Tux

...making Linux just a little more fun!

[OT] Interesting interview

Jimmy O'Regan [joregan at gmail.com]


Wed, 14 Jan 2009 19:53:43 +0000

(Sorry the subject wasn't more descriptive, but Rick's setup objected to the subject 'Interview with an adware author': 550-Rejected subject: Monitoring/spyware software or removal tools spam.)

http://philosecurity.org/2009/01/12/interview-with-an-adware-author

"It was funny. It really showed me the power of gradualism. It's hard to get people to do something bad all in one big jump, but if you can cut it up into small enough pieces, you can get people to do almost anything."


Top    Back


Ben Okopnik [ben at linuxgazette.net]


Wed, 14 Jan 2009 15:28:08 -0600

On Wed, Jan 14, 2009 at 07:53:43PM +0000, Jimmy O'Regan wrote:

> (Sorry the subject wasn't more descriptive, but Rick's setup objected
> to the subject 'Interview with an adware author': 550-Rejected
> subject:  Monitoring/spyware software or removal tools spam.)
> 
> http://philosecurity.org/2009/01/12/interview-with-an-adware-author
> 
> "It was funny. It really showed me the power of gradualism. It's hard
> to get people to do something bad all in one big jump, but if you can
> cut it up into small enough pieces, you can get people to do almost
> anything."

Oh, damn. I sent this to TAG yesterday, and I guess mine got kicked off for the same reason.

My favorite quote there described adware wars between competitors:

M: [...] I used tinyScheme, which is a BSD licensed, very small, very
fast implementation of Scheme that can be compiled down into about a 20K
executable if you know what you're doing.
 
Eventually, instead of writing individual executables every time a worm
came out, I would just write some Scheme code, put that up on the
server, and then immediately all sorts of things would go dark. It
amounted to a distributed code war on a 4-10 million-node network.
 
S: In your professional opinion, how can people avoid adware?
 
M: Um, run UNIX.
-- 
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *


Top    Back


Rick Moen [rick at linuxmafia.com]


Wed, 14 Jan 2009 16:28:04 -0800

Quoting Jimmy O'Regan (joregan@gmail.com):

> (Sorry the subject wasn't more descriptive, but Rick's setup objected
> to the subject 'Interview with an adware author': 550-Rejected
> subject:  Monitoring/spyware software or removal tools spam.)

Sorry about that. The setup does some initial interception in Exim4 (the MTA) based on certain text matches deemed far more likely than not to be junkmail, and there are some false positives. I started out with a prepackaged set of such filter specs, provided with J.P. Boggis's EximConfig, and once in a long while end up disabling one because there have been too many false positives on it. However, in general, J.P. struck the right balance, in my opinion.

That is, as annoying as having your legitimate mail fail because of trivial resemblance to autogenerated mail from malware, you should see the volume of crud that the filter blocks.


Top    Back


Rick Moen [rick at linuxmafia.com]


Wed, 14 Jan 2009 16:38:05 -0800

(Although I try not to rely on secrecy for effectiveness of antispam measures, it's probably best not to publish this subthread about postings being blocked by my antispam filters or not. Because I'd rather not publish the regexes, you see.)

Quoting Ben Okopnik (ben@linuxgazette.net):

> On Wed, Jan 14, 2009 at 07:53:43PM +0000, Jimmy O'Regan wrote:
> > (Sorry the subject wasn't more descriptive, but Rick's setup objected
> > to the subject 'Interview with an adware author': 550-Rejected
> > subject:  Monitoring/spyware software or removal tools spam.)
> > 
> > http://philosecurity.org/2009/01/12/interview-with-an-adware-author
> > 
> > "It was funny. It really showed me the power of gradualism. It's hard
> > to get people to do something bad all in one big jump, but if you can
> > cut it up into small enough pieces, you can get people to do almost
> > anything."
> 
> Oh, damn. I sent this to TAG yesterday, and I guess mine got kicked off
> for the same reason.

No, yours didn't trigger the subject-header filter in question, because your subject header was "Life under Windows these days" or something like that.

[[[Elided content]]] [list of regexes elided]


Top    Back


Ben Okopnik [ben at linuxgazette.net]


Wed, 14 Jan 2009 19:59:21 -0600

On Wed, Jan 14, 2009 at 04:38:05PM -0800, Rick Moen wrote:

> (Although I try not to rely on secrecy for effectiveness of antispam
> measures, it's probably best not to publish this subthread about
> postings being blocked by my antispam filters or not.  Because I'd
> rather not publish the regexes, you see.)

No problem; we have just the excision and cauterization tools required for the job (Kat's previous bio pic, in which she was holding a giant pair of scissors, would be highly apropos here.)

For future reference, there's actually a couple of tags that can be used here (TAG tags?) to either keep the content from being published or to keep it from being processed by our mailbag script. [[[Elided content]]] This paragraph won't be converted by the script but will be used raw, thus preserving the formatting instead of displaying the HTML tags as text. All this formatting stuff is, of course, documented in the TAG FAQ. (As I'm sure everyone is aware, this kind of thing is hard to remember and easy to forget - so all I can do is keep bringing it up when the occasion offers.)

[[[Elided content]]] [list of regexes elided]

Nice. Anyone using Mutt, or any other MUA that lets you hook program execution to actions within the MUA, could construct a "subject checker" that will either warn you (I'm not sure how you'd implement that one, though) or modify the subject automatically so that it no longer matches these.

However, to quote the oh-so-quotable Dubbya (from the Gibson interview about his upcoming retirement):

[...] wouldn't it be interesting for baby boomers not to retire in nice
places, but to retire -- during their retirement, go help people deal
with malaria or AIDS?
 
[...] I'm not suggesting that's what I'm going to do, but it is the kind
of thing that intrigues me.

Good luck to all you regex-wranglers out there. :)

-- 
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *


Top    Back