one ISP has a public FTP server,
it's not private at all. It also leaves open the possibility of
one contractor reading the others' bids before dropping off his.
They may have personal web pages, but not necessarily the ability
(server capabilities or configuration may not allow it), skill (to
set a password), or tools (is there a version of htpasswd for Windows
for the customer, if the server runs Apache?) needed to password-protect
pages.
Now, where can I get an account that includes FTP (including the
ability to set up temporary accounts for others to get or put stuff
there) at a price approximating that of a dialup or DSL account?
Incidentally, where's the "abuse of resources" involved with sending
ONE copy of a document to ONE person as an attachment? Yes, the
attachment probably gets about 25% or so bigger, which may not be
worse than the average person's initial failed attempts to use FTP.
The equation becomes MUCH different if you're mass-mailing it to
hundreds or millions of people, most of whom don't even want whatever
it is.
My ISP tries to impose a limit of 1000 messages or 100MB per mailbox;
that seems to imply that they expect 100KB average size. I don't mind
I'm not sure I agree with that conclusion; it's more like they
expect 100KB as the upper end of average size for 95% of their
customers or something like that. I think some stats I ran once
showed that 50% of emails in a large spool directory were under
about 8KB and 50% were above that. That value may have changed a
lot in 5 years, though. A surprising number of messages were under
250 characters plus about 1KB of headers. A fairly large number
of emails I send or receive have a few lines of quoted text followed
by something like "OK, thanks", or "OK, done.".
the occasional large message, as long as the sender knows that the
recipient wants to accept the message and knows that it doesn't cause
problems. Of course I do mind 4000 messages of 150KB.
In the case of the Swen worm, that worm is easily identifiable. I know
The worm is *NOT* easily identifable on *ROUTERS*, where the entire
message is never in the hand of the sender's ISP at any one time
(at most, a router may have a few packets of the message at a time)
unless it's also the recipient's ISP. Modern worms send directly
to the victim's (ISP's) mail server, not through the local ISP mail
server, if at all possible (because if it goes through two different
ISP mail servers, the chances of its getting blocked are much higher).
because I get tons of messages from servers that have identified the
worm and then passed the message on without it; some even encapsulated
it in some way so that if I _wish_ to infect my machine I can do so, so
you _can_ identify them. And any worm or virus can be identified at
least a few days after it starts.
And my ISP _can_ identify all his customers. When I connect to them
through ADSL, they check the phone number that is used, look it up in
the list of phone numbers of paying customers, and if it doesn't match
then they refuse the connection.
You have *DIALUP* DSL? I thought the DSL part was a dedicated line
from one point (customer) to another point (ISP's router) with the
phone number used only for billing. The voice part has the phone number.
Everyone connecting directly through
their modem hardware or ADSL hardware is their customer. If they are not
capable of using that information, that is their problem.
One of the last things an ISP wants to do is to tie all their
services together so that when one of them breaks, everything else
goes down or runs slowly. It's more of a problem with dialup than
static-ip DSL. Who's using a particular IP address can change
quickly (this also applies to cable modems or DSL using DHCP and
dynamic IP addresses). Most mail or web server software has no use
for this information and there's no standard way to get WHICH user
is using this IP, although it's easy to configure "this range of
IP addresses is allowed to relay (where "this range" changes
infrequently)". The last thing an ISP wants is the mail server
pausing a lot because the "who's using this IP" server is down or
unreachable.
If a mail or web server needs this info, it may be several minutes
before that information can be gotten out of possibly
telephone-company-owned terminal servers (yes, sometimes the phone
company, not the ISP, owns the modems you dial up to) to somewhere
it can be used. (The RADIUS protocol has this thing called
accounting-delay-time, which represents the delay between the user
logging in and the accounting record getting sent. Obviously a
known issue. Also, some records get lost when a certain phone
company cycles power on the box or takes it down for maintenance.
Some users are still shown as logged in on boxes taken out of service
years ago since logout records were never generated. Oh, yes, if
the phone company DOES power-cycle the box, we may not be told for
hours, if ever). Would you want to have to wait several minutes
AFTER connecting to do anything?
Oh, yes, there's also this nasty issue of clock synchronization.
A number of bank customers have been nailed wrongly because the
time on the ATM and the time on the camera don't match (for, say,
using the stolen ATM card of a mugging/murder victim). This is
also an issue for nailing customers of ISPs for sending worms, port
scanning, making death threats to the President, mailing SPAM,
sharing music, etc. The recent RIAA lawsuit against some computer
user supposedly sharing music with Kazaa on his Mac (Kazaa doesn't
run on Macs) may be an example of this. For those servers that can
run it (UNIX, Windows, etc.), NTP (Network Time Protocol) is a
solution. However, things like Livingston Portmasters used with
dialup modems can't run it. Some routers can't either. It gets
especially bad when it (whatever it is) can't run NTP but does
generate logs.
(Related example: Your bank presumably has some method of preventing
you and your wife from each withdrawing $500 from your joint account
that has $800 in it on the same day. Can they stop you from doing
it in the same *MILLISECOND*, you in New York and her in San Francisco
(bank offices in New York)? Maybe, but there's this pesky problem
with the speed of light, and a system responding that fast is
expensive. Also, their ATM network tends to go down nationwide if
it needs maintenance, since they don't trust anyone to withdraw
cash without the system up. It's cheaper to risk this happening
occasionally and then charge overlimit fees and hope they can
collect. Similarly, traffic to authenticate who's sending possible
worms may far exceed the traffic from worms.)
If the authentication server(s) go down or are unreachable for 10
minutes (RADIUS lets you have a backup server, but things run slower
if only the backup is up), nobody can log in, but those currently
logged in can still use the Internet. That's bad. If one terminal
server (presumably one of many) goes down, it gives out busy signals
and maybe disconnects a few hundred customers, that's bad, but they
can try to re-dial. If having the authentication server (or RADIUS
accounting server) down causes NOBODY to be able to send mail or
surf the web because they can't identify the customer, that's a
catastrophe. Remember that many ISPs have enough computers that
things like hard drive failures, power supply failures, and CPU fan
failures are fairly common somewhere in their network. For the same
reason, they often use RAID disk setups and multiple servers.
And I think it is quite likely that there is a paragraph in their terms
of usage that allows them to cut out customers who are using infected
machines that try to spread worms. Stopping everything over 150KB is
overly simplistic, but stopping everything containing worms is not. And
Detecting worms with a *ROUTER* is far from simple. Detecting worms
in general, not just a specific one, on a mail server is also not
that simple, and it's something that antivirus companies spend a
lot of time on.
I know I had better not try to block a complaint to the abuse address
of my ISP containing a copy of a worm allegedly sent from there
(even if the sender fell for the fake sender address). Refusing
abuse complaints, which tend to contain copies of worms or SPAM,
gets your ISP on all sorts of real-time black lists.
forcing your customers to do something about infected machines is doing
them a service.
It's funny how they often don't agree with that. I'm not against
forcing customers to disinfect their machines (my comments about
"axe through the phone line and/or power cord" are often considered
a bit harsh) but hijacking a web browser is not a good way to do
it.
Customers are often burned out on worm warnings thanks to some idiot
virus scanners which send a warning about the virus to the purported
sender of the virus, EVEN WHEN THE SCANNER KNOWS THE TYPE OF THE
WORM IS ONE THAT FAKES RETURN ADDRESSES. Therefore, most customers
are pelted with bogus "disinfect your machine" warnings so they
tend to disregard real ones. Hint to virus scanner writers: do
not "clean" the virus from the email. DELETE THE WHOLE DAMN EMAIL!
Warn the sender only if there is a high probability that their
machine is the one infected, which is not the case with modern
worms.
What Gordon Burditt also missed is the fact that sending me thousands of
150KB emails _does_ block legitimate emails out, because my ISP deletes
the oldest mails once my mailbox reaches 100 MB. If I had been on
holiday for a week, all my legitimate email would have been lost.
Yes, but the person whose email was wrongly blocked probably has a
stronger lawsuit against the ISP than the person who had all his
legitimate email expired because the ISP let the worms through.
There are also some annoying legal precedents that if you (ISP)
filter by content, you're responsible for the stuff you let through,
but if you let it all through, you're not responsible for any of
it.
Gordon L. Burditt
In article <bl********@library2.airnews.net>, go***********@sneaky.lerctr.org (Gordon Burditt) wrote:
<I wrote> And my ISP _can_ identify all his customers. When I connect to them
through ADSL, they check the phone number that is used, look it up in
the list of phone numbers of paying customers, and if it doesn't match
then they refuse the connection.
You have *DIALUP* DSL? I thought the DSL part was a dedicated line
from one point (customer) to another point (ISP's router) with the
phone number used only for billing. The voice part has the phone number.
I don't know how they do it, but the idea is that I can use ADSL only
from my home phone. And if you live next door, use ADSL with another
ISP, and we swap computers, then we both won't be able to connect. Yes,
the phone number is used only for billing. But that makes it possible to
identify me.
If the authentication server(s) go down or are unreachable for 10
minutes (RADIUS lets you have a backup server, but things run slower
if only the backup is up), nobody can log in, but those currently
logged in can still use the Internet. That's bad. If one terminal
server (presumably one of many) goes down, it gives out busy signals
and maybe disconnects a few hundred customers, that's bad, but they
can try to re-dial. If having the authentication server (or RADIUS
accounting server) down causes NOBODY to be able to send mail or
surf the web because they can't identify the customer, that's a
catastrophe. Remember that many ISPs have enough computers that
things like hard drive failures, power supply failures, and CPU fan
failures are fairly common somewhere in their network. For the same
reason, they often use RAID disk setups and multiple servers.
You know, the solution to this problem is simple. It is so incredibly
simple, you won't believe it. If you try to accept only connections from
your paying customers, then as a result only very few non-customers will
try to connect. So if your authentication server is down, instead of
refusing the 99.9% of connection attempts that come from your customers,
you accept connections from everyone while that server is down.
And I think it is quite likely that there is a paragraph in their terms
of usage that allows them to cut out customers who are using infected
machines that try to spread worms. Stopping everything over 150KB is
overly simplistic, but stopping everything containing worms is not. And
Detecting worms with a *ROUTER* is far from simple. Detecting worms
in general, not just a specific one, on a mail server is also not
that simple, and it's something that antivirus companies spend a
lot of time on.
It is not "worms in general" that cause the problem. It is specific
ones. And they are quite easy to identify.
Customers are often burned out on worm warnings thanks to some idiot
virus scanners which send a warning about the virus to the purported
sender of the virus, EVEN WHEN THE SCANNER KNOWS THE TYPE OF THE
WORM IS ONE THAT FAKES RETURN ADDRESSES. Therefore, most customers
are pelted with bogus "disinfect your machine" warnings so they
tend to disregard real ones. Hint to virus scanner writers: do
not "clean" the virus from the email. DELETE THE WHOLE DAMN EMAIL!
Warn the sender only if there is a high probability that their
machine is the one infected, which is not the case with modern
worms.
That is exactly why I said the ISP should identify email coming from
their own customers. As I said, if email is sent from _my_ machine to
_my_ ISP then the information to identify the sending machine is 100
percent there.
Maybe the infrastructure is not there (but it seems to be there, because
some ISPs are doing this already). The worm problem will get worse over
the next years, and some kine of action will have to be taken. Maybe
taking action costs money, but in the end it will be cheaper than buying
more servers.
Gordon Burditt wrote:
Two people have typical dialup or DSL accounts. Neither has a
static IP. One wants to send a long, complicated *PRIVATE* business
proposal (text) to the other (the recipient is taking bids from
contractors to build a house - that's personal for the recipient,
although a lot of ISPs will object to the suggestion that you can't
do business via email over the Internet (and I'm not talking about
marketing-SPAM, I'm talking about orders, bids, tech support, etc.
between two people who want to talk to each other)).
Describe how this is done, not using email to transport the whole
thing (but short notes "go get this HERE" are OK - right?). Neither
has a FTP server, and although one ISP has a public FTP server,
it's not private at all. It also leaves open the possibility of
one contractor reading the others' bids before dropping off his.
They may have personal web pages, but not necessarily the ability
(server capabilities or configuration may not allow it), skill (to
set a password), or tools (is there a version of htpasswd for Windows
for the customer, if the server runs Apache?) needed to password-protect
pages.
Now, where can I get an account that includes FTP (including the
ability to set up temporary accounts for others to get or put stuff
there) at a price approximating that of a dialup or DSL account?
There are free services on the internet that you can use to
get around not having a static ip. Every time you start up
the computer or dial in to the internet the free software will
signal a dns server to update your domain with the possibly new
ip. I have used this technique for internet telephony where I
can easily locate members of my family on the internet.
However, this is not a suggestion that FTP or WWW would
be the appropriate means to send such documents.
I am getting around 4 mb per day. I may have to change my id.
On Wed, 24 Sep 2003 21:23:39 GMT, "Zygmunt Krynicki"
<zyga@_CUT_2zyga.MEdyndns._OUT_org> wrote: On Wed, 24 Sep 2003 19:22:05 +0300, Ian Tuomi wrote:
Julian V. Noble wrote:
Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
I got suprised one day as it turned out that I had ~200 messagess waiting
for me. The bad thing is that I have *slow* connection and those messages
were simply killing my system. I had 100+ of sendmails hanging around and
waiting forever for the mail to arrive.
On windows I like using mailshield desktop. But on
linux/unix may be magic mail monitor could work. Try it.
You can view mail (header) and then delete them without
downloading them.
But I don't understand one thing. I get only 5-10 mails per
day :(
I don't get about 200 mails like you guys. se*******@fastmail.fm
Send some spam! And some worms.
--
main(){char s[40]="sbwjAeftqbnnfe/dpn!ps!CSbwjACjhgppu/dpn";
int i;for(i=0;i<39;putchar(s[i++]-1));return 0;}
In article <a3**************************@posting.google.com >, da***********@yahoo.com wrote: I am getting around 4 mb per day. I may have to change my id.
Use Mozilla Thunderbird. Choose the option not to download anything
about for example 130KB.
Richard Heathfield wrote: da***********@yahoo.com wrote:
I am getting around 4 mb per day. I may have to change my id.
If four millibits of swen-virus per day justifies a change in your id...
LOL! Nicely observed (even without the punch-line).
--
Allin Cottrell
Department of Economics
Wake Forest University, NC
"Richard Heathfield" <do******@address.co.uk.invalid> wrote in message
news:bl**********@sparta.btinternet.com... da***********@yahoo.com wrote:
I am getting around 4 mb per day. I may have to change my id.
If four millibits of swen-virus per day justifies a change in your id,
then I can only presume that the five hundred MegaBytes I'm receiving justifies
a change in my super-ego.
I look to Richard's posts for enlightenment. Humor is a bonus. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Chung Leong |
last post by:
See http://www.theregister.co.uk/2005/11/07/linux_worm/
|
by: Dennis Gearon |
last post by:
<OT about the worm>
Jeessh, a lot of people have my email address.
I have received about 500 copies of the worm in the last 24 hours. My
mail spool at work was sooooo full I couldn't get out or...
|
by: RollForward Wizard |
last post by:
Exciting Oracle News
Oracle DB Worm Code Published
http://www.eweek.com/article2/0,1895,1880682,00.asp?kc=ewnws110205dtx1k0000599
Researcher: Oracle Passwords Crack in Mere Minutes...
|
by: Chuck Grimsby |
last post by:
As many of you know, I occasionally get messages from the MS team on
various things. Today I got the following, and (personally) I think
it certainly is worthy of passing on.
If you haven't...
|
by: Julian V. Noble |
last post by:
Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane...
|
by: David H. Lipman |
last post by:
w32/sdbot.worm do not download or open
|
by: Mohamoss |
last post by:
Microsoft has been made aware of a worm identified as “W32.Sasser.worm”
and it is currently circulating on the Internet. The worm exploits the
Local Security Authority Subsystem Service (LSASS)...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
