Dvorak gets no spam, now he gets no blog spam. 

But my spam problems have just begun:
I started getting nailed with casino, porn and commercial site spam.  They trackback promoting Disney Trips, penis enlargements or, my favorite, Texas Holdem.  I still get a few spam links about every few weeks or so.  And I'm currently getting and giving traffic to a casino site.. and I haven't figured out how that is happening.  I'm sure these bastards are usings some kind of software to locate vulnerable (anonymous accepting) blogs and nuke them.  I've had to terminate my anonymous comments and I'm thinking of shutting down my Trackbacks.  I also blocked a few repeat offenders.  For me, that is unfortunate because the interaction (free comments, links to and from relevant sites of many different oppinions) is the coolest thing about blogs.  Blog innocence has come and gone over night.

Appearently, Marc Perkel at ctyme.com has found a way to get rid of all spam providing you are using apache and on word press.

He does it with this code:

< location /blog/wp-comments-newpost.php >
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^.*dvorak.org/.*
RewriteRule ^.* http://www.ctyme.com/comment-spam.html
< /location >

read more | digg story

Many penetrations at the Department of Defense traced to China.
Analysts have code named the attacks Titan Rain and are divided as to
whether or not they are a coordinated effort by the Chinese government.
I think the more interesting question is why would the DoD release this
information to the press?
 
“Hi China we know what your doing?”

I don't think this should come as a surprise to anyone.  Nations
have been spying on each other (friendly or enemy) from the begining of
nations.  I think that these kind of cyber attacks will get much
more complex and clandestine in the near future.

A few month ago the U.S. military annouced the assembling of  the world's most formidable, multimillion-dollar weapons grade hacker unit program in order to launch bloodless cyberwar against enemy networks — from
electric grids to telephone nets.

Talk about cyberpunk and sci-fi come to life!  This all sounds
like Tom Clancy's NetForce.  Not my favorite Tom Clancy book but
great concept.

read more | digg story

This article explains how to setup and use a proxy to route all your
web surfing at work (or anywhere) through an encrypted tunnel to the
connection at your house. Uses OpenSSH and Privoxy. Leaves no trace of
the sites you visit and gets around any site blocking that may be setup.

Cool article.  Its got me wondering if you can have the same level
of privacy from an anonymous web proxy such as anonymizer.  I
don't see why not. 

As I recall from my old firewall DNS days, the traffic looked like that
code in the Matrix because there was so much of it going through our
server.  At the time, I was one of the “LAN Nazi's.”  We were
“guarding all the doors and hold all the keys.”  We monitored (and
stored all the traffic).  We'd see the occasional Titty sites but
typically we didn't crack down unless there was extreme abuse of the
security policy.  Usually, it was some guy working at the dead of
midnight that thought he could surf child porn safely… “trouble” is
not the word for what these guys were asking for.  In accordance
with the Privacy Act of 1987, we weren't allowed to actively look for
that type of stuff (as it would be in admissable in a court – due to
infringement privacy.. of course if it was terrorist act.. all bet are
off, IAW Patriot Act).  If we found such material while
“monitoring” the system, that was a different story.

Though I don't support violating security policies, I do support
privacy of employees.  I believe another way to protect ones
privacy might be to surf from an anonymizer. 

Here are some free ones:

More here –> http://anoniem-surfen.eigenstart.nl/
Check out Effs Tor –> http://tor.eff.org/

read more | digg story

Strategies and how to get directly connected to someone with a pulse instead of listening to a damn recording at most major companies. Very interesting and helpful.

read more | digg story

Watch the Video from Call For Help when Leo talks to Steve Gibson about how to take down the entire Internet due to the weak and vulnerable DNS system and root servers. This is an amazing segment!

read more | digg story

Markus Ranum’s popular “6 Dumbest Ideas in Computer Security” is apparently accepted by many. I agree with a couple of his points, but have serious issues on the others.

Here is what Mark had to say in a nutshell:

1) Default Permit –

Allow everything except bad processes and/or users.

I Agree.

There is a lot of this going around and it is dumb. And I say its dumb in total humility, we all do dumb things from time to time. With Windows XP service pack 2, which is basically a firewall implemented on top of the OS and though it is not perfect, I believe that more people are beginning to see the importance of DENY ALL.

2) Enumerating Badness

Listing a concentrating on the thousands of malware as opposed to concentrating on accounting for the legitimate software and getting rid of the rest. It’s a ploy by the man to keep security corporations afloat.

I Agree and Disagree with this.

I agree that it is important to have accountability for what is going great on your system and running as it should. You should know and maintain your “known good” baseline configuration. But it is like protecting your home. Shouldn’t you know what recent rash of crimes are going on in your neighborhood?

Shouldn’t you keep note of those crimes and have a method or practice of protecting yourself. Although it is impractical to seek out every possible type of attack a criminal will use against your home, you should at least have protection against the MOST LIKELY methods that might be used against your home. I believe that being aware of some of the most possible known threats to your system and taking action is like personal insurance.

3) Penetrate and Patch –

Systems should be designed better so they don’t have to be patched.

WTF (What the f*#@!!)

Of course systems should be designed better… and humans should be designed so that we don’t go to war! And there shouldn’t be hunger anywhere on planet earth. Could have, Should have, would have. In a perfect world, I.E. WOULD HAVE been ABORTED. But Internet Explorer was released to all and controlled 95% of the browser for years. Mark, there are systems that need patches. Security isn’t just proactive its reactive. I understand and agree with what you are saying but in the real world millions of people by millions of badly designed and even hazardous products.

4) Hacking is Cool

Mark insists that saying “hacking is cool” or having popular series of “hack” books (i.e. Google Hacks, Mind Hacks) is glorifying criminals.

I Strongly Disagree.

This is yet another example of someone ignorant of what hacking actually is.

I’ve had numerous arguments about this. I don’t care what you say Mark (or anyone else) hacking is and always will be cool. NO!… I don’t believe CRIME is not cool. Hackers are not always criminals. You would have to go to the Defcon to realize this. But Mark seems like the type that would look down his nose at Defcon and everyone there. Many of the vulnerabilities that are discovered before criminals exploit them are discovered by gray hats, hackers who actively or accidentally discover security holes. Many times these gray hats actually warn the companies and are told to sit down and shut.

Even if you did believe that every hacker is a criminal and ALL hacking is a crime, would it not make sense to know your enemy and what he/she does? Criminal Profilers must not only know the tactics of criminals they have to UNDERSTAND them. I was a cop for five years. In my experience, the best cops & investigators understood not only how and why people commit crimes but also how they try and get out of it.

Mark calls hacking “social problem.”

Even TLC (the learning channels) does not take this stance on hacking. Check out their list of the famous & Infamous hackers.

Hackers included on the TLC page:

Steve Wozniak (co-founder of Apple)

Richard Stallman (creator of GNU)

Dennis Ritchie/Ken Thompson (created UNIX)

TSutomu Shimomura (caught Kevin Mitnick)

Linus Torvalds (creator of Linux)

This is a good definition of what a hacker is:

http://en.wikipedia.org/wiki/Hacker#History

Most Information Security professionals (or those claiming to be) either completely understand what “hacking” is or do not understand it at all.

5) Educating Users

Users should be kept dumb.

I disagree.

Social Engineering is the best example of what happens when your users are blind. The biggest threat to any system is the people using them. Kevin Mitnick said, “There is no patch for stupidity.” Really funny, but I disagree the patch is Security Awareness. Check out what the folks at Security Awareness for MA PA and the Corporate clueless blog had to say. 

          6) Action is Better Than Inaction

Over all, I feel that article has a lot to give to computer security community.  Its great that there are professionals that put that much thought on what they feel  is right.