This Blog Is Not For Reading

A blog, just like any blog, only more so

  • Subscribe

  • Categories

  • RSS Bob Jonkman’s Microblog

    • bobjonkman repeated a notice by lnxw48a1 31 January 2021
      RT @lnxw48a1 @geniusmusing Yeah. :-( I think the #blockwars folks may have indirectly caused this. There are people who file complaints against client apps that don’t build in blocklists against specific servers whose moderation policies they dislike. I think that #Matrix / #Element competes with one or more Google-owned chat-type services. Since they gatekeep the […]
    • Favorite 31 January 2021
      bobjonkman favorited something by lnxw48a1: @geniusmusing Yeah. :-( I think the #blockwars folks may have indirectly caused this. There are people who file complaints against client apps that don’t build in blocklists against specific servers whose moderation policies they dislike. I think that #Matrix / #Element competes with one or more Google-owned chat-type services. Since […]
    • New note by bobjonkman 30 January 2021
      And I can't figure out how to connect to a particular server. The #Patchwork #SSB client I'm using has a "+ Join Server" field, but it requires an invitation code. Which I can't generate unless I have a pub server. Which I can't join until I have an invitation code... Sigh. #SSB: Concept: A+ ; […]
    • New note by bobjonkman 29 January 2021
      I was on #SSB Secure Scuttlebutt for a while (attended an #SSB seminar at last year's LibrePlanet conference), but the application was so resource intense that my laptop couldn't keep up. And, there wasn't the network effect I needed to make it useful. While there are probably interesting people to converse with, I have no […]
    • New note by bobjonkman 23 January 2021
      Oh, hang on. It's @joeyh who reveals the inadequacy of #journalism. Not the article author, @Jonemo@twitter.com #ReadingComprehension
    • New note by bobjonkman 23 January 2021
      @lnxw48a1 writes "In this post, Joey H. accidentally reveals a major reason why #news_media / #journalism is so bad today." This didn't leap out at me. Is it because good, in-depth reporting requires A LOT of research and hard work, and that modern journalism is adequately rewarded by re-Tweeted sound bites?
    • New note by bobjonkman 23 January 2021
      What an excellent #LongRead article! "Exploring the Supply Chain of the Pfizer/BioNTech and Moderna COVID-19 vaccines" https://blog.jonasneubert.com/2021/01/10/exploring-the-supply-chain-of-the-pfizer-biontech-and-moderna-covid-19-vaccines/
    • bobjonkman repeated a notice by lnxw48a1 23 January 2021
      RT @lnxw48a1 Explaining the supply chain of Pfizer & Moderna #COVID-19 vaccines: https://nu.federati.net/url/279451 Source: https://octodon.social/@joeyh/105606567412940936 #2019-nCoV | #coronavirus | #SARS-CoV-2 In this post, Joey H. accidentally reveals a major reason why #news_media / #journalism is so bad today.
    • Favorite 23 January 2021
      bobjonkman favorited something by lnxw48a1: Explaining the supply chain of Pfizer & Moderna #COVID-19 vaccines: https://nu.federati.net/url/279451 Source: https://octodon.social/@joeyh/105606567412940936 #2019-nCoV | #coronavirus | #SARS-CoV-2 In this post, Joey H. accidentally reveals a major reason why #news_media / #journalism is so bad today.
    • New note by bobjonkman 22 January 2021
      That was much better than I expected it to be. Covers the spectrum of opinions of several #ITSec professionals, and does not strike an alarmist note. Sadly, somewhat devoid of practical advice, tho. https://www.hipaajournal.com/hipaa-password-requirements/

Archive for November, 2009

Blacklists considered harmful

Posted by Bob Jonkman on 19th November 2009

The black hole that sucks up Internet Addresses

The black hole that sucks up Internet Addresses

BoingBoing points me to a Security Fix article by Brian Krebs called A year later: A look back at McColo on the after-effects of Real-time Blacklists (RBLs) that targeted formerly undesirable IP addresses:

The Internet community typically shuns networks known to harbor spammers and organizations that host malicious software and other nastiness, usually by including their numeric Internet addresses on “blocklists”. Many organizations configure their e-mail servers to reject messages from addresses included on one or more of these blocklists. A heavily blocklisted network quickly becomes unattractive to legitimate businesses, since any e-mail sent out of that network will most likely be refused by the intended recipients.

“The problem is once an address block gets so polluted and absorbed into all these blocklists, it’s difficult to get off all of them because there is no central blocking authority,” said Paul Ferguson, an advanced threat researcher at Trend Micro.

(“Blocklist” is a less pejorative term for “Blacklist”)

The problem is not with the (formerly) malicious site, nor with the keepers of the blacklists, or even the lack of a central blocking authority. The problem is with e-mail server admins or firewall admins who let some unpaid, unaccountable blacklist censor their incoming mail or access to Web pages.

A blacklist should be just one of the criteria used to weight the probability that an incoming e-mail message is spam, or that an http stream contains malware. When I use a blacklist I’ll take into account the blacklist’s opinion of an IP source, but I don’t want a blacklist deciding what I can or can’t receive.

It’s far more reliable to actually examine the content stream for spam or malware instead of relying on a third-party’s opinion of an IP address. Yes, this increases the transaction cost for managing spam and malware, but as these blacklist IP address areas increase there’s an ever greater chance of false positives.

Are you using blacklists? Still think they’re a good idea? Wait until your blacklist gets compromised. An attacker takes control of a blacklist, but doesn’t interfere with its regular operations. Instead, it selectively adds and removes addresses. What better way to impose a DoS attack than maliciously subscribing your target to a well-known blacklist? In fact, for the long con I can see an attacker setting up a blacklist site, and spending a year or two building a reputation. As long as system admins rely completely on that blacklist to block certain IP addresses, those system admins are vulnerable to the whims of the blacklist operator.

I also wrote about the role of blacklists in Blocking Port 25 Considered Harmful, just under a year ago.

–Bob.

(Flickr image “Black Hole” by he who shall used under creative commons license)

Posted in considered harmful, dnsbl | Comments Off on Blacklists considered harmful

Deep Packet Inspection considered harmful

Posted by Bob Jonkman on 13th November 2009

Ripe for Deep Packet Inspection

Ripe for Deep Packet Inspection

Michael Geist points us to a Sandvine report analyzing global broadband traffic.

Far more interesting than the data presented by Sandvine is the fact that Sandvine has any data to present at all. How did they get this stuff? Did they buy it from Bell and Rogers? Does their throttling equipment phone home? I don’t recall giving them permission to use my data.

They claim they’re not looking at data content. Maybe that’s true, maybe it’s not. But they’ve inspected deeply enough to know that we use more streaming applications than P2P, and more Bittorrent than Gnutella. As any data analyst knows, traffic analysis of data patterns gives as much information as the data itself. Why are they allowed to gather any of this data at all? None of their business what I use on my computer.

I’m sure Sandvine is making a hefty buck selling this report, or at least using it as evidence to sell more of their DPI equipment. They’re profiting from the the data that I didn’t give them permission to use. I think the Privacy Commissioner may want to look into this.

–Bob.

Posted in considered harmful, Deep Packet Inspection, privacy | Comments Off on Deep Packet Inspection considered harmful

 
Better Tag Cloud