HomeBlog

It's Just this Little Chromium Switch Here

Weblogging and commentary by Chip Rosenthal

News of Hotmail Vulnerability Circulating

Submitted by chip on Tue, 10-Jun-2003 - 1:03 am
in

On Saturday night I blogged an article discussing a Hotmail vulnerability that is being exploited by spammers. The problem has been getting progressively worse over the past three months, without Microsoft doing much (apparent) to stop it.

The article has been circulating a bit since. The next morning, the article was linked on Slashdot. Later that day, The Inquirer posted an article. Maybe with the heightened visibility, Microsoft will finally address the DAV spam problem.

I want to make one clarification. The problem is not a bug in the protocol implementation, but rather flaws in the overall system design. Microsoft is allowing anybody to relay email (with forged headers, no less!) through the Hotmail servers. It appears the only limit is that the account cuts off after 100 spams/day, but that's not much of a limit when the spammer can easily generate thousands of accounts.

Not everybody is seeeing this problem. Some people have questioned whether this is a problem, based on the small amount of DAV spam in their mailbox. The headers on the DAV spam I have look very similar. I believe what I'm seeing probably is the work of one spammer. If you are on that spammer's list then it's a problem. If you aren't on that list then it's not much of a problem--yet! If Hotmail allows this vulnerability to persist, you know other spammers are going to jump on the bandwagon.

Finally! The Argument Against E-Postage

Submitted by chip on Sat, 07-Jun-2003 - 10:54 pm
in

Link: An Overview of E-Postage. (826KB PDF)

I recently blogged a pointer to John Levine's critique of challenge-response anti-spam systems. There is another bad anti-spam technology people have been talking about lately: e-postage. John has just posted a new paper that highlights its many problems.

The idea behind e-postage is to turn the economics of Internet email around, from recipient pays to sender pays. If you can do that, then you've just obliterated the economic foundation that underpins spam.

It turns out, however, that e-postage suffers from many flaws. I think John's arguments regarding the scale of the infrastructure required to support e-postage and users' attitudes toward micropayments are very compelling.

The arguments about failures in the system--the "Postage Games" section--seem less so. That's unfortunate, because I believe that's one of the most critical problems with e-postage systems. System failures can negate the value of the system (i.e. spammers get around it), or even cause great harm (i.e. spammers swindle money from innocent victims, a few e-stamps at a time). Since this paper is a work-in-progress, I think these concerns may be better reflected in a future version.

Hotmail Vulnerability Being Exploited by Spammers

Submitted by chip on Sat, 07-Jun-2003 - 8:10 pm
in

A new--but not well known--Microsoft vulnerability is being exploited by spammers, creating even more junk mail in your inbox.

Runoff Election Today

Submitted by chip on Sat, 07-Jun-2003 - 11:10 am
in

Today is the runoff election that will determine who holds Place 5 on the Austin City Council. Polls are open until 7p.m., so there is plenty of time to vote today. The candidates are Margot Clarke and Brewster McCraken.

Brewster has attracted support from the moneyed interests and suburban voters, while Margot has been getting most of her support from central city voters. Truth is, on most issues they aren't really that far apart.

There is, however, one issue that separates them: the new smoking ban.

If Brewster is elected, the ordinance probably will fall. There is a good chance the council will re-examine the issue once Mayor Garcia leaves office. Brewster has indicated he's against the ordinance, which means if he's elected the opposition would have a 4-3 majority, and the ban would be rescinded.

Margot, on the other hand, supports the smoking ban. So, if she's elected there is a greater chance it will survive. It's one of the reasons why I voted for her.

If the smoking ban is an issue you feel strongly about, you probably want to participate in today's election.

Interesting Articulation

Submitted by chip on Sat, 07-Jun-2003 - 10:41 am
in

Here is an interesting articulation. It's an issue I've thought about a lot, myself. I'm glad to see that David has at least sketched out some of the obvious, superficial aspects of the situation. Good job! One of these days, I need to find time to blog my more encompassing approach.

A Breath of Fresh Air

Submitted by chip on Fri, 06-Jun-2003 - 12:07 am
in

Yesterday, the new Austin Smoking ordinance passed its third and final reading. There was some question whether the majority would hold together, but they did, and so as of September 1 our bars and clubs will be smoke free.

Here is information from the message just sent out by Smoke-Free Austin:

On Thursday, June 5th the Austin City council voted for a third and final time on the smoke-free ordinance and passed it by a vote of 4-3. The ordinance will now make all bars and all restaurants throughout Austin SMOKE-FREE! The distance from an opening of a building where smoking is permitted was set at 15 feet.

The implementation date for the ordinance will be Sept. 1st, 2003. This will allow for education in the community regarding the new ordinance.

Bingo halls, fraternal organizations, outdoor patios and billiard halls were exempted as expected.

I think this is great news. I hope the non-smokers will make a special effort to go out and help ease the transition to a smoke-free environment.

Creative Commons License May Create Dangerous Liability

Submitted by chip on Sun, 01-Jun-2003 - 12:47 pm
in

Link: An issue people may not be aware of with the Creative Commons licenses.

The writings of this weblog used to be provided under a Creative Commons License. Effective immediately, and with large amounts of disgust and anger, I have terminated that.

The intent of adopting that license was to allow people to copy and use any information I publish on my weblog. The actual effect, however, is that I ended up making representations and warranties that create significant legal liability on my part.

I am quite perturbed by this. It is completely my fault: I failed to do an adequate review of the legal document before adopting it. I trusted the Creative Commons folks to not get me into trouble. That's why I'm feeling somewhat hoodwinked about the whole ordeal.

So, at least for the time being, I've replaced the CC license with, "All rights reserved." Contact me if you want permission to copy.

Modify This, Suckah

Submitted by chip on Fri, 30-May-2003 - 10:31 pm
in

Last night, the EFF-Austin gang did a little dog-n-pony show for The Robot Group. We presented some highlights (and lowlights) of our work with the Texas legislature this session. Our greatest highlight, by far, was killing SB1116, the so-called Super DMCA.

These laws make tinkering with and modifying equipment a crime. Your Internet provider, for instance, could tell you what kind of equipment you can connect to the line and what you can do with it, under penalty of law.

The Robot Group makes twisted animatronic devices from salvage equipment. These folks modify gear in ways their creators could never have envisioned--and in many cases would be aghast to discover.

Any effort to outlaw this sort of work is just wrongheaded. Yet, that's exactly what the movie and music moguls are trying to do. It's not that they are afraid of robots. They're afraid that people who modify equipment are going to steal from them. So they are trying to outlaw not the stealing, but the modification that may, in some cases, lead to theft.

We need folks like the Robot Group to help demonstrate that modification doesn't always lead to theft. Sometimes it just leads to really cool stuff.

Signs of Recovery

Submitted by chip on Fri, 30-May-2003 - 9:54 pm
in

This week I saw the first positive sign that relief from this recession may be ahead. I didn't find it on CNBC or the Wall Street Journal. I saw it on Ebay.

During the boom, Internet companies were wasting fistfuls of money on Aeron chairs and pallets of 1U and 2U servers. When these companies went bankrupt, their only assets were piles of crappy code, desk chairs and rack servers. The code ended up flushed down the toilet--along with the employees. The hard assets, however, ended up on Ebay.

When I looked several months back, there were some great deals to be had on rackmount servers. You could find tons of them on Ebay. It must have been a fearsome sight to server manufacturers: all of these computers available for a fraction of the cost of the unsold machines in their warehouses. In fact, I had a theory that manufacturers were pushing the blade form factor in a cynical attempt to make people think 1U and 2U servers were obsolete.

When I checked last week, I was surprised to discover the glut had dried up. There was little used equipment to be had. About all I could find were Intel ISP1100 barebones chassis servers, which are fairly lightweight (old socket 370, 100MHz bus) and somewhat awkward (no video, no CD).

This means that server purchases are going to have to go to the manufacturers rather than the used market. It also suggests somebody out there has been buying servers. This could mean recovery is ahead, and once technology spending picks up, the recovery will accelerate.

Happy Anniversary

Submitted by chip on Tue, 27-May-2003 - 8:50 pm
in

Six months ago I couldn't even spell blogger. Now I is one.