Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

2004-01-02 Thread Alan Brown
On Tue, 30 Dec 2003, Bill Stewart wrote:

 The reason it's partly a cryptographic problem is forgeries.
 Once everybody starts whitelisting, spammers are going to
 start forging headers to pretend to come from big mailing lists
 and popular machines and authors, so now you'll not only
 need to whitelist Dave Farber or Declan McCullough if you read their lists,
 or Bob Hettinga if you're Tim (:-), you'll need to verify the
 signature so that you can discard the forgeries that
 pretend to be from them.

 You'll also see spammers increasingly _joining_ large mailing lists,
 so that they can get around members-only features.

This has already happened:

Krazy Kevin pulled this stunt 5 years ago on at least one list I was on,
joining the list to harvest the most common posters, then spamming using
them as sender envelopes after he'd been kicked off.

 At least one large mailing list farm on which I've joined a list
 used a Turing-test GIF to make automated list joining difficult,

...discrimination against blind users - this is legally actionable in
several countries. There is a blind group in the UK taking action
against a number of companies for this and the Australian Olympic
committee ended up being fined several million AU$ for the same offence
in 1999.

 and Yahoo limits the number of Yahoogroups you can join in a day,
 but that's the kind of job which you hire groups of Indians
 or other English-speaking third-world-wagers to do for you.

To underscore that point, I've _watched_ cybercafes full of SE asians(*)
doing exactly this kind of thing for the princely sum of US$5/day -
twice the average wage of the area, even after the cafe fees were
deducted.

(*) Philippines and east Malaysia.

AB

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

2003-12-30 Thread Alan Brown
On Tue, 30 Dec 2003, Eric S. Johansson wrote:

  But using your spam size, , the slowdown factor becomes roughly
 73 times.  So they would need 73 machines running full tilt all the time
 to regain their old throughput.

Believe me, the professionals have enough 0wned machines that this is
trivial.

On the flipside, it means the machines are burned faster.

 unfortunately, I think you making some assumptions that are not fully
 warranted.  I will try to do some research and figure out the number of
 machines compromised.  The best No. I had seen to date was about 350,000.

It's at least an order of magnitude higher than this, possibly 2 orders,
thanks to rampaging worms with spamware installation payloads
compromising cablemodem- and adsl- connected Windows machines worldwide.

AB




-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]