[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: TMDA and other challenge-response systems considered harmful

"Monique Y. Mudama" <spam@bounceswoosh.org> said on Wed, 2 Jun 2004 09:24:20 -0600:
> On 2004-06-02, Tim Connors penned:
> >
> > If challenge response ever becomes ubiquitous, then spammers will
> > trivially be able to verify the responses without providing their own
> > email address. They will simply do what the currently do - open up
> > millions of backdoors on cracked computers, go through the address
> > books to look for email addresses, then send using a From: of the
> > current computer. An MTA running via the backdoor will pick up an CR
> > attempts, respond to them, and voila, send spam to a verified email
> > address.
> >
> 
> At least that method of circumvention is a serious legal offense ...

Spammers already break so many laws[1] that if if was easy to catch
them (and it is[2]), something would be done about them, if law
enforcement cared at all.

[1] In Australia, the standard banner when logging in is:
          ***** This service is for authorised clients only *****     

****************************************************************************
* WARNING:      It is a criminal offence to:                               *
*               i. Obtain access to data without authority                 *
*                       (Penalty 2 years imprisonment)                     *
*               ii Damage, delete, alter or insert data without authority  *
*                       (Penalty 10 years imprisonment)                    *
****************************************************************************

These laws has been used successfully against someone who broke into a
series of supercomputers last year. It is well documented that
spammers break into millions of computers via virii, and use said
resources illegally. Each one of those millions of offenses gains you
2 to 10 years depending on what they do. Then there's the trade
practices acts (most of the wares they sell most certainly wouldn't be
approved for selling by legitimate means), the securities laws (for
the pump and dump schemes), etc.

[2] We all know the address and identity of Alan Ralsky. Why do law
enforcement follow up on this? Because they couldn't give a flying
fsck[3]?

[3] And this I don't understand. In America, isn't money everything? 
Isn't also big business losing tens of billions per year to spam? Why
don't they care enough to apply laws that are already in place?


-- 
TimC -- http://astronomy.swin.edu.au/staff/tconnors/
Error: Furry Pointer Exception
Reply to: