Currently spammed stocks

Posted by jerry as Uncategorized

This is a list of stocks being pumped and dumped by spammers. Trading in these stocks during such a time would be risky at best.

The currently spammed stocks pummeling inboxes worldwide are:

CHFR - China Fruits - This one has been spammed for quite some time.

CEOA - CEO America

CBRP - Cambridge Resources Corp. - Several different spamming approaches are being used for this, including the plain-text email with the pump, and a some image based ones that are completely illegible, except that they match up to the plain-text ones being received.

UTEV - United Environmental Energy Corp.
VCDY - Voice Diary Inc.

Spam Spam Spam

Posted by jerry as Uncategorized

You’ve probably noticed a sharp increase in spam lately.  Here’s an interesting story behind a big driver behind the increase: http://www.eweek.com/article2/0,1895,2060235,00.asp

 Basically, trojaned PCs are being used in a very sophisticated network to send out spam.  These bots are sending out very unique spam that incorporates random text that is collected from the internet with an image that carries the “payload”.  Each image is custom generated.  Even if it is possible to effectively OCR the image for processing, the volume that these mails are coming out will strain even the most capable mail servers, putting mail administrators in a difficult position.  The only effective way to block this spam is to adopt some unpopular filtering tactics, like:

• blocking mail from a “dynamic ip”
• enforcing protocol compliance (dns, smtp, etc)
• using controversial DNS block lists

Unfortunately, spammers are forcing the hands of mail administrators.  This is forcing out those who run their own mail servers at home or on similar systems.  Ultimately, there will be no choice - we as mail administrators will have to do it in order to survive.  It will not be a 100% solution to the problem, but it will greatly reduce or eliminate the impact of spam originating from home computers participating in a spam botnet.

Intoxicated by hydrogen

Posted by jerry as alternative fuels, technology

Here we go again: http://www.businessweek.com/magazine/content/06_48/b4011432.htm?campaign_ic=bier_innvg

First hydrogen fuel cell motorcycle.  Yay.  We can crank these things out for the 3rd world masses and urban dwellers and our pollution problems are solved.  One of the comments on that page sums up the great misconception about hydrogen fuel cells well: you just put water in, the fuel cell splits out the hrdrogen, then converts the hydrogen into water which produces electricity.  Sadly, that’s not how the world works, Johnny.  If it did, I’d quit my job and I’d cranking out electricity from the Chattahoochie River like nobody’s business. 

You Cannot Get Something For Nothing

Fuels cells are simply a method of converting a fuel directly into usable energy, without most of the waste heat losses involved in burning it to turn a turbine, push a piston or boil water.  You must supply it with hydrogen to use.  That hydrogen has to come from somewhere.  The only real method we have to produce hydrogen on any scale is through electrolysis of water.  That takes electricity.  More electricity than is obtained through the fuel cell. 

Hydrogen is NOT an energy source

Unlike gasoline, hydrogen is NOT a source of energy.  It is a storage media.  It is the equivalent of a battery.  Electricity has to go into it, in order for anything to come out of it.  The only exception to this is if we somehow found a deposit of “pure” hydrogen or we were able to magically pull the hydrogen out of water without using more energy than can be obtained from the extracted hydrogen.  So far, neither seems likely.

Hydrogen Economy

You may have heard of the “hydrogen economy” before.  Basically, that’s the production and distribution of hydrogen on a scale equivalent to diesel or gasoline.  Major “refineries” which would extract hydrogen from water, pipelines and tanker trucks to move the presumably liquid or compressed hydrogen around, and fuel stations to deliver the hydrogen. 

All Is Not Lost

While hydrogen is not the panacea that many people understand it to be, there are some big advantages.  The primary advantage is that it uses electricity to create.  That means that we can use conventional nuclear power, solar power, geothermal power, wind power, wave/tidal power, or the more traditional coal/natural gas power.  Large scale production will yield efficiency improvements in extracting hydrogen from water.  The second great benefit is that it’s really easy to create.  Conceivably, a small “reactor” could be bought for home use that would plug into your house electrical system, connect to your garden hose to feed it water, and output hydrogen directly into your “gas tank”.  Gas stations are no longer a necessity and will likely have a hard time competing with home produced hydrogen, unless the mass produced variety can be produced much more efficiently.

Problems Ahead

Hydrogen has some steep drawbacks.  The attribute that makes is a good energy storage media also makes is very dangerous.  Hydrogen is very energetic.  Fires or explosions that result from hydrogen tanks on vehicles will be very deadly.  Hydrogen is also very hard to contain.  It’s small molecular size allows it to seep through even solid metal containers, however slowly.  Refueling will also be much more dangerous than it is with gasoline.

MS Announces intentions of collecting royalties from Linux users

Posted by jerry as Uncategorized

It was only a matter of time.  A company like Microsoft has a vast portfolio of patents.  So vast, that most people that do anything with a computer are violating one patent or another.  Apparently, MS has not been sufficiently pleased with the return on it’s contributions to the SCO lawsuits, and is starting to make noise about going after users themselves.  They have already struck a deal with SUSE, which grants all SUSE users rights to use MS’ intellectual property, and are looking to do the same with others.

The reality is that MS has to do something soon to keep themselves from becoming irrelevant in the server and desktop OS space.  It’s also a good business model to make money off of your competitors’ success.  In MS’ case, it likely crosses the monopolistic barrier.  The really interesting part of this story, though, is their timing.  MS has had 6 years of a sympathetic administration and congress.  They wait until a week and a half after a democratic majority is elected into the congress - a majority that has already started gumming up the ATT/Bell South merger.

I suspect MS is cognizant of this and will keep their actions to rhetoric and the occaisional “protection racket” deal like they signed with SUSE/Novell.  Here’s the story: http://www.macworld.com/news/2006/11/17/ballmer/index.php

Election

Posted by jerry as politics

I’m happy that the election is behind us and that people are taking time out from their Internet porn and myspace friends to get out and vote their minds.  I voted for Bush both times, and I still most closely align myself with republicans (if you discount libertarians), but I’ve grown very unhappy with the way things have gone.  The repubs have launched an all out assualt on our http://www.epic.org/privacy/terrorism/usapatriot/“> rights in the name of security and it’s about time that nonsense came to an end.

It’s a sad day when I look forward to the democrats bringing fiscal responsibility to the government.  Unfortunately, they have their own agenda for world domination.  Instead of trying to enslave the population, they’ll make everyone reliant on the government for everything.  Seems like two sides of the same coin to me.

Good old Rummy stepped down.  Most unfortunately, they didn’t learn a DAMN THING from the gulf war 1.  All we hear about on the news is how many US troops died today.  That’s depressing.  We want to see shit blowing up.  Show us the video from JDAMS flying through windows, show us the night vision video of people getting blown up.  We had that stuff down to a science in gulf 1, and everyone was for the war.  We looked forward to going home in the evening and catching up on the latest bomb videos.  An the Stormin Normin briefings.  That was a war we could get behind.

A lot of people I talked to in the weeks leading up to the elections kept pointing out how the price of gas was dropping before the elections, as though there was a connection.  Now, we all know that Dick Cheney has a weather machine and controls much of the world from an evil lair somewhere, but with oil being a traded commodity, that really shows ignorance of how markets work.  It reminds of the hilarity that almost ensued in places like Hawaii and California where there was talk about putting a cap on gas prices.  Gas is a globally traded commodity as well.  You want to talk about a gas shortage - try going to the gas station some time and offering to pay half of what the listed price is and see how far you get.

I was under the impression that most people had to take economics in high school - isn’t that kind of thing covered?

Proud moments

Posted by jerry as Uncategorized

I have to take a minute to brag about something.  I’ve run another site - http://www.syslog.org for several years now.  Recently, it’s been cited as a source for several high profile papers, like this one:

http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf

and this one:

http://icsa.cs.up.ac.za/issa/2004/Proceedings/Research/066.pdf

On a humorous note, there is a site that claims to donate money to open source projects, including syslog:

http://www.nayika.com/partners/partners_open.html

You may have guessed that no money has changed hands, and you would be right.

In other news

Posted by jerry as Uncategorized

It was a particularly bad day to be a fish at my house.   I took a close look at the fish in my main (office) show tank, and they were quite fuzzy with fungus.  In my family room tank, I found the half eaten remains of a poor swordtail.  I’m starting to think that I’m running a concentration camp for fish. 

Jerry: 55

Fish: 0

Biometrics are a terrible idea

Posted by jerry as Security

Authentication is something that I’ve given a lot of thought to.  I see the world beginning to embrace biometrics as a mainstream method of authentication and it really scares me.  We seem to think that a fingerprint, retinal scan, or hand geometry is the holy grail of identifying a person.  In fact, the most we can reasonably hope to get out of biometrics is an initial guess at identity. 

Let’s take a finger print.  It’s a password that you cannot change, ever, yet you leave copies of it everywhere you go.  Retinal scans are harder to copy, but hand geometry is likely not hard at all.

The fundamental problem is that someone can easily and economically duplicate nearly any key biometrics that would be used for authentication without the owner or authenticating party knowing.  The ultimate in authentication is and will always be possessing something that is reasonably hard to duplicate, such as a pin generating fob.  You either have it, and no one else can successfully pose as you, or you don’t and you know that someone may be trying to pretend to be you.  Pairing that with a pin that is memorized is an effective combination, but the uniqueness of the device is the most important factor.

Basing authentication on a physical trait, finger prints, retinas, dna, hand geomretry, etc, may have some utility for trivial things like entering Disney World, but for things like legally binding contracts and access to sensitive data or sensitive areas, biometrics are simply too weak.

Mac insecurity

Posted by jerry as Security

As friends of mine well know, I work in the information security industry.  I’ve had many opportunities over the past few years to hear from more than a few Mac users about how much more secure things would be if we all just switched to Macs.  It is just like the debate that was had about windows and linux.  There are exploitable vulnerabilities in almost everything - Mac OS, Linux, Windows, etc, etc.  The reality is that the motives for finding and exploiting those vulnerabilities is largely financial.  As a “bad guy”, you don’t want to spend lots of effort creating malware to run on computers that only 2% of people have - no, you want to write for the masses, so you as much money as possible.  I heard recently that Macs creapt from 2% to 3% market share.  All I can say is that the current spate of Mac commercials are going to look pretty funny whilest in the middle of a series of day 0 vulnerabilities.  Welcome to the club.