Hi Jim, Its cool to disagree. The reason why I don't like RBLs is that the people who maintain them aren't very professional. They aren't accountable, they can put anyone they like on them, and they thumb their collective noses at people who question the inviolate nature of their mission. Now, if they took responsibility, had a mechanism to be removed from the RBL within 24 hours when they make a mistake, and published their methods for determing how they add and remove entries from their RBL, then they would be legit in my eyes. Note that I don't have any problem for blacklisting SMTP servers configured as open relays. But those machines should be removed from the RBL within 24 hours that the open relay has been fixed. But as it stands now, most of the RBLs I'm aware of are run by people who are almost as abusive as the spammers the claim to protect us against. That is to say, they're run by power hungry little trolls who probably have never kissed a girl ;-) (or boy, if run by a woman). IMHO, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Saturday, August 30, 2003 10:06 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT: RE: Legal consequences (Was: RE: OT: Loser found responsible for worm) http://www.ISAserver.org Hi all, I agree that this isn't necessarily an ISA-specific issue, but it's not like it passed us by, either. I like (and sometimes use) the stove analogy, but it also follows that the kid will only suck-start a pistol once, too. As with any "learning mechanism", the value of personal experience has to be weighed against the potential damage incurred in that event. As a side note, there was other business-related fallout as well. http://slashdot.org/articles/03/08/27/0214238.shtml?tid=111&tid=126 I know Tom and others disagree with the use of RBLs as a rule, but I like them. I find the few false positives generated to be well worth the added benefit of a large reduction in spam. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, August 29, 2003 09:53 Subject: [isalist] RE: OT: RE: Legal consequences (Was: RE: OT: Loser found responsible for worm) http://www.ISAserver.org Hi Kenny, Very well said! I don't agree with all of it, but you can be my atty any time ;-) I think we probably should drop the topic now. Back to ISA Server fixing! Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Kenny Mann [mailto:Kennymann@xxxxxxxxxxx] Sent: Friday, August 29, 2003 11:46 AM To: [ISAserver.org Discussion List] Subject: [isalist] OT: RE: Legal consequences (Was: RE: OT: Loser found responsible for worm) http://www.ISAserver.org I'm unsure if this topic should really continue on the mailing list, so if anyone wants it to stop, please ask. I don't know any better. Do I think Microsoft could have done a better job? Maybe. They have lots of money. Could they have placed more [money] in security? Yes. Should they have to? No. They are a company, their goal is to make money. Don't get me wrong, I think they [Microsoft] are doing an excellent job as far as getting better for security. When you say that once you start blaming the victim, the game is over, agree and disagree. I sleep with my doors locked at night. I do some amount of effort every night to make sure no one can get in easily. People should do the same with their computers. The price of freedom is forever vigilance. At where I work, we barely felt a tap from this because the servers were up to date. We have some people receiving massive amounts of mail trying to get through with attachments because someone else is infected. On the other hand, with a company with hundreds of servers, this is a much more difficult task (especially of management micro-manages to hell and doesn't let you for whatever reason) so I do have sympathy for other buisness's. Currently I'm having mixxed feelings about this. Had that person not written those virus's, lotsa people would not have updated their machine and thus been open to an even worse attack by some other monkey. I don't think the virus writter is 100% to blame, but I think he is about 95% to blame. Something I overheard a whole ago... A mother sees her child about to touch a hot stove and says "Don't touch that, it's hot." and repeats. A father says "He's only gonna touch it once." By this I mean, if people get hit hard, they will learn to udpate their machines and attacks like this will be more difficult to make. Perhaps these views are skewed, could someone give me their views? Kenny Mann >-----Original Message----- >From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] >Sent: Friday, August 29, 2003 11:19 AM >To: [ISAserver.org Discussion List] >Subject: [isalist] RE: Legal consequences (Was: RE: OT: Loser >found responsible for worm) > > >http://www.ISAserver.org > > >Hi Kenny, > >I honestly don't see how anyone can reasonably blame Microsoft >(unless you're a lawyer and want to cash in). > >Microsoft has put in more than enough due dilegence in trying >to protect their systems. Criminals *must* be held accountable >for their criminal behavior. Once you start blaming the >victim, the game is over and everyone loses. Microsoft was a >victim, I was a victim, you were a victim, and millions of >others were victims. > >Jim mentioned that the worm was the result of "research". >Well, does all research need to be done. During WWII in >Germany, there was some medical research done in the field of >neurology that provided information we still depend on today. >Should that research been done? The information would have >become available using legit means later. > >Just some food for thought on where people might best spend >their time and effort. > >IMHO, >Tom > >Thomas W Shinder >www.isaserver.org/shinder >ISA Server and Beyond: http://tinyurl.com/1jq1 >Configuring ISA Server: http://tinyurl.com/1llp > > > > >-----Original Message----- >From: Kenny Mann [mailto:Kennymann@xxxxxxxxxxx] >Sent: Friday, August 29, 2003 11:08 AM >To: [ISAserver.org Discussion List] >Subject: [isalist] Legal consequences (Was: RE: OT: Loser >found responsible for worm) > > >http://www.ISAserver.org > > >Hmm, I've started thinking... >The kid is probably going to be put to jail for a long while >and given some hefty fines for billions of dollars worth of >damages probably. > >Should we treat virus writers (and modifiers) as rapists and >murderers? For the most part, most viruses do not deal bodily >harm or really hurt someone. Hmm, interesting question. I >believe I recall one of the viruses (Sobig or Lovsan) that >screwed over a Nuclear Power Plant. Many people could have >died because of his actions. Not just cost business's money, >cost people their lives. Should Microsoft be held partly >responsible for not devoting enough to security or should >people have their own fault to blame because they didn't >update their machine, or should it all go to the virus >writter? OR spread it around? If I write a virus and it deals >$100 million, but the guy across the street writes one and it >deals $4 billion, will the consequence be adjusted accordingly? > >In my administration folder (A folder which received emails >that state if anything weird happens), I get 100+ more emails >per day of prohibited attachments and such because this dude >wrote a virus. On the other hand, I get _more_ emails from >spammers. Almost all those viral emails are directed towards >only 4 people of our <50 person company. > >Something to dwell on for the day. > >Kenny Mann > >>-----Original Message----- >>From: Bill Kuhn - MCSE [mailto:bkuhn@xxxxxxxxxxxxx] >>Sent: Friday, August 29, 2003 10:58 AM >>To: [ISAserver.org Discussion List] >>Subject: [isalist] RE: OT: Loser found responsible for worm >> >> >>http://www.ISAserver.org >> >> >>I'd still use the sharpest tool in the shed on his head. I >>have some sharp tools in my shed and I volunteer to use them >>on him and on each and every other criminal a$$hole who pulls >>that kind of stunt. >> >>-----Original Message----- >>From: Bailey, Matthew [mailto:MBailey@xxxxxxxxxxx] >>Sent: Friday, August 29, 2003 10:35 AM >>To: [ISAserver.org Discussion List] >>Subject: [isalist] RE: OT: Loser found responsible for worm >> >> >>http://www.ISAserver.org >> >> >>I don't think I made my point very clearly. The guy they >>arrested today deserves EVERYTHING he gets and maybe more. I >>think the point I was making is they haven't caught the true >>culprit behind Blaster worm just some script kiddie who >>modified the existing code and tested it in a public place. >>We aren't talking about the sharpest tool in the shed. >> >>- Matt >> >>Matthew Bailey >>LAN Engineer >>CSK Auto, Inc. >>Voice: 602.631.7486 >>Fax: 602.294.7486 >> >> >>------------------------------------------------------ >>List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist >>ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >>ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ >>------------------------------------------------------ >>Other Internet Software Marketing Sites: >>Leading Network Software Directory: http://www.serverfiles.com >>No.1 Exchange Server Resource Site: http://www.msexchange.org >>Windows Security Resource Site: http://www.windowsecurity.com/ >>Network Security Library: http://www.secinf.net/ Windows >>2000/NT Fax Solutions: http://www.ntfaxfaq.com >>------------------------------------------------------ >>You are currently subscribed to this ISAserver.org Discussion >>List as: kennymann@xxxxxxxxxxx To unsubscribe send a blank >>email to $subst('Email.Unsub') >> > >------------------------------------------------------ >List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist >ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ >------------------------------------------------------ >Other Internet Software Marketing Sites: >Leading Network Software Directory: http://www.serverfiles.com >No.1 Exchange Server Resource Site: http://www.msexchange.org >Windows Security Resource Site: http://www.windowsecurity.com/ >Network Security Library: http://www.secinf.net/ >Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com >------------------------------------------------------ >You are currently subscribed to this ISAserver.org Discussion List as: >tshinder@xxxxxxxxxxxxxxxxxx >To unsubscribe send a blank email to >$subst('Email.Unsub') > >------------------------------------------------------ >List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist >ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ >------------------------------------------------------ >Other Internet Software Marketing Sites: >Leading Network Software Directory: http://www.serverfiles.com >No.1 Exchange Server Resource Site: http://www.msexchange.org >Windows Security Resource Site: http://www.windowsecurity.com/ >Network Security Library: http://www.secinf.net/ >Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com >------------------------------------------------------ >You are currently subscribed to this ISAserver.org Discussion >List as: kennymann@xxxxxxxxxxx >To unsubscribe send a blank email to >$subst('Email.Unsub') > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')