Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
On 12.11.09 13:55, Chris Hoogendyk wrote: I don't know about Linux viruses; BUT, I do remember less than ten years ago when it was virtually impossible to build a Linux box with a hot online connection, because you would get hacked before you could even download the patches. I had a friend who built his system and got hacked several times before he decided he needed to download patches ahead of time and build it all in an off line environment. That gave him enough time to go through all the patches and lock down procedures before he put it online. He still got hacked again at least once after that. I also heard stories of my son doing battle with hackers who had gotten into his Linux system. hmmm, I don't remember this last 12 years working with debian. However we are highly off-topic and should stop this discussion or move it on a different place. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. They say when you play that M$ CD backward you can hear satanic messages. That's nothing. If you play it forward it will install Windows.
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
On Fri, 2009-11-13 at 09:12 +0100, Matus UHLAR - fantomas wrote: On 12.11.09 13:55, Chris Hoogendyk wrote: I don't know about Linux viruses; BUT, I do remember less than ten years ago when it was virtually impossible to build a Linux box with a hot online connection, because you would get hacked before you could even download the patches. I had a friend who built his system and got hacked several times before he decided he needed to download patches ahead of time and build it all in an off line environment. That gave him enough time to go through all the patches and lock down procedures before he put it online. He still got hacked again at least once after that. I also heard stories of my son doing battle with hackers who had gotten into his Linux system. I think you may have your Windows -v- Linux mixed up and this kind of urban myth belongs in the battles that go on in the COLA Flame Wars (that often surface around the release of a new Windo$e) Caveats such as week passwords, open ports and advertising insecure services are the domain of poor administration and understanding - they are not Operating System dependent. Exempting organised spam gangs and their infrastructure, it's probably fair to say that most of the spam I see has come from a mule Windo$e box. I'll worry about Linux Desktop Botnets when I see it happening :-)
Re: Getting off the Cloudmark formerly spamnet blacklist
On Fri, 2009-11-13 at 10:58 +0100, Matus UHLAR - fantomas wrote: On Fri, 2009-11-13 at 09:12 +0100, Matus UHLAR - fantomas wrote: On 12.11.09 13:55, Chris Hoogendyk wrote: I don't know about Linux viruses; BUT, I do remember less than ten years ago when it was virtually impossible to build a Linux box with a hot online connection, because you would get hacked before you could even download the patches. I had a friend who built his system and got hacked several times before he decided he needed to download patches ahead of time and build it all in an off line environment. That gave him enough time to go through all the patches and lock down procedures before he put it online. He still got hacked again at least once after that. I also heard stories of my son doing battle with hackers who had gotten into his Linux system. On 13.11.09 08:38, rich...@buzzhost.co.uk wrote: I think you may have your Windows -v- Linux mixed up and this kind of urban myth belongs in the battles that go on in the COLA Flame Wars (that often surface around the release of a new Windo$e) Since I didn't clearly write the part you are reacting on, it would be nice from you to remove my name from the begin, as you removed the rest of e-mail. Matus has emailed me *off list* and asked me to point out that there is an error in my post. That is, his name appears at the top of it, but it is not his quote. Whilst it is clear to most people by the indentation that I was responding to Chris Hoogendyk, I must for my error and the clear confusion that it must have caused some people. to my error in the interests of the childnishness and game playing that goes on in this list. Therefore, the correct follow it that I should have posted is below. I'm sure your email to me, Matus, is genuine and in no way some kind of gam eplaying or point scoring exercise - but could I ask you KINDLY please *don't* email me off list. If you have a point to make about something I have written on a list, it would be better to make it *on* that list. Thank you. Correction: On 12.11.09 13:55, Chris Hoogendyk wrote: I don't know about Linux viruses; BUT, I do remember less than ten years ago when it was virtually impossible to build a Linux box with a hot online connection, because you would get hacked before you could even download the patches. I had a friend who built his system and got hacked several times before he decided he needed to download patches ahead of time and build it all in an off line environment. That gave him enough time to go through all the patches and lock down procedures before he put it online. He still got hacked again at least once after that. I also heard stories of my son doing battle with hackers who had gotten into his Linux system. I think you may have your Windows -v- Linux mixed up and this kind of urban myth belongs in the battles that go on in the COLA Flame Wars (that often surface around the release of a new Windo$e)
Re: Getting off the Cloudmark formerly spamnet blacklist
Since I didn't clearly write the part you are reacting on, it would be nice from you to remove my name from the begin, as you removed the rest of e-mail. On 13.11.09 10:24, rich...@buzzhost.co.uk wrote: Matus has emailed me *off list* and asked me to point out that there is an error in my post. That is, his name appears at the top of it, but it is not his quote. Whilst it is clear to most people by the indentation that I was responding to Chris Hoogendyk, I must for my error and the clear confusion that it must have caused some people. Hello, please configure your mailer to wrap lines below 80 characters per line. 72 to 75 is usually OK. Thank you. to my error in the interests of the childnishness and game playing that goes on in this list. Therefore, the correct follow it that I should have posted is below. I'm sure your email to me, Matus, is genuine and in no way some kind of gam eplaying or point scoring exercise - but could I ask you KINDLY please *don't* email me off list. If you have a point to make about something I have written on a list, it would be better to make it *on* that list. Thank you. Am I the only one who thints that issues clearly off-topic should be sent off-list? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 42.7 percent of all statistics are made up on the spot.
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
rich...@buzzhost.co.uk wrote: On Fri, 2009-11-13 at 09:12 +0100, Matus UHLAR - fantomas wrote: On 12.11.09 13:55, Chris Hoogendyk wrote: I don't know about Linux viruses; BUT, I do remember less than ten years ago when it was virtually impossible to build a Linux box with a hot online connection, because you would get hacked before you could even download the patches. I had a friend who built his system and got hacked several times before he decided he needed to download patches ahead of time and build it all in an off line environment. That gave him enough time to go through all the patches and lock down procedures before he put it online. He still got hacked again at least once after that. I also heard stories of my son doing battle with hackers who had gotten into his Linux system. I think you may have your Windows -v- Linux mixed up and this kind of urban myth No mixup. Firsthand observations. It's also the reason the department I moved to around that time chose OpenBSD for its network related boxes (firewalls, filtering bridges, etc), rather than Linux. There were too many kernel exploits being turned up for Linux around that time. Again, we're talking historical. We are just now converting old boxes to Linux with IPTables as we replace them, mostly due to aging hardware finally failing. Caveats such as week passwords, open ports and advertising insecure services are the domain of poor administration and understanding - they are not Operating System dependent. But they are in the realm of distributions. If an OS or distribution has all that configured and open by default, then they are part of the problem. Those distributing Linux learned that much more quickly than Microsoft, but they were still part of the problem back in that time frame. Exempting organised spam gangs and their infrastructure, it's probably fair to say that most of the spam I see has come from a mule Windo$e box. I'll worry about Linux Desktop Botnets when I see it happening :-) These days, yes, it is definitely Windo$e boxes and botnets as you say. Linux has largely become much more secure. However, you do still see periodic posts on LinuxQuestions.org from people whose systems have been compromised asking for help. Nobody is totally safe. As someone else has said, we are way off topic. I had resisted responding to any of the exchanges, but could not ignore being told I had it mixed up or that this was just an urban myth. I'd just as soon drop it now. I actually do have a massive internet botnet targeting my servers across three departments right now. I've blocked thousands of IP addresses, but I have to do it carefully, because my own users travel and make mistakes with their logins. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst hoogen...@bio.umass.edu --- Erdös 4
Re: Getting off the Cloudmark formerly spamnet blacklist
On Fri, 2009-11-13 at 11:40 +0100, Matus UHLAR - fantomas wrote: Am I the only one who thints that issues clearly off-topic should be sent off-list? Your response was to correct an onlist reply to an onlist remark. Is there some reason why you would feel it appropriate to off-list that? AFAIR it's good manners to *not* send off list replies in general? Butnotwithstanding that, you could have easily cleared up any confusion by posting onlist. As said elsewhere, some folk are a little too big for their boots perhaps? It's quite OK for them to be rude, off list, off topic and show bad netiquette whilst pointing out their loathing of others doing it. Me thinks that == 'hypocritical' yes? You may, btw, wish to configure your mailer so the 'reply to' does not populate with your own email address - but instead 'users@spamassassin.apache.org' , a good read of the documentation should help.
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
Caveats such as week passwords, open ports and advertising insecure services are the domain of poor administration and understanding - they are not Operating System dependent. Exempting organised spam gangs and their infrastructure, it's probably fair to say that most of the spam I see has come from a mule Windo$e box. I'll worry about Linux Desktop Botnets when I see it happening :-) Hi, myabe you should see it... :( During the last month I recorded 1993 distinct IPs that were participating in a distributed ssh attack - some of them changed, disappeared, and came back after a while, so they seem to be mostly static addresses. Starting Nov 1st, I implemented p0f on the server. Out of the login attempts coming from this fairly huge amount of bots, a total of 4 events were attributed to Windows XP an W98, abd a small percentage was classified as unknown by p0f (these could be some special routers / gateways) Where IPs looked like machines in a computer center, I occasionally had a closer look and found newly created sites, machines perhaps not intended to run a plain webserver at all, and sites inviting to log into plesk / confixx / whatever One admin admitted that they were hacked through login guest / pass guest Wolfgang
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
On fre 13 nov 2009 18:26:07 CET, wrote One admin admitted that they were hacked through login guest / pass guest and this is a real hack :) -- xpoint
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
On Fri, 2009-11-13 at 17:26 +, haman...@t-online.de wrote: I've only used Red Hat flavours of Linux since RH 6.2 so I can't speak for other distros, but here's my experience. Where IPs looked like machines in a computer center, I occasionally had a closer look and found newly created sites, machines perhaps not intended to run a plain webserver at all, and sites inviting to log into plesk / confixx / whatever Up to the early Fedoras it was well known that a fresh install didn't have a default firewall configured, so only a fool would do an install and configure the network with an active LAN connection unless he was behind a perimeter firewall or a NAT router. One admin admitted that they were hacked through login guest / pass guest That could not have happened with any RedHat distro I've used for two good reasons: (1) the installer does not create a guest login and (2) root does not have a default password. However, I have seen Unices and workalikes, such as Vos, that did set up a standard set of user accounts with shells and a default password that was used for all of them including root. Martin
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
Ted Mittelstaedt wrote: Giampaolo Tomassoni wrote: Dream on. Obviously your a pro-Windows person and anti-Linux person and you cannot tolerate your image of Windows being torn down. I seriously doubt Giampaolo is 'pro-windows', and your argument started with me, thinking that somehow I was pro windows. I run a 100% Freebsd shop for servers, I am the official ports maintainer for the freebsd SA port, surly you can't say I am pro-windows. /* disclaimer.. I use razor, which is NOT cloudmark, and the razor plugin for SA does NOT 'blacklist' ip addresses my desktop does run mac osx.. with clamav, because there ARE worms for mac osx */ put your head in the sand, obviously you aren't getting enough money to pay you to fix your clients computers. if you want to blame MS, then don't deal with any clients who use MS. if you want to help your clients, then set up a good update/fix/ scan/ patch, audit policy. not our fault, its your client. _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
LuKreme wrote: On 11-Nov-2009, at 18:34, Ted Mittelstaedt wrote: I will point out that MacOS 7, os* os9 were HIGHLY virus-prone, yet there were far fewer of them than OSX today. Er… that is simply not true. Not in anyway. As I recall, there were a total of 31 viruses for System 7 and one CD-ROM worm for System 8/9 (Autostart Worm). It IS true. Obviously you were one of the lucky younger folks who never had to do much admining of Macs. I've admined networks with Macs on them since the Mac Toaster came out. Symantec Antivirus for MacOS (pre-OSX) when it was still available was up to several hundred for MacOS Classic. Heck, one of the first Apple viruses was Leap-A - it infected Apple IIs back in 1982. Trust me, I used to work at Symantec - they NEVER sell a product that they can't make money on, not for long, anyways. If Mac Classic was as virus resistant as you think it was, Symantec would have never got into that market. MacOS Classic was particularly bad since so many of them were in classroom lab environments - when 1 got a virus, they all would since apple filesharing considered everything on the Appletalk network a trusted system. Keep in mind of course that few Mac Classic systems were on the Internet past 2003. Classic's Internet days didn't last much more than 5-6 years, the most common vector for MacOS Classic system viruses to spread was infected files shared on floppies or downloaded from BBS systems. Everything changed when MacOS X came. Last year, Macworld found a grand total of 49 infected MacOS X systems - yep, that's 49 in the entire history of MacOSX. But, don't get too puffed up about it, the winner of the Zero Day Mac cracking contest has repeatedly warned that there are more than enough Macs out there for a Mac bot to be self-sustaining. And, I still think there's only been less than 10 Linux viruses, all of them laboratory curiosities only. Ted
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
Ted Mittelstaedt wrote: LuKreme wrote: On 11-Nov-2009, at 18:34, Ted Mittelstaedt wrote: I will point out that MacOS 7, os* os9 were HIGHLY virus-prone, yet there were far fewer of them than OSX today. Er… that is simply not true. Not in anyway. As I recall, there were a total of 31 viruses for System 7 and one CD-ROM worm for System 8/9 (Autostart Worm). It IS true. Obviously you were one of the lucky younger folks who never had to do much admining of Macs. I've admined networks with Macs on them since the Mac Toaster came out. Symantec Antivirus for MacOS (pre-OSX) when it was still available was up to several hundred for MacOS Classic. Heck, one of the first Apple viruses was Leap-A - it infected Apple IIs back in 1982. Trust me, I used to work at Symantec - they NEVER sell a product that they can't make money on, not for long, anyways. If Mac Classic was as virus resistant as you think it was, Symantec would have never got into that market. MacOS Classic was particularly bad since so many of them were in classroom lab environments - when 1 got a virus, they all would since apple filesharing considered everything on the Appletalk network a trusted system. Keep in mind of course that few Mac Classic systems were on the Internet past 2003. Classic's Internet days didn't last much more than 5-6 years, the most common vector for MacOS Classic system viruses to spread was infected files shared on floppies or downloaded from BBS systems. Everything changed when MacOS X came. Last year, Macworld found a grand total of 49 infected MacOS X systems - yep, that's 49 in the entire history of MacOSX. But, don't get too puffed up about it, the winner of the Zero Day Mac cracking contest has repeatedly warned that there are more than enough Macs out there for a Mac bot to be self-sustaining. And, I still think there's only been less than 10 Linux viruses, all of them laboratory curiosities only. I don't know about Linux viruses; BUT, I do remember less than ten years ago when it was virtually impossible to build a Linux box with a hot online connection, because you would get hacked before you could even download the patches. I had a friend who built his system and got hacked several times before he decided he needed to download patches ahead of time and build it all in an off line environment. That gave him enough time to go through all the patches and lock down procedures before he put it online. He still got hacked again at least once after that. I also heard stories of my son doing battle with hackers who had gotten into his Linux system. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst hoogen...@bio.umass.edu --- Erdös 4
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
Chris Hoogendyk wrote: Ted Mittelstaedt wrote: LuKreme wrote: On 11-Nov-2009, at 18:34, Ted Mittelstaedt wrote: I will point out that MacOS 7, os* os9 were HIGHLY virus-prone, yet there were far fewer of them than OSX today. Er… that is simply not true. Not in anyway. As I recall, there were a total of 31 viruses for System 7 and one CD-ROM worm for System 8/9 (Autostart Worm). It IS true. Obviously you were one of the lucky younger folks who never had to do much admining of Macs. I've admined networks with Macs on them since the Mac Toaster came out. Symantec Antivirus for MacOS (pre-OSX) when it was still available was up to several hundred for MacOS Classic. Heck, one of the first Apple viruses was Leap-A - it infected Apple IIs back in 1982. Trust me, I used to work at Symantec - they NEVER sell a product that they can't make money on, not for long, anyways. If Mac Classic was as virus resistant as you think it was, Symantec would have never got into that market. MacOS Classic was particularly bad since so many of them were in classroom lab environments - when 1 got a virus, they all would since apple filesharing considered everything on the Appletalk network a trusted system. Keep in mind of course that few Mac Classic systems were on the Internet past 2003. Classic's Internet days didn't last much more than 5-6 years, the most common vector for MacOS Classic system viruses to spread was infected files shared on floppies or downloaded from BBS systems. Everything changed when MacOS X came. Last year, Macworld found a grand total of 49 infected MacOS X systems - yep, that's 49 in the entire history of MacOSX. But, don't get too puffed up about it, the winner of the Zero Day Mac cracking contest has repeatedly warned that there are more than enough Macs out there for a Mac bot to be self-sustaining. And, I still think there's only been less than 10 Linux viruses, all of them laboratory curiosities only. I don't know about Linux viruses; BUT, I do remember less than ten years ago when it was virtually impossible to build a Linux box with a hot online connection, because you would get hacked before you could even download the patches. I had a friend who built his system and got hacked several times before he decided he needed to download patches ahead of time and build it all in an off line environment. That gave him enough time to go through all the patches and lock down procedures before he put it online. He still got hacked again at least once after that. I also heard stories of my son doing battle with hackers who had gotten into his Linux system. Keep in mind that those were not the Linus-written Linux programs, those were programs like Telnet, Sendmail, etc. which predated both Linux, the GPL, and GNU in many cases - and Linus merely took those programs and applied his license to them. I think the OpenBSD people in particular would object to people saying that one of their boxes with Sendmail compiled on it, that was hacked into, was insecure. FreeBSD likely as well. Once Linus's clue phone rang and he changed the load defaults to have all those programs disabled during installation, Linux stopped having those problems. MacOS X is a bit different animal because Apple only pulled over the FreeBSD kernel and NeXT code when they created Darwin - and they have done their best to remove or disable the good Unix utilities, and replace them with their irritating GUI ones. When you have a program like Flash that is insecure and is a vector for bots and viruses to infect an OS, it's not really accurate to claim that the OS is insecure just because it got hacked as a result of Flash - incidentally, both MacOS X and Windows have been compromised as a result of loading Flash on them. Ted
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
On Thu, 12 Nov 2009, Ted Mittelstaedt wrote: Chris Hoogendyk wrote: I also heard stories of my son doing battle with hackers who had gotten into his Linux system. Keep in mind that those were not the Linus-written Linux programs, those were programs like Telnet, Sendmail, etc. which predated both Linux, the GPL, and GNU in many cases - and Linus merely took those programs and applied his license to them. I think the OpenBSD people in particular would object to people saying that one of their boxes with Sendmail compiled on it, that was hacked into, was insecure. FreeBSD likely as well. Once Linus's clue phone rang and he changed the load defaults to have all those programs disabled during installation, Linux stopped having those problems. Ted, I think you're attributing far too much to Linus here. The distro maintainers decide which service daemons they include and set their initial startup policies. Linus just developed the kernel. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- If healthcare is a Right means that the government is obligated to provide the people with hospitals, physicians, treatments and medications at low or no cost, then the right to free speech means the government is obligated to provide the people with printing presses and public address systems, the right to freedom of religion means the government is obligated to build churches for the people, and the right to keep and bear arms means the government is obligated to provide the people with guns, all at low or no cost. --- 34 days since President Obama won the Nobel Not George W. Bush prize
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
Michael Scheidell wrote: Ted Mittelstaedt wrote: Giampaolo Tomassoni wrote: Dream on. Obviously your a pro-Windows person and anti-Linux person and you cannot tolerate your image of Windows being torn down. I seriously doubt Giampaolo is 'pro-windows', and your argument started with me, thinking that somehow I was pro windows. I run a 100% Freebsd shop for servers, I am the official ports maintainer for the freebsd SA port, surly you can't say I am pro-windows. And I wrote a book about FreeBSD: http://www.freebsd-corp-net-guide.com/ so can we stop comparing dick sizes and get back to the discussion? /* disclaimer.. I use razor, which is NOT cloudmark, and the razor plugin for SA does NOT 'blacklist' ip addresses my desktop does run mac osx.. with clamav, because there ARE worms for mac osx */ put your head in the sand, obviously you aren't getting enough money to pay you to fix your clients computers. As I already stated... if you want to blame MS, then don't deal with any clients who use MS. if you want to help your clients, then set up a good update/fix/ scan/ patch, audit policy. not our fault, its your client. You know, back in 2000 when I published that book I used to think the way you did - that if I could but just get those dumb Windows customers to realize that it's their choice of operating system that is providing the buco bucks to support Microsoft's lazy ass, and perpetuating the problem with viruses, that they would all have a flash of insight and immediately stop funding the Evil Empire, and MS would disappear in a cloud of smoke, and life would be wonderful in the computer industry again. Then, I grew up. Seriously. I understand your POV - that when people choose to buy Windows, they choose a bug-ridden, filthy piece of sheit OS, and it's their choice of that which creates the environment to allow these evil scammers and spammers to proliferate and torture the rest of us. Thus, it's their fault, and screw them and the OS they rode in on. However, your never going to get those people to stop using Windows and start using something better like FreeBSD, until you and your aliases lose that attitude. These buyers of Windows don't know a security hole from a bung-hole. All they care about is being able to surf the web/watch hulu/run their business/send an e-mail/etc. Most of them don't even have a choice anyway - when they go into the store, and see the Dell sitting there with Win 7 preloaded costing $399 on sale, and right next to it the same system Dell sitting there with Linux preloaded costing $499, and never on sale, it doesn't take a rocket scientist to realize that the $499 system is nothing more than a token that Dell throws out to make the claim that they do actually offer Linux preloads. And the reason the retailer is willing to take a hit on his markup on the $399 Dell and not on the $499 Dell is because he sells 1000 of those a month, and 20 of the Linux Dells a month. So, the customer buys the cheaper machine and cha-ching, another $30 goes off into the wormhole to the Microsoft vault. Microsoft has organized the computer industry so that they have a guaranteed revenue stream. They are as much a marketing company as a software company - they are, in fact, exactly like CocaCola in this regard. They have it fixed so that even the people who are planning on wiping their shit off the hard drive of the new computer before even booting it up, pay them something. That is the reality of it - and expecting the average user to buck this trend is frankly asking way, way too much. If your shopping for a new car, and I told you to buck the trend and spend $10K more money for an all-electric car that has 3 wheels and a top speed of 35mph and isn't licensed to go on the highway, just because the automakers who produce gas-burners are evil, would you do it? Of course you wouldn't. Yet your attitude towards the average user is EXACTLY the same. You blame them for propping up MS, I blame you for destroying the planet when you drive a gas burner to your Save The Whales conventions. If you ever want FreeBSD, or Linux or any non-Windows system to grow, the ONLY way is to understand that the average Windows-running user is a victim from the moment he walks into the computer store and plunks down his cash for a machine. He's just looking for solutions. Give them to him, and he will do whatever you tell him to. The Linux people found that out which is why Ubuntu is kicking ass in the distribution game, even though it's not as good as Debian. And, we here found that out which is why SA is the most popular content filter out there. Ted PS, if your really the SA porter, thanks for your effort!
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
John Hardin wrote: On Thu, 12 Nov 2009, Ted Mittelstaedt wrote: Chris Hoogendyk wrote: I also heard stories of my son doing battle with hackers who had gotten into his Linux system. Keep in mind that those were not the Linus-written Linux programs, those were programs like Telnet, Sendmail, etc. which predated both Linux, the GPL, and GNU in many cases - and Linus merely took those programs and applied his license to them. I think the OpenBSD people in particular would object to people saying that one of their boxes with Sendmail compiled on it, that was hacked into, was insecure. FreeBSD likely as well. Once Linus's clue phone rang and he changed the load defaults to have all those programs disabled during installation, Linux stopped having those problems. Ted, I think you're attributing far too much to Linus here. The distro maintainers decide which service daemons they include and set their initial startup policies. Linus just developed the kernel. Your absolutely right, of course. Cheap, (but fun) shot. Ted
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
Ted Mittelstaedt wrote: PS, if your really the SA porter, thanks for your effort! easy enough to verify: http://www.freebsd.org/cgi/ports.cgi?query=scheidellstype=maintainer -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _
RE: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
Michael Scheidell wrote: ...omissis... If our clients were DELIBERATELY spamming, say they thought they were going to send out a marketing mail or some such, then you would be correct. But they were not. They were simply using the largest software company on Earth's products - Microsoft - like everyone else in the world who has those products do. I have a Mac G4 running OSX sitting on my desk here, next to my Windows box. I also have a FreeBSD system running FreeBSD6 and firefox 3 in the other room. On either of those systems I could have done EXACTLY THE SAME THING that the user at this client who got cracked into did - I could have opened the same e-mails, gone to the same websites, etc. - and I WOULDN'T have been cracked. So, explain again why this was THEIR fault? Don't you think that the botnet writer has just a tiny tiny bit of blame here? What about the software developer being paid more money than God sitting up in a nice comfortable office in Redmond who wrote that piece of shit that our client was using, and included dozens of security holes that are exploited by botnet writers, don't you think that HE has just a tiny tiny bit of culpability? Every other current production operating system on the face of the earth doesn't seem to be regularly hijacked by spammers. So, why are you going to give Microsoft a pass? Why exactly is it that when a user of Microsoft Windows doesn't apply patches that it's their fault when their system is cracked? What exactly do you think a patch IS? If their system had been written properly in the beginning it wouldn't need to be patched. If they weren't logged in as administrator - which is necessary for Windows desktop systems since most Windows software developers are shit-ass lazy bastards who ignore the Microsoft directives about writing usermode programs so they don't have to run as the root, I mean administrative, user to get any functionality out of them - then even if they had been cracked it would only be their profile trashed, and the bot wouldn't go any further. If you write software for Apple and you do it in such a way that your MacOS X software requires root access to run, then if your software gets ANY amount of visibility, you will get a call from Apple politely trying to educate you, and if you ignore this then they get nasty, and if you ignore that, then they publically speak against your software - and then all the Apple users will stop buying your shit, and you will be out of business. What, you think Microsoft has LESS pull than Apple in this area, and couldn't do the same thing? In the last 3-4 years there's been less than 5 root-exploitable holes in Apache - which is arguably the most popular UNIX program ever, and is installed on the most Unix systems in the world - yet Apache isn't even installed on all of them. I can't remember when the last root-exploit came out for a program that is enabled on FreeBSD out of the box - it might have been the Telnet bug so many years ago. Yet, every week there's DOZENS of security patches that MS releases for XP and Vista and soon, Windows 7. So, please save your moralizing. Microsoft is the richest software company in the world, they get PAID REAL MONEY by everyone that uses their crap - yet they can't produce a secure OS to save their lives. By contrast, Debian, Ubuntu, FreeBSD, OpenBSD - all UNPAID, and all ROUTINELY release os's that are not attackable by botnets. And Apple used FreeBSD as it's base for Darwin - and they ALSO have no problems in this regard either. Please, name 5 viruses that routinely attack MacOSX. Our clients retain outside expertise because THEY KNOW THEY ARE BONEHEADS when it comes to software. And, your expecting boneheads to actually see through the ten thousand tons of marketing BULLCRAP that Microsoft's bowl movements dump on the business world every year, claiming their stuff is so great, so secure, so all-fired-wonderful? You say the world really needs to protect itself from botnets? Jesus, I think the world REALLY needs to protect itself from MICROSOFT. They OBVIOUSLY have absolutely NO SENSE WHATSOEVER of responsibility for the piece-o-shit, holey as swiss cheese, crapware that they stick up the collective ass of the world's businesses every year. I can almost excuse the botnet writers - they at least are amoral sociopaths and are doing EXACTLY as I would expect criminals to behave. But, Microsoft couldn't be more two-faced if every one of their employees had eyes, ears, nose and a mouth on the back of their heads. They EVEN HAD a secure security model - remember NT 3.51? You know, the ONLY version of Windows where ring 0 was separated from usermode programs? And they chucked that out with NT4 when they pushed the video system into ring 0 so that crap-ass games could run faster. Who cares that it allowed malware to take over the system.
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
Giampaolo Tomassoni wrote: Michael Scheidell wrote: ...omissis... If our clients were DELIBERATELY spamming, say they thought they were going to send out a marketing mail or some such, then you would be correct. But they were not. They were simply using the largest software company on Earth's products - Microsoft - like everyone else in the world who has those products do. I have a Mac G4 running OSX sitting on my desk here, next to my Windows box. I also have a FreeBSD system running FreeBSD6 and firefox 3 in the other room. On either of those systems I could have done EXACTLY THE SAME THING that the user at this client who got cracked into did - I could have opened the same e-mails, gone to the same websites, etc. - and I WOULDN'T have been cracked. So, explain again why this was THEIR fault? Don't you think that the botnet writer has just a tiny tiny bit of blame here? What about the software developer being paid more money than God sitting up in a nice comfortable office in Redmond who wrote that piece of shit that our client was using, and included dozens of security holes that are exploited by botnet writers, don't you think that HE has just a tiny tiny bit of culpability? Every other current production operating system on the face of the earth doesn't seem to be regularly hijacked by spammers. So, why are you going to give Microsoft a pass? Why exactly is it that when a user of Microsoft Windows doesn't apply patches that it's their fault when their system is cracked? What exactly do you think a patch IS? If their system had been written properly in the beginning it wouldn't need to be patched. If they weren't logged in as administrator - which is necessary for Windows desktop systems since most Windows software developers are shit-ass lazy bastards who ignore the Microsoft directives about writing usermode programs so they don't have to run as the root, I mean administrative, user to get any functionality out of them - then even if they had been cracked it would only be their profile trashed, and the bot wouldn't go any further. If you write software for Apple and you do it in such a way that your MacOS X software requires root access to run, then if your software gets ANY amount of visibility, you will get a call from Apple politely trying to educate you, and if you ignore this then they get nasty, and if you ignore that, then they publically speak against your software - and then all the Apple users will stop buying your shit, and you will be out of business. What, you think Microsoft has LESS pull than Apple in this area, and couldn't do the same thing? In the last 3-4 years there's been less than 5 root-exploitable holes in Apache - which is arguably the most popular UNIX program ever, and is installed on the most Unix systems in the world - yet Apache isn't even installed on all of them. I can't remember when the last root-exploit came out for a program that is enabled on FreeBSD out of the box - it might have been the Telnet bug so many years ago. Yet, every week there's DOZENS of security patches that MS releases for XP and Vista and soon, Windows 7. So, please save your moralizing. Microsoft is the richest software company in the world, they get PAID REAL MONEY by everyone that uses their crap - yet they can't produce a secure OS to save their lives. By contrast, Debian, Ubuntu, FreeBSD, OpenBSD - all UNPAID, and all ROUTINELY release os's that are not attackable by botnets. And Apple used FreeBSD as it's base for Darwin - and they ALSO have no problems in this regard either. Please, name 5 viruses that routinely attack MacOSX. Our clients retain outside expertise because THEY KNOW THEY ARE BONEHEADS when it comes to software. And, your expecting boneheads to actually see through the ten thousand tons of marketing BULLCRAP that Microsoft's bowl movements dump on the business world every year, claiming their stuff is so great, so secure, so all-fired-wonderful? You say the world really needs to protect itself from botnets? Jesus, I think the world REALLY needs to protect itself from MICROSOFT. They OBVIOUSLY have absolutely NO SENSE WHATSOEVER of responsibility for the piece-o-shit, holey as swiss cheese, crapware that they stick up the collective ass of the world's businesses every year. I can almost excuse the botnet writers - they at least are amoral sociopaths and are doing EXACTLY as I would expect criminals to behave. But, Microsoft couldn't be more two-faced if every one of their employees had eyes, ears, nose and a mouth on the back of their heads. They EVEN HAD a secure security model - remember NT 3.51? You know, the ONLY version of Windows where ring 0 was separated from usermode programs? And they chucked that out with NT4 when they pushed the video system into ring 0 so that crap-ass games could run faster. Who cares that it allowed malware to take over the system. Michael, get some perspective,
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
On 11-Nov-2009, at 18:34, Ted Mittelstaedt wrote: I will point out that MacOS 7, os* os9 were HIGHLY virus-prone, yet there were far fewer of them than OSX today. Er… that is simply not true. Not in anyway. As I recall, there were a total of 31 viruses for System 7 and one CD-ROM worm for System 8/9 (Autostart Worm). -- Strange things are afoot at the Circle K
Re: Getting off the Cloudmark formerly spamnet blacklist
On Mon, 2009-11-09 at 16:51 -0800, Ted Mittelstaedt wrote: Hi All, We have a customer who had a compromised mailserver, they fixed the server but are apparently still blacklisted by this company called CloudMark (www.cloudmark.com) that Comcast uses. In Googling around I see that Comcast just recently signed up this company a month ago. This company apparently sells a Spamassassin plugin, a spam filter for PC desktops, etc. Yes, the free plugin is razor2. I seem to recall they have a more-featured for-pay plugin, but razor2 uses cloudmark servers for all of its functionality. Anyway, our customer isn't delisted from this CloudMark blacklist, even though all of the RBL checkers on the Internet I can find claim that their IP address isn't spamming. I cannot find any delist request on their website either. Have you tried a razor-revoke? -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com
Re: Getting off the Cloudmark formerly spamnet blacklist
Daniel J McDonald wrote: On Mon, 2009-11-09 at 16:51 -0800, Ted Mittelstaedt wrote: Hi All, We have a customer who had a compromised mailserver, they fixed the server but are apparently still blacklisted by this company called CloudMark (www.cloudmark.com) that Comcast uses. In Googling around I see that Comcast just recently signed up this company a month ago. This company apparently sells a Spamassassin plugin, a spam filter for PC desktops, etc. Yes, the free plugin is razor2. I seem to recall they have a more-featured for-pay plugin, but razor2 uses cloudmark servers for all of its functionality. Anyway, our customer isn't delisted from this CloudMark blacklist, even though all of the RBL checkers on the Internet I can find claim that their IP address isn't spamming. I cannot find any delist request on their website either. Have you tried a razor-revoke? How can I? From what I know about razor-revoke, it's the recipients who are using razor and who get messages that razor tags as spam who are the ones that run this. Their recipients who are saying that their messages are being marked spam are comcast e-mail users. We aren't marking them as spam, we don't use Razor, and after learning about what's happened to them, it's doubtful that we ever will. Ted
Re: Getting off the Cloudmark formerly spamnet blacklist
Ted Mittelstaedt wrote: How can I? From what I know about razor-revoke, it's the recipients who are using razor and who get messages that razor tags as spam who are the ones that run this. Their recipients who are saying that their messages are being marked spam are comcast e-mail users. We aren't marking them as spam, we don't use Razor, and after learning about what's happened to them, it's doubtful that we ever will. actually, from the perspective of cloudmark, it did what it was supposed to do. it protected the clients who use if from a compromised system. getting on a blacklist is easy. anyone's, sorbs, barracuda, DCC, spamcop, anyones. getting off is hard. What you need to understand is that its really your clients fault for not taking care of the security issue BEFORE he had a problem. Sorry, but really, its your clients fault, and the world really needs to protect itself from botnets. Eventually (based on how cloudmark updates their system), your clients ip will be removed from their database. MAYBE (like barracuda, sorbs) they might have a way to for an accelerated removal. (barracuda, you either pay per domain, or fight your way though to someone who will do it for you) spamcop will automatically remove in (7 days?) if no more spam. DCC is 30 days (if using the DCC reputation filter) asking SpamAssassin group how to get off of cloudmark's list will be useless. Ask cloudmark. Ted _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com _
RE: Getting off the Cloudmark formerly spamnet blacklist
Daniel J McDonald wrote: ...omissis... How can I? From what I know about razor-revoke, it's the recipients who are using razor and who get messages that razor tags as spam who are the ones that run this. Their recipients who are saying that their messages are being marked spam are comcast e-mail users. We aren't marking them as spam, we don't use Razor, and after learning about what's happened to them, it's doubtful that we ever will. Ted For what I know, Razor works on message hashes (more or less like DCC and IXHash do). So, the Cloudmark site doesn't supply any delisting tool because it is not the source IP to get listed, but the spammy messages hashes. I don't even know details about how razor hashes the message, so it *may* eventually be that some piece of message (like, in example, an automatic foot sign, or an automatic logo image) triggers the razor plugin. I would suggest to manage with the recipient to attempt razor-revoking the FP messages. You could also attempt to get help at the Vipul's Razor list: razor-us...@lists.sourceforge.net . Regards, Giampaolo
Re: Getting off the Cloudmark formerly spamnet blacklist
Giampaolo Tomassoni wrote: Daniel J McDonald wrote: ...omissis... How can I? From what I know about razor-revoke, it's the recipients who are using razor and who get messages that razor tags as spam who are the ones that run this. Their recipients who are saying that their messages are being marked spam are comcast e-mail users. We aren't marking them as spam, we don't use Razor, and after learning about what's happened to them, it's doubtful that we ever will. Ted For what I know, Razor works on message hashes (more or less like DCC and IXHash do). So, the Cloudmark site doesn't supply any delisting tool because it is not the source IP to get listed, but the spammy messages hashes. Wikipedia has a decent enough explanation of how it works. I don't even know details about how razor hashes the message, so it *may* eventually be that some piece of message (like, in example, an automatic foot sign, or an automatic logo image) triggers the razor plugin. I would suggest to manage with the recipient to attempt razor-revoking the FP messages. Well, I don't think this is possible since Cloudmark wraps the Razor system in a blanket, the ISP that buys Cloudmark is never told that Razor is behind it, and Comcast further wraps whatever Cloudmark gives them, so that their own users don't know what it is that Comcast uses for spam filtering (Comcast probably rebrands Cloudmark as comcast spam filter or some such.) I would presume, knowing Comcast, and knowing the average ability of the typical Comcast e-mail user, that the razor-report and rezor-revoke is being done silently, automatically, behind the scenes. Perhaps when a user pulls a message out of their junk mail folder, it razor-revokes it. The customer already called Comcast and complained, they were told essentially to do nothing and the system will fix itself eventually. You could also attempt to get help at the Vipul's Razor list: razor-us...@lists.sourceforge.net . It's not really my problem, to be honest. In this scenaro we are only assisting our customer with running their -own- mailserver, the customer -isn't- using -our- mailserver. If they were, this never would have happened. The situation is your typical small-company-mentality of well we have 15 employees here and Exchange is so superior that we are gonna spend 10 thousand dollars on it, on a server for it, and on paying someone (our ISP in this case) to put it together for us since we don't know how it goes together - instead of merely paying our ISP a nominal fee per year per mailbox hosted on a UNIX system. You cannot argue with this logic, which is why we decided a long time ago we wouldn't, and got into the on-site support business as well as the ISP. In actuality, in this situation it technically wasn't the mailserver that actually got compromised, it was a desktop PC - but since the desktops and exchange server are both behind a NAT, from the outside world they are considered the same device. Our role is that of a consultant - and we have to play ball by their rules, not ours. Meaning that once the helpful people on this list pointed me in the right direction so that I could figure out what we were dealing with, the ball is now in our customers court. They don't want to pay our labor to sit for hours on the phone with Comcast tech support, and I can't blame them, I wouldn't either. Ted Regards, Giampaolo
Re: Getting off the Cloudmark formerly spamnet blacklist
Oh, come now; like calling Comcast is going to get you anywhere. Per: http://www.spamresource.com/2009/10/top-five-tips-for-dealing-with.html I've had success with Comcast. Been good to me. Generic Abuse: http://postmaster.comcast.net/ Personally, I'd fill out Comcast's form at: http://www.comcastsupport.com/rbl Then bill your customer. Regards, Jared Hall General Telecom, LLC. Ted Mittelstaedt wrote: Giampaolo Tomassoni wrote: Daniel J McDonald wrote: ...omissis... How can I? From what I know about razor-revoke, it's the recipients who are using razor and who get messages that razor tags as spam who are the ones that run this. Their recipients who are saying that their messages are being marked spam are comcast e-mail users. We aren't marking them as spam, we don't use Razor, and after learning about what's happened to them, it's doubtful that we ever will. Ted For what I know, Razor works on message hashes (more or less like DCC and IXHash do). So, the Cloudmark site doesn't supply any delisting tool because it is not the source IP to get listed, but the spammy messages hashes. Wikipedia has a decent enough explanation of how it works. I don't even know details about how razor hashes the message, so it *may* eventually be that some piece of message (like, in example, an automatic foot sign, or an automatic logo image) triggers the razor plugin. I would suggest to manage with the recipient to attempt razor-revoking the FP messages. Well, I don't think this is possible since Cloudmark wraps the Razor system in a blanket, the ISP that buys Cloudmark is never told that Razor is behind it, and Comcast further wraps whatever Cloudmark gives them, so that their own users don't know what it is that Comcast uses for spam filtering (Comcast probably rebrands Cloudmark as comcast spam filter or some such.) I would presume, knowing Comcast, and knowing the average ability of the typical Comcast e-mail user, that the razor-report and rezor-revoke is being done silently, automatically, behind the scenes. Perhaps when a user pulls a message out of their junk mail folder, it razor-revokes it. The customer already called Comcast and complained, they were told essentially to do nothing and the system will fix itself eventually. You could also attempt to get help at the Vipul's Razor list: razor-us...@lists.sourceforge.net . It's not really my problem, to be honest. In this scenaro we are only assisting our customer with running their -own- mailserver, the customer -isn't- using -our- mailserver. If they were, this never would have happened. The situation is your typical small-company-mentality of well we have 15 employees here and Exchange is so superior that we are gonna spend 10 thousand dollars on it, on a server for it, and on paying someone (our ISP in this case) to put it together for us since we don't know how it goes together - instead of merely paying our ISP a nominal fee per year per mailbox hosted on a UNIX system. You cannot argue with this logic, which is why we decided a long time ago we wouldn't, and got into the on-site support business as well as the ISP. In actuality, in this situation it technically wasn't the mailserver that actually got compromised, it was a desktop PC - but since the desktops and exchange server are both behind a NAT, from the outside world they are considered the same device. Our role is that of a consultant - and we have to play ball by their rules, not ours. Meaning that once the helpful people on this list pointed me in the right direction so that I could figure out what we were dealing with, the ball is now in our customers court. They don't want to pay our labor to sit for hours on the phone with Comcast tech support, and I can't blame them, I wouldn't either. Ted Regards, Giampaolo
Re: Getting off the Cloudmark formerly spamnet blacklist
On 10-Nov-2009, at 08:48, Ted Mittelstaedt wrote: I would presume, knowing Comcast, and knowing the average ability of the typical Comcast e-mail user, that the razor-report and rezor-revoke is being done silently, automatically, behind the scenes. Perhaps when a user pulls a message out of their junk mail folder, it razor-revokes it. Really? My impression of Comcast would lead me to believe that they completely disabled any sort of razor-revoke at all. -- From deep inside the tears that I'm forced to cry From deep inside the pain I--I chose to hide
[Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
if I reply to the mailing list and not you directly, you should reply to the mailing list. Original Message Subject:Re: Getting off the Cloudmark formerly spamnet blacklist Date: Tue, 10 Nov 2009 12:25:20 -0800 From: Ted Mittelstaedt t...@ipinc.net Organization: Internet Partners, Inc. To: Michael Scheidell scheid...@secnap.net References: 4af8b90d.6040...@ipinc.net 1257856143.17916.13.ca...@mcdonalddj-dc.austin-energy.net 4af98170.3080...@ipinc.net 4af986af.8040...@secnap.net Michael Scheidell wrote: Ted Mittelstaedt wrote: How can I? From what I know about razor-revoke, it's the recipients who are using razor and who get messages that razor tags as spam who are the ones that run this. Their recipients who are saying that their messages are being marked spam are comcast e-mail users. We aren't marking them as spam, we don't use Razor, and after learning about what's happened to them, it's doubtful that we ever will. actually, from the perspective of cloudmark, it did what it was supposed to do. it protected the clients who use if from a compromised system. However, it's false-positiving things, thus once the spamming has stopped, it's now malfunctioning. Most people would rather get 10 spams that the spam filter missed than have 1 legitimate mail message marked spam. Granted, this ratio falls off - people are more forgiving of false positives the fewer times that they happen - but nobody wants all of their incoming mail marked spam due to overly aggressive spam filters. Keep in mind here that it isn't the SENDERS who are originating the complaints - it's the RECIPIENTS. The Recipients are seeing all mail from their corespondents at this company being marked spam, and complaining to the senders - the senders (now) are not spamming, so the recipients have, in my opinion, a valid complaint to make against Comcast. It so happens the only recipients complaining that this company is sending spam are the ones on Comcasts server. Nobody else on the Internet, using any OTHER kind of spam filtering service, is seeing their stuff (now) being marked spam. Thus, in stacking Cloudmark up against all of the other blacklists on the Internet, it's clearly a failure. Not because it blocked, but because it didn't STOP blocking, when every other spam filter system on the Internet was smart enough to stop blocking. getting on a blacklist is easy. anyone's, sorbs, barracuda, DCC, spamcop, anyones. getting off is hard. Untrue. As I said, the first thing I checked was the public blacklists and none of them had this customer listed. Getting off of these lists is easy - you just stop spamming, and wait 24 hours or so, and your off most of them, and the few your not off you just submit requests to remove and they take you off. What you need to understand is that its really your clients fault for not taking care of the security issue BEFORE he had a problem. Sorry, but really, its your clients fault, and the world really needs to protect itself from botnets. Michael, friend, you got things very wrong here. If our clients were DELIBERATELY spamming, say they thought they were going to send out a marketing mail or some such, then you would be correct. But they were not. They were simply using the largest software company on Earth's products - Microsoft - like everyone else in the world who has those products do. I have a Mac G4 running OSX sitting on my desk here, next to my Windows box. I also have a FreeBSD system running FreeBSD6 and firefox 3 in the other room. On either of those systems I could have done EXACTLY THE SAME THING that the user at this client who got cracked into did - I could have opened the same e-mails, gone to the same websites, etc. - and I WOULDN'T have been cracked. So, explain again why this was THEIR fault? Don't you think that the botnet writer has just a tiny tiny bit of blame here? What about the software developer being paid more money than God sitting up in a nice comfortable office in Redmond who wrote that piece of shit that our client was using, and included dozens of security holes that are exploited by botnet writers, don't you think that HE has just a tiny tiny bit of culpability? Every other current production operating system on the face of the earth doesn't seem to be regularly hijacked by spammers. So, why are you going to give Microsoft a pass? Why exactly is it that when a user of Microsoft Windows doesn't apply patches that it's their fault when their system is cracked? What exactly do you think a patch IS? If their system had been written properly in the beginning it wouldn't need to be patched. If they weren't logged in as administrator - which is necessary for Windows desktop systems since most Windows software developers are shit-ass lazy bastards who ignore the Microsoft directives about writing usermode programs so they don't have to run as the root, I mean administrative
Getting off the Cloudmark formerly spamnet blacklist
Hi All, We have a customer who had a compromised mailserver, they fixed the server but are apparently still blacklisted by this company called CloudMark (www.cloudmark.com) that Comcast uses. In Googling around I see that Comcast just recently signed up this company a month ago. This company apparently sells a Spamassassin plugin, a spam filter for PC desktops, etc. Anyway, our customer isn't delisted from this CloudMark blacklist, even though all of the RBL checkers on the Internet I can find claim that their IP address isn't spamming. I cannot find any delist request on their website either. The markeing baloney on their website claims the most widely-deployed messaging security solution in the world today... which I feel is highly suspect. Beyond this, I have no experience with them and was wondering if anyone has bought their SA plugin and can relate any good or bad experiences they have with them. Ted
