Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Twitter Underground Market Research - pdf

Andy Isaacson adi at hexapodia.org
Wed Jun 5 22:16:23 PDT 2013


On Wed, Jun 05, 2013 at 06:33:16PM -0400, Rich Kulawiec wrote:
> One more point: operations that are this incompetent and negligent
> cannot possibly provide any real assurance of security and privacy
> to their users, because their putative operators are no longer in
> full control of them.  Not really.  Oh, they can make noises about
> doing so, and they can pretend that they're doing so...but they can't.
> 
> ---rsk
> 
> [1] One of the most profound, useful, cogent statements on this
> point comes from Paul Vixie via the NANOG mailing list:
> 
> 	If you give people the means to hurt you, and they do it, and
> 	you take no action except to continue giving them the means to
> 	hurt you, and they take no action except to keep hurting you,
> 	then one of the ways you can describe the situation is "it isn't
> 	scaling well".
> 
> This explains, in one sentence, precisely why we have a spam problem
> in 2013, thirty years after the fix for it was completely understood.
> 
> [2] One baseline test of this is to find out whether mail to the RFC-2142
> stipulated address abuse@[domain] is handled properly.  Responsible,
> professional operations route traffic sent to that address to a person
> or a team (depending on operation size/scope) who are ready and able
> to immediately investigate incidents and make the abuse stop.
> Irresponsible/abuse magnet operations route it to autoresponders
> and/or incompetent people, or blackhole it, or forward it to the 
> abusers (yes, really) or simply don't support the address.

This is a really deeply interesting assertion.  You seem to imagine a
bright line of "abuse" that is agreed on by all parties, with a policy
that can be implemented by thoughtful operators to "make the abuse
stop".  I submit that that is not the real world, in many different
dimensions.

I operate a large Tor exit node.  My provider has an abuse helpdesk
which gets quite a large number of complaints due to attackers using Tor
to log into freemail accounts (over SSL) where the freemail provider
includes the IP of the HTTPS client in the Received (or similar) headers
of their outbound spam.

How is my transit provider, or myself as a Tor exit node operator,
supposed to take action to stop this abuse?  Even if I could, I'm
certainly not going to prevent people from logging into their webmail
over HTTPS over Tor.

My provider notifies me when an abuse complaint is filed against my Tor
exit IP address.  Is my provider committing the sin you enumerated
above, of "forward[ing the abuse complaint] to the abuser"?  If I were
running a shady business on this machine rather than a Tor exit node
(which distinction is, apparently, lost on some folks), then I suspect
you'd answer "yes".

The abuse complaints are sometimes very questionable, resulting in
signficant load on the (expensive) "person or team who is ready and able
to immediately investigate" at very low cost to the complainer.

-andy



More information about the liberationtech mailing list