Weekly Wire
Nashville Scene Despamming

Tracking a cyberthief

By James Hanback Jr.

AUGUST 24, 1998: 

Who steals my purse steals trash; 'tis something, nothing;
'Twas mine, 'tis his, and has been slave to thousands.
But he who filches from me my good name
Robs me of that which not enriches him,
And makes me poor indeed.
--Othello, Act 3, Scene 3


When you're fighting the good fight for a cause you believe in, it's great to know you're not alone. Such was my experience late last month when I learned that my notorious spammer, the California-based World Touch Inc., has been named the defendant in the first anti-spam lawsuit filed under the state of Washington's new anti-spam law.

The lawsuit, which was filed in late July, seeks damages against World Touch for spamming e-mail addresses owned by Adam Engst, publisher of the Web magazine TidBITS, http://www.tidbits.com.

As regular readers of this column may remember, World Touch was asked to stop spamming the Nashville Scene's e-mail server but responded by sending double or triple the load of the same message: "E-MAIL MARKETING WORKS!"

World Touch also disguised the origin of its e-mail, making it nearly impossible for its spam victims to track the spamming to its source, to return the unwanted e-mail, or even to request that World Touch stop sending it.

According to the Seattle Times Web site (www.seattletimes.com), Washington's anti-spam law makes it illegal to put misleading information in spam e-mail subject lines. It also makes it illegal to disguise the actual origin of an e-mail. World Touch allegedly violated the new law on both counts.

Engst hopes the court will award him $1,000 for each World Touch e-mail he received, plus a $500 fine for each World Touch e-mail other people received while using Engst's servers.

The mere filing of the lawsuit has apparently stopped World Touch from sending any more spam, although more than enough damage has already been done. When one spammer grabs hold of your e-mail address, you can expect a flood of others to follow close behind.

What's more, it seems that any victory against spam e-mail is short-lived. No sooner had World Touch stopped spamming the Scene than I noticed that my Web server was being peppered by e-mail relay attempts from other companies, presumably companies that had obtained the IP address from World Touch.

E-mail server "relay" can be used to disguise the origin of spam by bouncing it through other servers all over the world. To a layman's eyes, the spam appears to have originated from the last server it bounced through, possibly damaging the reputation of an otherwise innocent business.

My servers are protected against spam relay, but that doesn't mean the spammers have given up trying. In fact, I've been tracking one spammer who continually attempts to relay spam through my server as he moves from Internet service provider to Internet service provider--a typical spammer trick. As he finds a new provider, I contact that provider and warn him about what's happening. The spammer's account is usually canceled within 24 hours, at which point he is forced to find another provider.

The state of Washington is a leader in the war against irresponsible Internet spam, and I hope other states, including Tennessee, will follow that lead, passing similar laws to protect their netizens.

You can e-mail your state representative about the dangers of spamming. Find his or her e-mail address at http://www.state.tn.us.

Good night, Devil; thou hast been cast aside by the will of thine own would-be victims.


Bytes

iMac attack

The iMac is here. It officially hit the stores Aug. 15, and Apple is behind it 100 percent.

It has no floppy drive, does not support SCSI (small computer system interface) devices like Zip or Jaz drives, but it does have a CD-ROM and Universal Serial Bus, supposedly the new standard for external devices like disk drives, scanners, and more.

The iMac comes in a futuristic, translucent case and harkens back to the marketing strategy for the original Macintosh release in 1984.

The iMac's lack of older technology apparently has not deterred consumers from purchasing the new Internet-geared machine.

Apple Computer Inc. has reportedly received more than 150,000 orders for the iMac since it started taking them on Aug. 3. The company has also seen its stock rise to a three-year high as a result of the iMac announcement and the return of Steve Jobs. At a starting price of $1,299, the iMac is the cheapest Macintosh on the market and the cheapest in the history of the company.

But before you go out and purchase an iMac, make certain it is the computer that fits your needs. It's not for everybody. Talk with your Apple retailer to find out for certain whether the iMac will do what you need it to do.


Snail e-mail

The U.S. Postal Service is hoping to get into the Internet business by taking over the little-recognized .us Internet domain, according to recent Internet reports.

The Postal Service's plan is to provide "everyone" with e-mail access, by hand-delivering printouts of e-mail sent to the .us domain.

Because e-mail is growing in popularity, the Postal Service believes it will be providing a service by connecting customers who have Internet access to those who either have no Internet access or have no computer.

While the plan defeats the immediacy of e-mail, and will still cost you the price of a stamp, it does allow computer users to send a letter quickly and easily without printing it, stuffing it into an envelope, stamping the envelope, and trudging out to the mailbox.

In addition, the Postal Service hopes controlling the .us domain will encourage use of that domain along with use of the e-stamp, postage that can be purchased online and printed.

Still, there's something to be said for that feeling of immediacy that comes with e-mail. Why bother e-mailing if it's going to be delivered by a postman anyway?


Better solutions

With all the recent attention that's been given to the security holes in Netscape Communicator's e-mail program, Microsoft's Outlook and Outlook Express, and Eudora, systems administrators all over the country may currently be downloading patches and installing them over and over again on client machines.

They needn't rush, according to a recent statement from www.sendmail.org. Sendmail, a program that's run largely on Unix e-mail servers and handles the reception and delivery of e-mail, now has a patch that cures the problems with the e-mail clients, but it doesn't require that each client be patched individually.

The bug in the e-mail programs occurs when files with too-long filenames are downloaded by the end user. The resulting crash leaves a hole through which hackers can gain entrance to the user's system and upload viruses or play other heartless tricks.

Sendmail's new patch seeks out file names longer than 200 characters and automatically truncates them before delivering them to the end user, thus eliminating the problem.

The patch for Sendmail 8.9.1 is available at www.sendmail.org. According to a statement on the site, Sendmail itself is not vulnerable to the 200-character filename bug, but the patch was developed at the request of CERT (Computer Emergency Response Team). The statement also notes that the patch is merely intended to provide administrators time to install the client patches for Communicator, Outlook, Outlook Express, and Eudora. It is not meant to replace them.


James Hanback Jr. is systems administrator for the Scene. E-mail him at james@nashscene.com.


Weekly Wire Suggested Links














Page Back Last Issue Current Issue Next Issue Page Forward

News & Opinion: 1 2 3 4 5 6 7 8 9 10 11 12 13 14

Cover . News . Film . Music . Arts . Books . Comics . Search

Weekly Wire    © 1995-99 DesertNet, LLC . Nashville Scene . Info Booth . Powered by Dispatch