Via Email Battles: First ‘warspamming’ case reaches court.

Basically the guy (allegedly) drove around LA with a laptop looking for insecure wireless networks, then connected to them and sent spam using people’s home accounts.

The term comes from wardriving — driving around looking for unsecured networks — and warchalking — marking walls or sidewalks to indicate the presence, type and speed of the networks found. Early wardrivers discovered that Pringles cans make good amplifiers.

Further etymology: according to the Jargon File, war-driving is a play on war dialer. War dialers were programs that would call up a series of phone numbers looking for modems, faxes, or other phone-based systems it might be able to crack into. And that term started out as wargames dialer, a reference to the film War Games. (Whew!)

It turns out that warspamming is older than I thought: the term was coined two years ago, though this is the first case to go to trial. The defendant is being tried under CAN-SPAM, which went into effect this past January.

An interesting statement from the article:

If Tombros is convicted or pleads guilty then warspamming — also known as drive-by spamming — will move from being just a theoretical possibility to a genuine threat.

What, so in the two years since someone came up with the idea, no one has ever seen it done? And we have to wait for a conviction to determine whether it’s happened now? We don’t need to wait for a trial to know that spammers — an annoyingly resourceful lot — are using thousands of virus- and spyware-infested home computers as zombies. Warspamming doesn’t even require programming skills (or ties to virus writers — although I understand access to already-compromised networks has become a brisk business on the black market.) Surely someone has logs to show that it’s been done.

Update October 4: The defendant was convicted. Apparently, this is the first conviction obtained under CAN-SPAM. (via The War on Spam)

When I worked at a computer lab in college, the main security focus was preventing lab visitors from screwing around too much with the computers. We just ran Windows NT and locked it down as hard as possible. The worst network-based threat I remember facing was WinNuke, and that was just as likely to be another lab tech. Some of the early email viruses started circulating while I was there, but since it was a public lab, we didn’t provide any email programs; people would telnet into the mail server and use Pine. (This was pre-Hotmail, too.)

In my wired-for-ethernet campus housing, however, all bets were off. I watched people remotely controlling each others’ computers as pranks, or discovering hackers had gotten onto their systems from halfway across the planet, and figured it was safer to use Linux most of the time. This actually got me in trouble with the network admin at one point, who decided I must be running a server and shut off my port. It did at least teach me to disable services that were turned on by default, though I saw no indication that anything on there was actually being abused.*

Firewalled

Then there were firewalled environments. Still back in college, we rigged up my parents’ house for a home network. My brother put together a Linux box to dial into the Internet and act as a gateway, and effectively everything inside the network was safe from direct attacks. No point in internal firewalls, and since everyone was savvy enough to avoid the really nasty stuff (which was easier at the time), virus scanners were only a precaution, rather than a necessity.

For the past few years I’ve mainly worked with Continue reading

I should’ve written this up when we bought it, but there are two main reasons I went with the Netgear WGT624 router over another brand with similar features.

First: familiarity. Since I hadn’t researched specific models, I wanted a brand I knew or had used before. This meant Netgear, Linksys, or Belkin.

Belkin was out of the question. In fact, I was muttering about how I’d never buy a Belkin router, when I was approached by a Belkin representative who proceeded to explain about how much better their product was than any of the others. The problem is that Belkin lost my trust last year when they set their routers to redirect web requests to their own advertisement page. (Basically one every eight hours until you bought the filtering service or clicked on an opt-out link on that web page). Aside from the annoyance factor, there’s a lot of web traffic that isn’t actually trying to load a web page. It could be your antivirus program trying to download new definitions, or your news reader updating an RSS or Atom feed. It could be Windows Update. Sure, they eventually disabled the “feature”, but come on!

So at that point it basically a toss-up between Netgear and Linksys. The Netgear packaging was more focused on the networking capabilities, and the Linksys packaging was more focused on the parental controls, so I went with the Netgear.

I just came across an article on non-password authentication that refers back to an April 2004 survey of office workers which found that “71% were willing to part with their password for a chocolate bar.”

Wow. I know they say everyone has their price, but this is ridiculous.

It reminds me of the comic book Underworld Unleashed, in which a demon approached various DC villains offering to give them enhanced powers in exchange for their souls. The Joker sold his soul in exchange for… a box of cigars. “They’re cubans!” he explained.

Another good one: “I work in a financial call centre, our password changes daily, but I do not have a problem remembering it as it is written on the board so that every one can see it.”

Un. be. lievable.