Category Archives: Law

Ogee pushed iWeb and Canada up SpamRankings.net in March 2012

AS 32613 IWEB-AS was far ahead of the Canadian spamming pack in the March 2012 SpamRankings.net. iWeb improved a lot towards the end of the month, but will it stay improved? AS 14366 MTNCABLE plateaued early, dropped, then took first at the end of the month. Could they have the same problem?

Why yes, both iWeb and MTNCABLE appear to be infested by Ogee snowshoe spamming.

This problem is bad enough that Canada rose from country #46 in January to #34 in February and #25 in March. You can’t see that on the countries top 10, like you can for the U.S., which snowshoe spamming pushed to #1 worldwide in March, but internally SpamRankings.net keeps track of rankings of all countries worldwide, and indeed Canada went form #46 in January to #25 in March.

-jsq

Snowshoe spamming pushed the U.S. to #1 worldwide in March 2012 SpamRankings.net

Previously unseen Brinkster’s AS 33055 BCC-65-182-96-0-PHX took first place. AS 10439 CARINET leapt from #8 last month to #4 for March for the U.S., and was up to second place at the end of the month. Six ASNs joined the U.S. top 10: were they all due to snowshoe spam, too? Brinkster was so bad it made #8 on the world top 10!

Last month’s winner AS 21788 NOC finally cleaned up its act a bit, dropping from #1 to #5. Six ASNs dropped out of the top 10. Four of them (Webhost-ASN-1, LIMESTONENETWORKS, PEER1, and ATMLINK) popped to the top 10 last month due to snowshoe spam. The other two (NTT and Charter’s ASNs) didn’t even have to spam less to drop out, because this month’s top 10 had so much more spam.

But the US ASNs that got worse pushed the U.S. to #1 spamming country. The slope of that U.S. world top 10 curve for the last dozen days of March looks just like the Brinkster and CARINET ASN curves in the U.S. top 10. Very impressive, to drive the whole country into the countries top 10!

-jsq

 

 

Did snowshoe spamming cause the big February spam surge?

It turns out the source of the big spam surge that rocketed eight ASNs

Rank
(Previous)		 ASN
1 (9) AS 21788 NOC
2 (-) AS 27229 WEBHOST-ASN1
3 (-) AS 46475 LIMESTONENETWORKS
4 (-) AS 33055 BCC-65-182-96-0-PHX
6 (5) AS 15149 EZZI-101-BGP
7 (-) AS 13768 PEER1
8 (-) AS 10439 CARINET
9 (-) AS 7796 ATMLINK
to the top of the U.S. February 2012 SpamRankings.net was not a botnet: it was apparently snowshoe spamming. Here are the most-affected eight U.S. ASNs again, with their rankings for February, listed in the table on the right.

So, Ogee is not a botnet; it is a collection of IP addresses apparently involved in snowshoe spam. It’s also not new. Ogee is just a specific set of snowshoe addresses. But what is snowshoe spam?

Paul Roberts wrote for ThreatPost 6 October 2011, Expert: Eight Years Later, ‘Snowshoe Spam’ Suggests CAN SPAM Not Working,

Brett Cove, a researcher for anti malware firm Sophos, told attendees at the annual Virus Bulletin Conference on Thursday that so-called “snowshoe spam” is becoming a bigger problem, even as spam e-mail volumes associated with botnets are receding. Snowshoe spam is responsible for the bulk of spam messages that make it past anti spam filters at U.S. firms, even as bulk senders avoid prosecution by adhering to the letter of the U.S. CAN SPAM anti-spamming law.

Snowshoe spam isn’t a new problem. In fact, within anti spam circles, researchers have been talking about the phenomenon for years. The term “snowshoe” spam comes from the tactic of spreading the load of spam runs across a wide range of IP addresses as a way to avoid detection by anti spam filters, in the same way that snowshoes spread the weight of their wearer across a wide area to avoid breaking through snow and ice.

Anti spam filters are typically programmed to allow only a small volume of identical e-mail messages from the same IP address range, Cove told Threatpost. Snowshoe spam is able to avoid—or postpone—the filters by sending mail from a range of addresses, often leased by the bulk mail senders, he said.

That may sound a lot like low-and-slow botnet spamming, but there are five key differences:

Continue reading

Massive effects of reputational rankings on law schools

Law schools game weak reputation rankings, which could be fixed, if the law schools, the bar association, or the ranking organization wanted to. If anyone doubts that reputational rankings can have massive effects on ranked organizations, read this.

David Segal wrote in the NYTimes 30 April 2011, Law Students Lose the Grant Game as Schools Win:

How hard could a 3.0 be? Really hard, it turned out. That might have been obvious if Golden Gate published a statistic that law schools are loath to share: the number of first-year students who lose their merit scholarships. That figure is not in the literature sent to prospective Golden Gate students or on its Web site.

Why would a school offer more scholarships than it planned to renew?

The short answer is this: to build the best class that money can buy, and with it, prestige. But these grant programs often succeed at the expense of students, who in many cases figure out the perils of the merit scholarship game far too late.

What makes law school rankings so easy to game? Continue reading

Organizing the Cloud Against Spam

In RIPE Labs, here’s a paper on Internet Cloud Layers for Economic Incentives for Internet Security by the IIAR Project (I’m the lead author). Anti-spam blocklists and law enforcement are some Internet organizational layers attempting to deal with the plague of spam, so far reaching a standoff where most users don’t see most spam, yet service providers spend large amounts of computing and people resources blocking it.
The root of the ecrime problem is not technology: it is money.
Continue reading

Loopholes Closed by FTC in CAN-SPAM Act Rules

The U.S. FTC has updated its regulations regarding the CAN-SPAM Act (PDF) to require:
(1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender;

(2) the definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act’s opt-out requirements;

(3) a “sender” of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act’s requirement that a commercial e-mail display a “valid physical postal address”; and

(4) a definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons.

FTC Approves New Rule Provision Under The CAN-SPAM Act, Press Release, FTC, May 12, 2008

These changes appear to tighten up what is required of marketers; they have to say who they are and they can’t weasel out by claiming a corporation is not a person.

However, it’s not clear to me why it’s opt-out that’s required; why not opt-in? I never trust a spammer to process an opt-out; I assume they’re just collecting more addresses. Plus the spammer still has ten days to process opt-out requests.

-jsq

Band Uses CCTV to make Music Video

getoutclause.jpg This is clever:

Unable to afford a proper camera crew and equipment, The Get Out Clause, an unsigned band from the city, decided to make use of the cameras seen all over British streets.

With an estimated 13 million CCTV cameras in Britain, suitable locations were not hard to come by.

They set up their equipment, drum kit and all, in eighty locations around Manchester – including on a bus – and proceeded to play to the cameras.

The Get Out Clause, Manchester stars of CCTV. By Tom Chivers, Telegraph.co.uk, Last Updated: 6:54PM BST 08/05/2008

Then they requested copies of the coverage from the various companies and law enforcement organizations owning the cameras through the British Data Protection Act, and got enough to use. They even managed closeups.

So maybe there is a use for CCTV, even though it’s failed at crime prevention. It’s a huge arts subsidy program!

-jsq

Class Action Coming for Identity Theft?

zerodaythreat.jpg It wouldn’t be a moment too soon:
I painfully predicted a few years back that phishing and related identity theft would result in class action suits. I lost my bet as it didn’t happen fast enough, but a significant step has been taken (reported by Lynn) with the publication of a book that apparently blames the banks and the software manufacturers for identity theft.

Signs of Liability: ‘Zero Day Threat’ blames IT and Security industry, Ian Grigg, Financial Cryptography, April 14, 2008

The book review iang quotes gets it about online crime not being amateur anymore: it’s organized. And it gets it about perhaps a more important point: Continue reading

Censorship as Security: GoDaddy Delists Cop Rating Web Site

ratemycop_2.jpg This is security?
A new web service that lets users rate and comment on the uniformed police officers in their community is scrambling to restore service Tuesday, after hosting company GoDaddy unceremonious pulled-the-plug on the site in the wake of outrage from criticism-leery cops.

GoDaddy Silences Police-Watchdog Site RateMyCop.com, By Kevin Poulsen, ThreatLevel, March 11, 2008 | 8:42:42 PM

Heaven forbid we should have public oversight of public servants.

This is customer service? Continue reading