On Sun, 5 Feb 2012 18:36:13 -0500
Ray Gasnick III wrote:
> Only solution thus far was to dump the victim IP address in our block
> into the BGP Black hole community with one of our 2 providers and
> completely stop advertising to the other.
Drew mentioned udp.pl and I also it could have been thi
I received the enclosed note, apparently from RIPE (and the headers check out).
Why are you sending messages with clickable objects that I'm supposed to use to
change my password?
---
From: ripe_dbannou...@ripe.net
Subject: Advisory notice on passwords in the RIPE Database
Date: February 9, 2
So because of phishing, nobody should send messages with URLs in them?
On Fri, Feb 10, 2012 at 8:56 AM, Steven Bellovin wrote:
> I received the enclosed note, apparently from RIPE (and the headers check
> out).
> Why are you sending messages with clickable objects that I'm supposed to use
> t
If they're intended as a path to log in with a typed password, that's correct.
Sad, but correct.
On Feb 10, 2012, at 12:18 PM, Richard Barnes wrote:
> So because of phishing, nobody should send messages with URLs in them?
>
>
>
> On Fri, Feb 10, 2012 at 8:56 AM, Steven Bellovin wrote:
>> I re
> So because of phishing, nobody should send messages with URLs in them?
more and more these days, i have taken to not clicking the update messages,
but going to the web site manyually to get it.
wy to much phishing, and it is getting subtle and good.
randy
On Feb 10, 2012, at 9:29 AM, Randy Bush wrote:
>> So because of phishing, nobody should send messages with URLs in them?
>
> more and more these days, i have taken to not clicking the update messages,
> but going to the web site manyually to get it.
>
> wy to much phishing, and it is getti
On Fri, Feb 10, 2012 at 12:18 PM, Richard Barnes
wrote:
> On Fri, Feb 10, 2012 at 8:56 AM, Steven Bellovin wrote:
>> I received the enclosed note, apparently from RIPE (and the headers check
>> out).
>> Why are you sending messages with clickable objects that I'm supposed to use
>> to
>> change
> It seems as if they're no longer written by non-native English
> speakers, which goes a long way towards making them more insidious.
> While still perfectly intelligible, most folks who use English as a
> second language don't speak in the same voice as, say, Wells Fargo
> corporate communication
In a message written on Fri, Feb 10, 2012 at 09:29:30AM -0800, Randy Bush wrote:
> more and more these days, i have taken to not clicking the update messages,
> but going to the web site manyually to get it.
>
> wy to much phishing, and it is getting subtle and good.
We know how to sign and
The line gets crossed when you send an unsolicited message that includes a
clickable change password link, that a phisher would find interesting
to emulate.
After the fact, if a phisher gets one of your customers to click on such a
link, you'd like to tell them them in response, or preemptively,
On 2012-02-10 18:37 , Leo Bicknell wrote:
[..]
> There's no reason my mail client shouldn't validate the signed e-mail
> came from the same entity as the signed web site I'd previously logged
> into, and give me a green light that the link actually points to said
> same web site with the same key.
> There's no reason my mail client shouldn't validate the signed e-mail
> came from the same entity as the signed web site I'd previously logged
> into, and give me a green light that the link actually points to said
> same web site with the same key. It should be transparent, and secure
> for the
> While still perfectly intelligible, most folks who use English as a
> second language don't speak in the same voice as, say, Wells Fargo
> corporate communications.
yep. if it's intelligible, it can't really be from wells fargo corp
comms.
randy
On Fri, 10 Feb 2012 09:37:01 PST, Leo Bicknell said:
> We know how to sign and encrypt web sites.
>
> We know how to sign and encrypt e-mail.
>
> We even know how to compare keys between the web site and e-mail via a
> variety of mechanisms.
>
> We know how to sign DNS.
>
> Remind me again why we
- Original Message -
> From: "William Herrin"
> Big problem with clickable objects which lead to PII (personally
> identifiable information) or passwords. That's how phishing works -- a
> disguised url that you either see at all or whose incorrect nature
> slips right past your brain. The
In a message written on Fri, Feb 10, 2012 at 06:46:43PM +0100, Jeroen Massar
wrote:
> The problem still lies in the issue that most people, even on this very
> list, do not use PGP or S/MIME. (and that there are two standards does
> not help much there either ;)
The problem space is still certifi
Leo,
This has nothing to do with the competency of the folks on the
nanog list. It's a safe rule in general. Why? Because the stupid on the
Internet outnumbers all of us. It's just easier to not send clickable
links then it is to have the call center lit up because your users are
getting h
> We know how to sign and encrypt e-mail.
there is a public key distribution and trust problem
> We know how to sign DNS.
not very reliably yet
randy
Haven't seen this come through on NANOG yet:
http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-encrypted-internet-traffic.ars
Can anyone with the ability confirm that TCP/443 traffic from Iran has
stopped?
Probably better than Iran doing man-in-the-middle...
Thanks,
Donald
=
Donald E. Eastlake 3rd +1-508-333-2270 (cell)
155 Beaver Street, Milford, MA 01757 USA
d3e...@gmail.com
On Fri, Feb 10, 2012 at 1:26 PM, Ryan Malayter wrote:
> Haven't seen this come through o
- Original Message -
> From: "Ryan Malayter"
> Haven't seen this come through on NANOG yet:
> http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-encrypted-internet-traffic.ars
>
> Can anyone with the ability confirm that TCP/443 traffic from Iran has
> stopped?
Lau
correct, it's down in Iran,
A few of my contacts got back to me confirming this a few hours ago.
-Original Message-
From: Jay Ashworth
Sent: Friday, February 10, 2012 2:29 PM
To: NANOG
Subject: Re: Iran blocking essentially all encyrpted protocols
- Original Message -
From: "
On Fri, Feb 10, 2012 at 1:00 PM, Jay Ashworth wrote:
>> From: "William Herrin"
>> Big problem with clickable objects which lead to PII (personally
>> identifiable information) or passwords. That's how phishing works -- a
>> disguised url that you either see at all or whose incorrect nature
>> sli
Original Message -
> From: "William Herrin"
> And if we could just train people to never send or accept email
> attachments, we could get rid of email-spread viruses. Not gonna
> happen -- the functionality is too useful.
>
> Security isn't just about what you can train someone to do...
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG,
TRNOG, CaribNOG and the RIPE Routing Working Group.
Daily listings are sent to bgp-st...@lists.ap
Yes I am from Iran and outgoing TCP/443 has been stoped ;)
--
Regards,
Shahab Vahabzadeh, Network Engineer and System Administrator
PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
On Feb 10, 2012, at 9:56 PM, Ryan Malayter wrote:
> Haven't seen this come through on NAN
On Feb 10, 12:01 pm, Leo Bicknell wrote:
> OSX at least has a central certificate store (Keychain), although
> it's not up to the tasks of the world I wish to have. Other OS's
> provide no central store, so each application maintains their own
> key store.
Windows has had its own centralized c
On 10/02/12 10:00 AM, Jay Ashworth wrote:
Even lots of*technical* people just don't understand what "a security-
related URL"*is*, and there's almost always no way to teach them.
Freakonomics recently aired a story about the problem of getting Doctors
to follow hand hygiene rules and wash the
On Fri, Feb 10, 2012 at 12:28:22PM -0500, Steven Bellovin wrote:
> If they're intended as a path to log in with a typed password, that's correct.
> Sad, but correct.
I agree. Training your customers/clients to click on URLs in email
messages is precisely equivalent to training them to be phish vi
- Original Message -
> From: "JC Dill"
> If you wanted to have a similar effect at $workplace, try a similar
> visual (e.g. a mockup of 2 screenshots, first clicking on a link in
> email then typing in a password on a webpage with a phishing URL (with a
> typo)) as the screen saver on all
On Fri, 10 Feb 2012 14:44:29 EST, Jay Ashworth said:
> a picture of an abandoned factory, with the doors flapping in the wind,
> bceause the company went out of business because someone got spearphished.
Has this ever been spotted in the wild? Serious question - most of the
well-publicized
spea
- Original Message -
> From: "Valdis Kletnieks"
> On Fri, 10 Feb 2012 14:44:29 EST, Jay Ashworth said:
> > a picture of an abandoned factory, with the doors flapping in the wind,
> > bceause the company went out of business because someone got spearphished.
>
> Has this ever been spotted
And in response
http://www.forbes.com/sites/andygreenberg/2012/02/10/as-iran-cracks-down-online-tor-tests-undetectable-encrypted-connections/
(quoting) :
“Basically, say you want to look like an XMPP chat instead of SSL,” he
writes to me, referring to a protocol for instant messaging as the
deco
In a message written on Fri, Feb 10, 2012 at 11:11:18AM -0800, Ryan Malayter
wrote:
> Windows has had its own centralized certificate store and APIs since
> NT 4.0's release in 1996.
You are correct that I maligned Windows in a way I shouldn't have
done. Indeed, I've been very impressed with the
On Feb 10, 2012, at 12:29 30PM, Randy Bush wrote:
>> So because of phishing, nobody should send messages with URLs in them?
>
> more and more these days, i have taken to not clicking the update messages,
> but going to the web site manyually to get it.
Yup -- I wrote about that a while back
(
On Feb 10, 2012, at 12:37 01PM, Leo Bicknell wrote:
> In a message written on Fri, Feb 10, 2012 at 09:29:30AM -0800, Randy Bush
> wrote:
>> more and more these days, i have taken to not clicking the update messages,
>> but going to the web site manyually to get it.
>>
>> wy to much phishin
- Original Message -
> From: "Steven Bellovin"
> What's the line -- "I know I'm paranoid, but am I paranoid enough?"
"Just because people say you're paranoid, that doesn't mean that there
*aren't* people out to get you."
Cheers,
-- jra
--
Jay R. Ashworth Baylink
On Fri, Feb 10, 2012 at 1:01 PM, Leo Bicknell wrote:
> In a message written on Fri, Feb 10, 2012 at 06:46:43PM +0100, Jeroen Massar
> wrote:
>> The problem still lies in the issue that most people, even on this very
>> list, do not use PGP or S/MIME. (and that there are two standards does
>> not
We're toying with the idea of a low bitrate 'lifeline' internet on our cable
system, maybe even bundled with a certain level of cable service.
First question, if you happen to be doing something like this, what bit rates
are you providing.
Second question, though 'real' internet customers all ge
In a message written on Fri, Feb 10, 2012 at 04:15:19PM -0500, William Herrin
wrote:
> The problem space is that most folks won't catch the difference
> between an email and link from ripe.net, ripe.org and ripe.ca. The
> game is lost long before a purely technical version of validating the
> mess
In a message written on Fri, Feb 10, 2012 at 03:19:24PM -0600, Eric J Esslinger
wrote:
> First question, if you happen to be doing something like this, what bit rates
> are you providing.
Comcast has a program with some of the best marketing around it right
now, their Internet Essentials service
BGP Update Report
Interval: 02-Feb-12 -to- 09-Feb-12 (7 days)
Observation Point: BGP Peering with AS131072
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS840253549 3.4% 29.9 -- CORBINA-AS OJSC "Vimpelcom"
2 - AS28683 32704 2.1
This report has been generated at Fri Feb 10 21:12:37 2012 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date
On Fri, Feb 10, 2012 at 09:29:30AM -0800, Randy Bush wrote:
> > So because of phishing, nobody should send messages with URLs in them?
>
> more and more these days, i have taken to not clicking the update messages,
> but going to the web site manyually to get it.
Web site? With the RIPE db one c
On Fri, Feb 10, 2012 at 09:37:01AM -0800, Leo Bicknell wrote:
> Remind me again why we live in this sad word Randy (correcly) described?
Because banks and many other institutions have prioritized all-singing,
all-dancing, bloated, horribly-badly-marked-up HTML email with
"stationary" and logos and
> So it's necessary to throw the baby out with the bathwater, and tell them
> never to click on a link...
That baby was ugly anyway
brandon
There used to be the old programming benchmark of how large a "program"
(in lines, as well as compiled bytes) it took to say "Hello, world."
The 21st century benchmark might now well be the size of a "Hello,
world" e-mail.
Or a web page with a similar statement.
Jeff
On 2/10/2012 6:46 PM, Rich
Leo Bicknell wrote:
> UPNP, NAT-PMP, the ability to enter static bypasses (DMZ's, NAT
> passthrough), combined with the problems of some applications that
> make thousands of TCP connections in a short order eating up ports
> makes it a nightmare to manage and debug.
The applications can simply b
On 10 February 2012 16:09, Brandon Butterworth wrote:
> > So it's necessary to throw the baby out with the bathwater, and tell them
> > never to click on a link...
>
> That baby was ugly anyway
>
>
HAHAHA.
My $0.02 on this issue is if the message is rich text I hover over the link
and see where
> My $0.02 on this issue is if the message is rich text I hover over the link
> and see where it actually sends me.
idn has made this unsafe
randy
In a message written on Sat, Feb 11, 2012 at 09:19:46AM +0900, Masataka Ohta
wrote:
> The applications can simply be debugged to use socket option
> of REUSEPORT.
"Simple" is subjective. Keep in mind many users will have a home
gateway which also does NAT. And indeed double NAT in the home (rou
Randy Bush wrote:
>> My $0.02 on this issue is if the message is rich text I hover over the link
>> and see where it actually sends me.
>
> idn has made this unsafe
I pointed it out at IETF Munich in 1997 that with an example of:
MICROSOFT.COM
where 'C' of MICROSOFT is actually a Cyril
On Friday 10 February 2012 17:24, Landon Stewart wrote:
> My $0.02 on this issue is if the message is rich text I hover over the link
> and see where it actually sends me. If I don't know what that link is then
> I don't click it.
Oh really? How about trying this Go to Google and search "is
On Fri, Feb 10, 2012 at 1:19 PM, Eric J Esslinger wrote:
> We're toying with the idea of a low bitrate 'lifeline' internet on our
> cable system, maybe even bundled with a certain level of cable service.
>
> First question, if you happen to be doing something like this, what bit
> rates are you pr
On Fri, 10 Feb 2012 16:24:11 PST, Landon Stewart said:
> I don't click it. Not sure how long it's going to take, probably a
> generation, for people to use some sense before mindlessly clicking on
> stuff.
Only if you find a way to keep more idiots from being born. :)
I don't think anybody wants
Unfortunately that's not under control of those businesses. This plain text
email you sent comes across with clickable mailto and http links in your
signature in most modern email clients despite you having sent it in plain
text. "Helpful" email program defaults won't force people to copy and pa
You might also want to think about it's not to far off that the gov starts
supplementing those cost of these users, with all the changes being made
in USF. Possible why comcast has started taking on these users to get a
good head count. Does anyone know with these low end comcast package does
the
57 matches
Mail list logo
