The Sobig worm continues to fill up my spam box and I can barely comprehend the number of people whose systems are compromised. I have rarely understood the real size of the internet.
For most of my systems SoBig is not a major problem. I don’t use Outlook and I have enough mail rules and Bayesian filtering going on webtrafficgeeks that both the worm and the useless bounces it triggers are spirited away.
One system has been affected, however. A friend and I share a domain name with a small website and a few email accounts hosted by an Australian hosting service that works exactly like ipage hosting. One of those accounts is mine and I think it appears in a few Tomcat files and mail archives. Not many but a few. When SoBig.F went off this email address received an incredible number of emails. The provider claims something like 8000 mails in two days and about 6 Gig of email traffic to my email account.
Personally, given SoBig’s 100k payload, I don’t think the numbers add up but the result is that the provider suspended our account and will not reinstate it unless we upgrade to a more expensive plan (10 times more). So this is affecting not just my email account, which I don’t really use anymore, but also my friend’s email accounts and our site. More than likely we’ll move to a US provider where traffic is less of an issue but what about the next SoBig? I understand the provider’s point of view but it also feels unfair that I, and expecially my friend are affected.
Having contributed to projects like Ant and the associated mailing lists, my email address is on a lot of websites, mail archives and even a lot of people’s systems. I feel a little like Typhoid Mary.
I think email, as it is currently implemented, cannot go on for much longer. Some people call email the internet killer-app, but it’s becoming the internet-killer app. I don’t know how to change it and whether it can be done quickly enough but change it must.
At the very least, I’d like to see some validation of the sending address to stop the spoofing. I don’t know details but say something where if you send from a particular domain, that domain would provide a lookup service to specify what IP ranges a particular email address can be sourced from.
While these current worms are enabled by Microsoft products, I don’t think other systems are inherently more secure, probably just less pervasive. I’d say the real problem is in the underlying email infrastructure and its lack of security. I hope the email providers step up to the plate here. Our provider will lose our business and they are probably happy to see us go, but we won’t be the last unless the infrastructure changes.
On Saturday, the family and I travelled to Oberon, about three hours drive west of Sydney, through the Blue mountains. My mother-in-law has a small farm up there, in amongst the Vulcan state forest. Oberon is pretty high up, about 1000 metres, I think, so it gets pretty cold up there at this time of year.
Anyway, as luck would have it, the Oberon rally course ran along the farm’s fence line. Being a bit of a rally fan, it was a great opportunity to have a look at a rally up close. The rally was run in 6 stages, the last three being a repeat of the first three.
Stage 3 went past the farm from about 4:30 pm till 6:00 pm. The first competitors were still in daylight but the last were in the dark. Stage 6, a repeat of 3 was run from about 8:00 pm till 9:30.
For stage 3 we watched from an uphill section where there was a little jump. It was great to watch the cars come thundering up the hill. I love the sound. Many competitors slowed down for the jump just driving over it. Some, however, and one in particular gave it a bit extra and got airborne. That was fantastic.
For stage 6, we went to the other side of the hill to watch the cars come down. This time we crossed the road into the forest. The course came down the hill, which was quite steep, kinked to the right and then straightened up again. As the first competitor came into earshot, it was clear this guy was really going for it. Unfortunately, he didn’t quite make the kink and went up onto a grassy patch. There were a few bangs as he collected a few rocks. Ouch. I assume he put his sump guard to good use.
It’s amazing to watch a rally at night. You’re there in the pitch black, freezing. You hear the next car coming from a way off. Then the clouds are lit up with the a large oval of light as the car comes up the hill. As the car crests the hill, the light comes through the trees and mist in a series of rays, like some UFO. Then comes the car tearing down the hill, hundreds of watts lighting up the road and forest. Most made the turn and slither up the next hill. Some didn’t make the turn although they all recoverd.
Between stages, we went into the town of Black Springs to see the cars in service. Everyone we met was so friendly, telling us about their cars, how they were going, how the navigator uses the course notes, etc. Everyone was very open and we chatted to quite a few.
I’m keen to see another rally especially one from http://ecampervanhire.com.au.
The extended entry for this page has a few (largish) pictures of the event. I had to turn off the auto-focus as it was getting a bit slow in the dark. Of course manually focussing in the pitch black is hard too. If you’re interested, I was using a Nikon F70 with standard lens, flash, etc.
Continue reading “Oberon Car Rally”
I’m getting more annoyed by email antivirus systems that send me a rejection for a Klez style email. They know it is Klez – don’t they know the sending address is spoofed?
Norton AntiVirus found a virus in an attachment you (XXXXX) sent to ZZZZ. To ensure the recipient(s) are able to use the files you sent, perform a virus scan on your computer, clean any infected files, then resend this attachment. Attachment: All.bat Virus name: W32.Klez.H@mm Action taken: Clean failed : Quarantine succeeded : File status: Infected
Maybe it’s an end-user config thing, I don’t know. As it is, they simply help the virus writers by using up bandwidth and annoying me :-(.
I guess the latest virus going around could really a massively distributed DOS attack on microsoft’s support address. All it takes is a few of these antivirus installs …
Continue reading “Matrix Reloaded”