Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Anatomy of an Attempted Malware Scam

samzenpus posted about 4 years ago | from the dial-M-for-malware dept.

Advertising 139

Dynamoo writes "Malicious advertisements are getting more and more common as the Bad Guys try to use reputable ad networks to spread malware. Julia Casale-Amorim of Casale Media details the lengths that some fake companies will go to to convince ad networks to take the bait."

cancel ×

139 comments

Sorry! There are no comments related to the filter you selected.

127.0.0.1 for Casale (4, Insightful)

ScottCooperDotNet (929575) | about 4 years ago | (#33147212)

They've been on my HOSTS block for years, ever since one of those annoying GIF popups damn near gave me a seizure bouncing in its frame. Have they improved since?

Re:127.0.0.1 for Casale (-1, Troll)

Anonymous Coward | about 4 years ago | (#33147246)

Shut the fuck up you dumb cracka before I stick my 10 inch nigga dick up yo ass.

Re:127.0.0.1 for Casale (-1, Offtopic)

Aphoxema (1088507) | about 4 years ago | (#33149926)

Shut the fuck up you dumb cracka before I stick my 10 inch nigga dick up yo ass.

I swear with all the intelligent and creative people on /. this has to be some kind of... encrypted message or anagram or something. I just can't figure it out though, I must just not be up to par with the rest of the crowd. Curse me and my stupid brain!

Re:127.0.0.1 for Casale (3, Informative)

Anonymous Coward | about 4 years ago | (#33147262)

Better to use 0.0.0.0 - since it's a real invalid IP, connecting to it fails instantly, while a program trying to connect to 127.0.0.1 will take a while before giving up.

Good point on "loopback operations" AC (-1, Redundant)

Anonymous Coward | about 4 years ago | (#33147354)

"Better to use 0.0.0.0 - since it's a real invalid IP, connecting to it fails instantly, while a program trying to connect to 127.0.0.1 will take a while before giving up." - by Anonymous Coward on Thursday August 05, @02:01AM (#33147262)

Good point on the 127.0.0.1 "loopback adapter" address having to go thru "loopback operations" (which are indeed, slower), fellow AC (per my subject-line above), and there's more too: See here, I cover it (speed & efficiency gains on loads/reloads + parsing of HOSTS files using 0.0.0.0 (or even 0 on SOME OS')) -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33147274

There's MANY benefits & gains in the usage of a custom HOSTS file period vs. say, browser addons (specific to certain browsers only usually, if not always) for the purposes of protection and speedup of your websurfing online.

(That's since blocking banners yields more speed alone, & you can even "hardcode in" your fav. sites to go to them even FASTER than normal by avoiding DNS lookups (DNS servers are compromisable (see Dan Kaminsky on this) & can also go down too)!

APK

Re:Good point on "loopback operations" AC (0, Interesting)

Anonymous Coward | about 4 years ago | (#33148586)

Jesus Fucking CHRIST APK, do you have to pop up every time there's an article about hosts files?

Why do you have such a fucking hard-on for them anyway? Why can't you just get an account so we can fucking block your whining, retarded drivel?

Re:Good point on "loopback operations" AC (1)

Abstrackt (609015) | about 4 years ago | (#33150296)

Why can't you just get an account so we can fucking block your whining, retarded drivel?

You may have answered your own question.

Re:127.0.0.1 for Casale (1, Interesting)

Anonymous Coward | about 4 years ago | (#33148250)

Your firewall is misconfigured. Dropping instead of denying is a shitty default policy.

Re:127.0.0.1 for Casale (1)

cynyr (703126) | about 4 years ago | (#33150910)

but DENY lets the remote know you do exist, where as DROP makes you a black hole. I prefer TARPIT myself, but thats reserved for the throttling rules of things like my ssh blocker, and such.

Re:127.0.0.1 for Casale (0)

Anonymous Coward | about 4 years ago | (#33150794)

not on windows.

which I was trying to argue with apk but his hears are filled with self importance so he can't hear any points against his 600MB host file

Re:127.0.0.1 for Casale (1)

TheLink (130905) | about 4 years ago | (#33151706)

If the sites you visit are mostly http, you could run your own webserver on port 80 and serve up ads you want.

Like reminders to not surf so much ;).

Anyway, on one fine April 1st, I configured a webproxy to show the company's logo instead of some ads. I didn't get fired for that, hardly anyone noticed. I think I did save some bandwidth.

Good Job Scott... apk (0, Interesting)

Anonymous Coward | about 4 years ago | (#33147274)

"They've been on my HOSTS block for years, ever since one of those annoying GIF popups damn near gave me a seizure bouncing in its frame. Have they improved since? - by ScottCooperDotNet (929575) on Thursday August 05, @01:52AM (#33147212)

Good man, & same here: Mod ScottCooperDotNet up, because he knows what he's doing in using HOSTS files!

I say that because custom HOSTS files (especially for defense) are great stuff.

I.E./E.G.-> HOSTS files cover any and ALL "WebBound apps", unlike browser addons which are centered on specific webbrowser programs only. This means external email progs. for example, like Outlook/Outlook Express, are covered as well vs. HTML based email attacks etc./et al...

1 piece of advice though Scott - use 0.0.0.0 as your blocking address because it's smaller than 127.0.0.1, so it reads up from disk faster and thus inits itself quicker into memory, and yet it works the SAME as 127.0.0.1 for the same valuable blocking function vs. known bad sites/servers/hostnames-domainnames - on Windows VISTA/Server 2008/7, 0.0.0.0 is the most efficient blocking address you can utilize in fact for that purpose...

(Also on this account? IF you use Windows 2000, XP, or Server 2003?? You can do that even 1 better, by using 0 (vs. 0.0.0.0 & especially 127.0.0.1 & for the same reasons - better speed & efficiency of loads/reloads of your HOSTS file)).

APK

Re:Good Job Scott... apk (4, Informative)

agrif (960591) | about 4 years ago | (#33147664)

Good post, but for the record...

Using "0.0.0.0" instead of "127.0.0.1" is not more efficient because of size. There's only 2 bytes difference between the two; if your computer has a noticeable speedup just because it's reading 2 bytes less per HOSTS entry, you have way too many entries and probably more important problems.

The speedup, as pointed out by a different reply [slashdot.org] to GP, is because "0.0.0.0" is widely recognized as an invalid IP address, and just about every operating system will immediately fail if you try to connect to it. Using simply "127.0.0.1", the connect call has to go through the local loopback interface, and actually tries a connection, which adds up if you're accessing a lot of places at once (such as on a web page). The problem is even worse when the computer you're on is actually running something on port 80, in which case an actual connection is made, then fails, taking up more time. Or even worse: the connection times out!

Using "0.0.0.0" is good advice; I just wanted to make sure your reasons for using it are valid.

I did cover loopback ops (-1, Redundant)

Anonymous Coward | about 4 years ago | (#33147750)

"Using "0.0.0.0" instead of "127.0.0.1" is not more efficient because of size. There's only 2 bytes difference between the two; if your computer has a noticeable speedup just because it's reading 2 bytes less per HOSTS entry, you have way too many entries and probably more important problems." - by agrif (960591) on Thursday August 05, @04:13AM (#33147664) Homepage

Are you trying to tell us that reading MORE bytes is not slower than reading less bytes, line per line in a HOSTS files while it's parsed for loading? I have to say that I "beg to differ" on that account, & I'll let others judge on that account also, on line by line reads for parsing & loading HOSTS files.

See, I know this, because I've actually timed loads into list boxes on this account in a program I wrote to remove duplicated entries in HOSTS files and to alphabetize the entries afterwards also. While profiling this using timers, there was a difference between loading HOSTS files & their record entries when using 0.0.0.0 (faster) vs. 127.0.0.1 (slower) and even larger differences on Windows 2000/XP/Server 2003 where you can STILL USE 0 (vs. 0.0.0.0 or 127.0.0.1) as a blocking "ip address" in a HOSTS files (whereas you cannot in VISTA/Server 2008/Windows 7).

"Using "0.0.0.0" is good advice; I just wanted to make sure your reasons for using it are valid." - by agrif (960591) on Thursday August 05, @04:13AM (#33147664) Homepage

My reasoning here, in BOTH of my posts? Are QUITE valid, and even TESTED via programming using timers for profiling my procs in fact, see above!

Also/By the way: In my other post here that predates yours here -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33147354 [slashdot.org]

?

There I covered, IN DETAIL, why using the 127.0.0.1 loopback adapter address is slower on the other account too: Because it incurs the loopback operation.

APK

P.S.=> All in all, thanks for the compliments & what-not but... Please read CLOSER &/or FURTHER next time... apk

Re:I did cover loopback ops (0)

Anonymous Coward | about 4 years ago | (#33147988)

windows doesn't have a loopback adapter, just to say. you have to install it or operation will be done in memory only

127.0.0.1 = loopback adapter address (0)

Anonymous Coward | about 4 years ago | (#33148038)

http://wiki.answers.com/Q/What_is_a_computer's_loopback_IP_address [answers.com]

(Look there, you'll see it's been answered as 127.0.0.1, as was stated in my init. posts here also (that 127.0.0.1 is the loopback adapter address)

This also backs it as well:

"127.0.0.1 is the loopback adapter address present in every TCP/IP-enabled computer which causes the computer to refer to itself without knowledge of its own name or address"

(Pertinent Quote above is from here -> http://www.linuxsecurity.com/content/view/112264/ [linuxsecurity.com] in fact).

Heck, I suppose you can check the RFC's themselves even to further verify this, but I think that attempting to further "nitpick" my points on this will be fruitless on your parts guys (I've been into this area since the mid 1980's really on *NIX systems, & put up a lot about it for PC users since, oh, 1996-1997 or so, online on forums etc.)

APK

Re:127.0.0.1 = loopback adapter address (0)

Anonymous Coward | about 4 years ago | (#33148048)

you know why wireshark can intercept loopback traffic on windows?

because by design windows doesn't provide a compatible loopback system, insisting on doing it in memory for performance reason.

hey, for being an expert, you suck.

however, you can install it to become standard if that suits your need:
http://www.windowsreference.com/windows-7/how-to-install-a-loopback-adapter-in-windows-7/

but don't let facts get into the way of your 'expertise'

I only said 127.0.0.1 = loopback adapter addy (-1, Redundant)

Anonymous Coward | about 4 years ago | (#33148088)

See my subject above: And, so did others in my sources as well...

"you know why wireshark can intercept loopback traffic on windows? because by design windows doesn't provide a compatible loopback system, insisting on doing it in memory for performance reason. hey, for being an expert, you suck. however, you can install it to become standard if that suits your need: http://www.windowsreference.com/windows-7/how-to-install-a-loopback-adapter-in-windows-7/ [windowsreference.com]
but don't let facts get into the way of your 'expertise'"
- by Anonymous Coward on Thursday August 05, @06:04AM (#33148048)

First of all, yes, I know that. Secondly: Care to show us where I said it wasn't done in memory OR by hardware? I never said it, but I still challenge you to show where I said either thing. So, that all "said & aside":

Care to show us I stated ANY different or about anything else on that account here, or that I stated anything about a hardware based loopback adapter?

Fact is, you brought that up, not I... & not that it matters here at all. I only stated what others I used as my facts & sources stated, & that's that 127.0.0.1 = the loopback adapter address.

All you have now is your foot in your mouth in attempting to cover the fact that either you cannot read, or that you skim badly alongside your name tossing ad hominem attacks (out of your frustration in your own screwup which anyone is free to see in your posts vs. mine, as it's all written here in plain black & white by us both!)

APK

P.S.=> Above all else? Well, based on the evidences I used, all fact based?? I think you should learn to read before you attempt to put words into others' mouths & to troll or nitpick them, because your performance was terrible in doing so... apk

Re:I only said 127.0.0.1 = loopback adapter addy (0)

Anonymous Coward | about 4 years ago | (#33148128)

sorry, you want so much being right by adding word on words but that is not changing the fact that using 0.0.0.0 won't save you from the loopback speed penalty on windows because there is no speed penalty on windows because there is no loopback tcp/ip excange on windows, because in violation of the rfc it's all done in memory jumping all the holes.

Re:I only said 127.0.0.1 = loopback adapter addy (-1, Redundant)

Anonymous Coward | about 4 years ago | (#33148224)

"using 0.0.0.0 won't save you from the loopback speed penalty on windows because there is no speed penalty on windows" - by Anonymous Coward on Thursday August 05, @06:25AM (#33148128)

Are you high? First of all: Having to perform a loopback operation adds overheads, no matter how you slice it OR where it's done. Having to do a loopback operation is more work, vs. not having to do any at all.

Secondly, as I initially stated, using 0.0.0.0 (or better yet where it's still possible on Windows VISTA/Server 2008/7) in VISTA/Server 2008/7 is smaller per line than using 127.0.0.1 on each line in a hosts file, and therefore, is faster to parse since it is smaller. Again, faster due to LESS WORK DONE!

Lastly - In fact, IF you like? b>Look up a user here named FOREDECKER. He's a senior manager at Microsoft who had to concede that very fact to me when I asked him WHY MICROSOFT REMOVED THE ABILITY TO USE 0 in A HOSTS FILE AS A VALID IP ADDRESS FOR BLOCKING OUT KNOWN BAD HOSTSNAMES/DOMAINNAMES IN VISTA (after the 12/09/2008 "Patch Tuesday") AND ALSO IN WINDOWS SERVER 2008 and WINDOWS 7 (where you may still use 0.0.0.0 in lieu of the longer & slower 127.0.0.1), whereas 0 still works in Windows 2000/XP/Server 2003 for blocking out known bad sites/servers etc./et al.

Keep up your non-sequitur nitpicking, but when I challenged you to find that I said anything other than "127.0.0.1 = the loopback adapter address" as did my factual sources? You run like a dog with a tail between your legs on that account!

Uhm, also see my subject-line, and read my P.S. below also...

APK

P.S.=> Still, the REAL "bottom-line" here remains that ALL I EVER STATED WAS THE 127.0.0.1 IS THE LOOPBACK ADAPTER ADDRESS, that's all (and that yes, I also noted it works for blocking out known bad servers, but also that using 0.0.0.0 is faster because it is smaller line by line in a HOSTS files and has no "overheads" in loopback ops, which agrif also noted here in this exchange as well -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33147664 [slashdot.org] & he was rated up +3 INTERESTING as well for it)... apk

I'm righter than you (3, Informative)

Anonymous Coward | about 4 years ago | (#33148252)

I've been told it's weird when ACs try so hard. Also futile.

So disregard everything I said, I suck cocks.

APK

Re:I'm righter than you (1)

beerbear (1289124) | about 4 years ago | (#33148404)

Obvious impersonating. Way too few funky characters.

Impersonating me? Poor job! (-1, Troll)

Anonymous Coward | about 4 years ago | (#33148504)

"I've been told it's weird when ACs try so hard. Also futile.

So disregard everything I said, I suck cocks.

APK - by Anonymous Coward on Thursday August 05, @06:53AM (#33148252)

Reduced to attempting to IMPERSONATE me? Not a first here (or elsewhere online either): It's one of the "key indicators" you have a troll on the ropes as well as on the run... & it's right up there with the usual from trolls in ad hominem attacks, or spelling and grammar checks (where there is no "english lit/grammar/spelling" section of this forums, & on tech topics).

APK

P.S.=> Even others (as registered users in beerbear) here also do realize you're a lowly troll impersonating me here, see here -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33148404 , so you can give up now troll... apk

Re:Impersonating me? Poor job! (0)

Anonymous Coward | about 4 years ago | (#33149068)

It wasn't an attempt to impersonate you but to underline the silliness of you signing your AC posts, arguing back and forth, linking other AC posts ffs, and trying so very, very hard to appear right.

I have to admit, though, you getting all huffy about it is just golden and ridiculing you much more effectively than I could hope to achieve.

Wrong AGAIN (-1, Troll)

Anonymous Coward | about 4 years ago | (#33149194)

"I have to admit, though, you getting all huffy about it is just golden and ridiculing you much more effectively than I could hope to achieve." - by Anonymous Coward writes: on Thursday August 05, @01:14PM (#33149068)

I know what you are wrongly implying but you are CLEARLY WRONG (I've done MUCH BETTER than that): see here -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33148088 [slashdot.org] , & here -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33147750 [slashdot.org] , & also here -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33148088 [slashdot.org] !

You are just wrong & I am RIGHT. The earlier you see that the earlier I can get back to what I do when I'm not educating TR0LLS like you.

APK

P.S.=> What's wrong with sucking cocks anyway... apk

Impersonating me a 2nd time troll? (-1, Troll)

Anonymous Coward | about 4 years ago | (#33149260)

LMAO, that 2nd impersonation of myself again on your part above's pretty poor, as I am not a homosexual (so, sorry to disappoint you), and it's your 2nd time trying impersonating me no less out of your being frustrated into doing so because you don't know enough comp. sci. to punch your way out of a wet paper bag.

I mean, lmao: First time you impersonated me here, others knew it also -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33148504 [slashdot.org] so, give up already troll... you LOSE/FAIL, as per usual, vs. myself!

APK

P.S.=> Go get a degree in CSC & make something of yourself troll, instead of wasting your life trolling others here... you aren't very good at it, based on your trolling performance here in ad hominem attacks on myself rather than attacking my tech points, your name tossing, impersonating me, and making it VERY simple for me to disprove your WEAK "so-called tech know-how", & with EASE on that latter note all thru this exchange... ah, as per usual? "too, Too, TOO EASY" for me, vs. you (TOO easy)... apk

Re:Impersonating me a 2nd time troll? (0)

Anonymous Coward | about 4 years ago | (#33149678)

you DO realize you're not talking to _one_ AC?

you're so full of self importance that you may be leaking, check under your chair before filling your mom basement

p.s. I'm the original one. and I'm still convinced that talking to loopback in windows has no penalty over not resolving 0.0.0.0 because there is no such thing as the tcp/ip overhead you talk about

but hey you were the one making out with a microsoft vice senior hiper managerTO so your word is bold (haha got the pun about the bold abuse?)

Stop impersonating ACs or I call the CSCAC cops! (0)

Anonymous Coward | about 4 years ago | (#33149886)

I'm not sure who's trolling whom anymore, so I'll stop. If you're not trolling, get help.

APK

P.S.=> Seriously.

Re:I'm righter than you (1)

operagost (62405) | about 4 years ago | (#33150504)

Bash.org [bash.org] FTW.

Re:I did cover loopback ops (0)

Anonymous Coward | about 4 years ago | (#33148152)

All that was said was that 127.0.0.1 is the loopback adapter address used by Windows (and other Operating Systems that have an IP stack based on the BSD reference design model). That much is correct, so where are you coming from now with facts we already knew about that are actually quite useless here on the use of 127.0.0.1 in a hosts file (since installing a loopback adapter ware is really not required for the usage of either 127.0.0.1 or 0.0.0.0 or even 0 in some cases to work as a blocking method for known bad hosts names in a hosts file?). Your posts makes no sense and is actually quite non-sequitur really.

Re:I did cover loopback ops (2, Informative)

agrif (960591) | about 4 years ago | (#33148240)

Yes, I am aware that reading more data from the disk is slower. However, I would like to point out that the time it takes to read an additional two (or even eight) sequential bytes off the disk is insignificant compared to the potential time wasted in a timeout.

Using "0.0.0.0" is more efficient, but not because of the primary reason you listed, even if that is a contributing factor. It's like saying that the water is boiling faster because the air is drier, but not mentioning that you turned up the burner.

I was not aware of your other post, and I apologize for the redundancy.

Thanks, & see URL @ bottom of this reply (-1, Troll)

Anonymous Coward | about 4 years ago | (#33148468)

"Yes, I am aware that reading more data from the disk is slower. " - by agrif (960591) on Thursday August 05, @06:52AM (#33148240) Homepage

Good, so you concede my point that a "larger-per-line" in bytes per line entries in HOSTS files' record entries takes longer in using 127.0.0.1, especially vs. 0.0.0.0, and even moreso especially vs 0 (which is still useable in Windows 2000/XP/Server 2003 from the "Microsoft side of things" at least)

----

"However, I would like to point out that the time it takes to read an additional two (or even eight) sequential bytes off the disk is insignificant compared to the potential time wasted in a timeout." - by agrif (960591) on Thursday August 05, @06:52AM (#33148240) Homepage

Not in a HOSTS file like mine, OR ANY REALLY (because "less IS truly more" in this case, & larger amounts of characters to parse just plain takes more time period in ANY SIZED FILE in line by line reads).

Heck, on this very note & on this very site (and MS site's too?)? Well - I even questioned a Microsoft Senior Manager on this, a user here named Foredecker on this website (he's the head of Windows Client Performance Division) & he had to concede I am correct on it in fact.

If you like?

Ask him yourself if you wish (even though he "battled to the death" with me on that account here and in his blogs) as well as S. Sinofsky, head of Windows development here http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx?CommentPosted=true#commentmessage & no one can dispute the fact, since they had to concede it to me as well, as you now have.

Using a smaller line per line format while parsing HOSTS files isn't insignificant, & especially not insignificant in a HOSTS file like mine (which I've been building since 1997 for public consumption by others in fact) which has well over 875,000 or so entries of known bad sites/servers' domain-hosts names in it from many reputable sources such as those noted here ->

Spybot Search & Destroy

+

http://ddanchev.blogspot.com/
http://www.malwareurl.com/listing-urls.php?page=1&urls=off&rp=
http://www.malware.com.br/lists.shtml
http://securitylabs.websense.com/content/alerts.aspx
http://www.stopbadware.org
http://blog.fireeye.com/
http://mtc.sri.com/
http://www.scansafe.com/threat_center/threat_alerts
http://news.netcraft.com
http://www.shadowserver.org/
https://zeustracker.abuse.ch/monitor.php?filter=online
http://www.mvps.org/
http://someonewhocares.org/
http://hostsfile.mine.nu/hosts0
http://hosts-file.net/?s=Download

And others also.

Still - Fact is, there's no doubt of it, that smaller hosts files result from using 0 vs. 0.0.0.0 (& especially 127.0.0.1) as the line by line blocking method, and I've tested it myself, AND had MS' own mgt. & his boys test it...

Foredecker (MS senior mgt. & a poster here) had to concede I was correct in fact, & did so here, publicly in fact!

----

"Using "0.0.0.0" is more efficient, but not because of the primary reason you listed, even if that is a contributing factor." - by agrif (960591) on Thursday August 05, @06:52AM (#33148240) Homepage

See above, because again:

In a file the size of mine (HOSTS with near 1 million lines)? It matters... plus, I think this guy's post will interest you GREATLY in fact (he doesn't agree with you, though I do) -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33148128 He's been trolling me on the point you made in fact, & I agree with you, so I defend it.

(Give him a piece of your mind if you like. I think you will in fact, lol!)

----

"I was not aware of your other post, and I apologize for the redundancy." - by agrif (960591) on Thursday August 05, @06:52AM (#33148240) Homepage

Don't sweat it - this is how we ALL learn, & grow: BY DEBATING POINTS OF ANY KIND!

APK

P.S.=> AGAIN; DO TAKE A PEEK AT THE AC POSTS THAT ARE TROLLING ME ON YOUR VERY POINT THOUGH, HERE -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33148128 & DO GIVE HIM A PIECE OF YOUR MIND/THOUGHTS (as he is attacking that which you speak of in fact, specifically)... apk

Re:Thanks, & see URL @ bottom of this reply (0)

Anonymous Coward | about 4 years ago | (#33148620)

875,000 hosts entries? You aren't just a prick, you're a STUPID prick. Well done!

Says the troll who impersonated me, lol! (0)

Anonymous Coward | about 4 years ago | (#33148670)

"875,000 hosts entries? You aren't just a prick, you're a STUPID prick. Well done! - by Anonymous Coward
on Thursday August 05, @08:14AM (#33148620)

You're obviously the same defeated troll who impersonated me today here http://it.slashdot.org/comments.pl?sid=1743902&cid=33148504 [slashdot.org] first of all.

Secondly, I suggest you refer to some of the valid & reputable sources I use to populate my HOSTS file that I listed in the post of mine you replied to!

(I state that, simply because you obviously aren't aware of the sheer volume of known bad sites/servers/hostnames-domainnames there has been over time and currently continues to be).

Especially since you must resort to a technically challenged ad hominem based attack on myself, rather than my technical points.

APK

P.S.=> Better luck next time, troll... getting the best of you? Well, it's been, as-per-usual, "too, Too, TOO EASY!" (just TOO easy)... apk

Re:Says the troll who impersonated me, lol! (0)

Anonymous Coward | about 4 years ago | (#33148734)

I'm not the guy impersonating you, I'm just another guy who can't abide your egomaniacal postings.

Yes. You are a complete idiot. Hosts files were not meant to have 875,000 entries. Top tip [wikipedia.org] - it'll blow your tiny mind!

See my PS, back up your bluster, TROLL (-1, Flamebait)

Anonymous Coward | about 4 years ago | (#33148926)

"I'm not the guy impersonating you" - by Anonymous Coward on Thursday August 05, @08:31AM (#33148734)

Yea, "ok, SURE" (yea, right) You keep trying to attack technical points I made here and were shot down on each of them, and then, as per YOUR usual troll?? You resort to your invalid in debate methods of ad hominem attacks on myself rather than my tech points (In fact, on that VERY note? Well - See below for yet more evidence thereof below):

----

"I'm just another guy who can't abide your egomaniacal postings." - by Anonymous Coward on Thursday August 05, @08:31AM (#33148734)

Quit "projecting" for one thing, because it's OBVIOUS your fragile ego has been damaged by your own numerous technical screwups here, because your name-tossing adhominem attacks?? They're your TOO OBVIOUS "tell" on that very account! Again, per what I just stated above and here again now??? See below for more evidence thereof:

----

"Yes. You are a complete idiot." - by Anonymous Coward on Thursday August 05, @08:31AM (#33148734)

Yes, once more as I noted above? You have to use the "last resort" of the frustrated & defeated troll, in your name-tossing childish tantrum based attacks... lol, which are QUITE effete AND futile, vs. technical facts.

----

"Hosts files were not meant to have 875,000 entries." - by Anonymous Coward on Thursday August 05, @08:31AM (#33148734)

Says the troll who tried to impersonate me here -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33148504 [slashdot.org] lol!

The fact you resort to THAT, and that you need to resort to name tossing doesn't look good for you at all, as well as you having to use wikipedia too, which ANYONE can edit no less!

Plus, lol... don't you know this material yourself? Obviously not!

See, DNS servers are HIGHLY compromiseable (though lately they're implementing DNSSEC & the 13 or so DNS servers (root types) are being secured better @ least & they're not using recursive settings as much to avoid the attacks Dan Kaminsky pointed out)

DNS servers DO GO DOWN TOO, & hosts files + hardcoding your fav. addresses into them helps for speed, and dns servers going down OR being misdirected too (all per Dan Kaminsky's findings and anyone can do this in SECONDS no less) vs. all of the above, plus it speeds you up too by avoiding calling out to remote DNS servers, AND, it also makes you "proof" to DNS request log tracking of you too (bonus)).

APK

P.S.=> Above ALL else: Care to back up your last statement above with some well respected documentation, that HOSTS shouldn't be used for speeding you up AND defendind you? Somehow, I think there will be more "name-tossing" at me, or impersonating me instead.

Get me proof, of your LAST words quoted above, won't you? Get it, from say, the RFC's or the likes of Microsoft or a respected LINUX site (those were sources I USED in fact in this very exchange (& proof in something written by a CSC MS degreed or PHD degreed person stating that? You'll need it, because I have dual degrees around this science myself))... apk

Re:See my PS, back up your bluster, TROLL (0)

Anonymous Coward | about 4 years ago | (#33149036)

I was suggesting you run your own DNS server on a box you control, you fucking tool.

Why? To waste CPU/RAM & security?? (0)

Anonymous Coward | about 4 years ago | (#33149116)

"I was suggesting you run your own DNS server on a box you control, you fucking tool. - by Anonymous Coward
on Thursday August 05, @09:11AM (#33149036)

Why? Because YOU said so?? Got a PHD in CSC or even an MS?? NO??? Didn't think so on your end, lol! Secondly?

See subject-line above, and this:

http://www.google.pl/search?hl=pl&source=hp&q=%22Dan+Kaminsky%22+and+%22DNS%22&btnG=Szukaj+w+Google [google.pl]

Dan Kaminsky's findings in DNS security hassles say it all for me, on DNS server usage here!

APK

P.S.=> No thanks to YOUR suggestions, and your continual name tossing and impersonating me out of your frustration at my being able to clearly show your "so called tech know how" stinks, since I can turn it on its head easily and with respected others backing my points also? Yea, ok, "whatever YOU say" (you, the no CSC degree AC, lol!)... apk

Re:See my PS, back up your bluster, TROLL (0)

Anonymous Coward | about 4 years ago | (#33149220)

I like how you can tell which ACs are which. Here's a challenge for you: Who am I? I'll give you a hint, I'm posting as AC to avoid moderation done in this thread, but out of the top seven stories on slashdot at 9:35, EST, I have posted in exactly four of them, for a total of exactly 18 posts (not counting this one, or any other AC posts).

tl:dr as offtopic (0)

Anonymous Coward | about 4 years ago | (#33149320)

tl:dr as offtopic

Re:See my PS, back up your bluster, TROLL (1)

psm321 (450181) | about 4 years ago | (#33150284)

Dude, get mental help. And no, I am not any of the ACs posting here.

Re:Thanks, & see URL @ bottom of this reply (3, Informative)

agrif (960591) | about 4 years ago | (#33148838)

Yeah, in a file with that many entries, the extra 8 bytes per line would create a large performance hit.

I'm going to agree with the AC in a sibling thread, though: if your HOSTS file is larger than 10MB*, you're doing something with HOSTS it was never meant to do. It may be easier than setting up a proper DNS server, but it's not as efficient.

(I appreciate distributing a HOSTS file is easier than telling people how to setup a DNS server, though.)

I think if you start worrying about efficiency enough to start shaving bytes off of lines, you should consider the efficiency of loading a 10MB file instead of a proper DNS server, which can store this data more efficiently than a plain-text list.

My point stands for sane use cases. In my opinion, what you're doing is an abuse of HOSTS, even if it's a handy abuse.

* 10MB is an estimate. ~10 bytes per line * ~1 million lines

Do this math inside then... apk (-1, Troll)

Anonymous Coward | about 4 years ago | (#33149084)

"Yeah, in a file with that many entries, the extra 8 bytes per line would create a large performance hit." - by agrif (960591) on Thursday August 05, @08:49AM (#33148838) Homepage

It does in ANY file, but it merely shows itself more in larger HOSTS files (and in relatively largish HOSTS files you must turn off the local DNS client cache in Windows in fact, a bug I reported to MS years ago in fact they still have not corrected). The speed hit compounds itself the MORE line entries a HOSTS file has though.

----

I'm going to agree with the AC in a sibling thread, though: if your HOSTS file is larger than 10MB*, you're doing something with HOSTS it was never meant to do." - by agrif (960591) on Thursday August 05, @08:49AM (#33148838) Homepage

First, I'd like to see documentation of that from the RFC's or a MS or PHD in this science (I have dual degrees around this science myself in a BS CSC and CIS minor from another degree in fact)... just as I told that other AC who impersonated and ad hominem trolled me here (he also says that using 127.0.0.1 is not slower than 0.0.0.0 and like yourself? I disagree on that account due to filesize, length of line entries parsing, AND loopback operations (the latter being one we BOTH noted in fact)).

Secondly - See this:

----

RESURRECTING THE KILLFILE:

(by Mr. Oliver Day)

http://www.securityfocus.com/columnists/491 [securityfocus.com]

PERTINENT EXCERPTS/QUOTES:

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

----

Well, opinions vary, but... as you can see? A respected security researcher in Mr. Oliver Day who works for securityfocus.com agrees with me and for the same reasons I extolled here on HOSTS file usage... security and speed, are better using one.

----

"It may be easier than setting up a proper DNS server, but it's not as efficient." - by agrif (960591) on Thursday August 05, @08:49AM (#33148838) Homepage

See http://www.google.pl/search?hl=pl&source=hp&q=%22Dan+Kaminsky%22+and+%22DNS%22&btnG=Szukaj+w+Google [google.pl] on DNS servers, and their compromiseability (per Dan Kaminsky, & Moxie Marlinspike's another)... I don't rely on those alone and when I do? I use Open DNS or Scrub IT DNS, since you cannot "hardcode" the entire internet in a HOSTS file after all!

PLUS, DNS servers eat up CPU & RAM I don't need to be eating up here, when a HOSTS file and Open DNS do the trick for me rather nicely!

----

"(I appreciate distributing a HOSTS file is easier than telling people how to setup a DNS server, though.)" - by agrif (960591) on Thursday August 05, @08:49AM (#33148838) Homepage

I think they're pretty much cake personally, but to each his own... avoiding setting them into "recursive mode" is a good idea though, see the URL from GOOGLE above, on THAT very note.

----

"I think if you start worrying about efficiency enough to start shaving bytes off of lines, you should consider the efficiency of loading a 10MB file instead of a proper DNS server, which can store this data more efficiently than a plain-text list." - by agrif (960591) on Thursday August 05, @08:49AM (#33148838) Homepage

A few bytes?

My HOSTS file, using 127.0.0.1 = 27mb

Same file, using 0.0.0.0 = 18mb

Yet again, same file, albeit using 0 = 14mb

(That's NOT a "few bytes" - do the math! It's almost a 50% size savings, & smaller files read in FAR faster than larger ones do, especially 50% larger ones!)

----

"My point stands for sane use cases. In my opinion, what you're doing is an abuse of HOSTS, even if it's a handy abuse.

* 10MB is an estimate. ~10 bytes per line * ~1 million lines" - by agrif (960591) on Thursday August 05, @08:49AM (#33148838) Homepage

Again, per what I wrote above AND to the AC trolling me, adhominem attacking ME (rather than my points), and impersonating me too? Got proof from a PHD or MS in CSC backing you on that, or an RFC??

APK

Re:Do this math inside then... apk (0)

Anonymous Coward | about 4 years ago | (#33149446)

smaller files read in FAR faster than larger ones do, especially 50% larger ones!

Actually, Mr. BS CSC PHD, the file is almost 93% larger.

Re:Do this math inside then... apk (2, Interesting)

psm321 (450181) | about 4 years ago | (#33150474)

Attacking your abuse of HOSTS files is not an attack on you. Please understand that.

Now for an attack on you: How can you have a degree and yet think it's consistent to say that shaving 2 bytes per line off (going from 127.0.0.1 to 0.0.0.0) cuts a file size down by 9MB but then shaving an additional 6 bytes per line off (0.0.0.0 -> 0) cuts only 4MB?

Now I need to force myself to stop replying to this thread, I feel like I'm being drawn into this sort of situation: http://xkcd.com/386/ [xkcd.com]

Re:Do this math inside then... apk (0)

Anonymous Coward | about 4 years ago | (#33151626)

Don't fall for it. This is what APK does. He does this stream-of-conscious thing with just enough technical detail sprinkled in there to seem legitimate. When someone actually digs a bit and discovers it's all bullshit, he goes on the attack. He will then start a big copy-and-paste campaign (consisting of legitimate sources that often have very little to do with the subject at hand and previous posts from this and other message boards), stalking, and throwing around supposed achievements all in attempt to distract from the actual conversation. If you've managed to completely discredit him, he will then continue this for a period of following months.

Walk away now. This path leads to insanity.

Re:Do this math inside then... apk (0)

Anonymous Coward | about 4 years ago | (#33151752)

Don't fall for it. This is what APK does. He does this stream-of-conscious thing with just enough technical detail sprinkled in there to seem legitimate. When someone actually digs a bit and discovers it's all bullshit, he goes on the attack. He will then start a big copy-and-paste campaign (consisting of legitimate sources that often have very little to do with the subject at hand and previous posts from this and other message boards), stalking, and throwing around supposed achievements all in attempt to distract from the actual conversation. If you've managed to completely discredit him, he will then continue this for a period of following months.

Walk away now. This path leads to insanity.

Re:127.0.0.1 for Casale (0)

Anonymous Coward | about 4 years ago | (#33148818)

They created pop-up ads that deliberately circumvent Firefox's built-in pop-up blocking efforts. They've been doing it for years, and were still as of a few months ago. I can't believe a story about them made it to Slashdot. They've been in my router's hosts file for years.

ADBLOCK'S "Blockable" too, see inside... apk (-1, Troll)

Anonymous Coward | about 4 years ago | (#33149600)

In addition to what you noted? Arstechnica did that to adblock/adblock plus users:

ArsTechnica blocking Adblock?

https://adblockplus.org/forum/viewtopic.php?f=2&t=5266 [adblockplus.org]

However, they could NOT do that to HOSTS files users though!

Fact is, HOSTS files are better than adblock (especially adblock alone) on that account above alone, PLUS these also:

10 ADVANTAGES OF HOSTS FILES OVER BROWSER ADDONS ALONE, & EVEN DNS SERVERS:

http://forums.windowsforum.org/index.php?s=35faafcfc2596ff0fdd2a54a2717153b&showtopic=33716&st=60 [windowsforum.org]

1.) HOSTS files eat A LOT LESS CPU cycles than browser addons do no less (since browser addons have to parse each HTML page & tag content in them)!

2.) HOSTS files are also NOT severely LIMITED TO 1 BROWSER FAMILY ONLY... browser addons, are. HOSTS files cover & protect (for security) and speed up (all apps that are webbound) any app you have that goes to the internet (specifically the web).

3.) HOSTS files allow you to bypass DNS Server requests logs (via hardcoding your favorite sites into them to avoid not only the TIME taken roundtrip to an external DNS server, but also for avoiding those logs OR a DNS server that has been compromised (see Dan Kaminsky online, on that note)).

4.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).

5.) HOSTS files also allow you to not worry about a DNS server being compromised, or downed (if either occurs, you STILL get to sites you hardcode in a HOSTS file anyhow in EITHER case).

6.) HOSTS files are EASILY user controlled, updated and obtained (for reliable ones -> http://en.wikipedia.org/wiki/Hosts_file [wikipedia.org] "]http://en.wikipedia.org/wiki/Hosts_file[/url] OR see lists below ) & edited too, via texteditors like Windows notepad.exe or Linux nano (etc.)

7.) HOSTS files aren't as vulnerable to "bugs" either like programs/libs/extensions of that nature are, OR even DNS servers, as they are NOT code, & because of what's next too

8.) HOSTS files are also EASILY secured well, via write-protection "read-only" attributes set on them, or more radically, via ACL's even.

9.) HOSTS files are a solution which also globally extends to EVERY WEBBOUND APP YOU HAVE - NOt just a single webbrowser type (e.g. FireFox/Mozilla & its addons exemplify this, such as ADBLOCK)

10.) AND, LASTLY? SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF CAN DO (running as limited class/least privlege user, hopefully, OR even as ADMIN/ROOT/SUPERUSER)? HOSTS "LOCK IN" malware too, vs. communicating "back to mama" for orders (provided they have name servers + C&C botnet servers listed in them, blocked off in your HOSTS that is) - You might think they use a hardcoded IP, which IS possible, but generally they do not & RECYCLE domain/host names they own, & this? This stops that cold, too! Bonus...

Still, it's a GOOD idea to layer in the usage of BOTH browser addons for security like adblock, &/or NoScript (especially this one, as it covers what HOSTS files can't in javascript which is the main deliverer of MOST attacks online & SECUNIA.COM can verify this for anyone really by looking @ the past few years of attacks nowadays), for the concept of "layered security".

APK

P.S.=> The rest of this exchange covers what my naysayers attempted to say to put what's above "down", to no avail though, from here http://it.slashdot.org/comments.pl?sid=1743902&cid=33147274 [slashdot.org] on down in that/this very exchange!

(I think those of you reading here will find it quite INFORMATIVE, overall if you're interested in speeding yourself up online, as well as securing yourself better too, & from 1 simple file you already have in a HOSTS file, that covers more than adblocking browser addons do!)... apk

Re:ADBLOCK'S "Blockable" too, see inside... apk (0)

Anonymous Coward | about 4 years ago | (#33151848)

Your message is being overshadowed by your delivery of it.

It's like if I asked about the weather, and some guy went on for 20 minutes screaming about how ONLY RUBBER UMBRELLAS KEEP OUT THE RAIN WITH 99% EFFICIENCY, AND EVERYBODY ELSE IS RETARDED BECAUSE THEY DON'T HAVE 875,000 RUBBER UMBRELLAS IN THEIR BASEMENT. I would no longer care about the point he was making, even if I secretly yearned for a higher-efficiency umbrella.

I read your very first post in this topic and was mildly interested in what you had to say about the HOSTS file. That interest very quickly disappeared.

- W

google should be out of business for this.. (0)

Anonymous Coward | about 4 years ago | (#33147216)

they are not held accountable for anything, not for copyright, not for privacy issues as well. continue worshiping them and see what happens.

Bad cop, no God for you. (1)

Trivial Solutions (1724416) | about 4 years ago | (#33147290)

God says... Whereas Into killed understand Old initiated credibility Madness increase feet approve helper convict closing harmed twice perisheth triumpheth Apostolic

Re:Bad cop, no God for you. (1)

WrongSizeGlass (838941) | about 4 years ago | (#33148320)

God says... Whereas Into killed understand Old initiated credibility Madness increase feet approve helper convict closing harmed twice perisheth triumpheth Apostolic

I block tons of spam that have Subjects that are a lot like that ... but they have wavy images of pills attached. ;-)

I'm Surprized... (4, Insightful)

powerspike (729889) | about 4 years ago | (#33147300)

I read the article, and in doing reference checks in the digital age, esp when there is a large chance of fraud, that checking domain reg's etc only came in last. It's not hard to program in automatic checking, and by the sounds of it, would stop how easy this type of scam would be implemented. Also they could do reverse phone number checks etc as well. I'm quite sure if they had that information automatically populated during an application, any attempts to defraud the companies would be found out with alot less time.

Re:I'm Surprized... (5, Insightful)

adamofgreyskull (640712) | about 4 years ago | (#33147566)

I'm also suitably stupefied. All the "pink" and "red" flags that they are obviously so clever to spot, and which she spends almost the entire article talking about, are just her dancing around the elephant in the room: that she and her team are complete fucking idiots.

Seriously. The important things they learnt, consolidated in the "6 steps" at the bottom of the article are pure common-sense. Even if they're not concerned about "malvertisements" (ick) they should already have been checking references properly (i.e. using a bank's listed number, not one provided by the "agency" and checking the certificates of incorporation of them and their referees). It's common fucking sense even when you are just trying to establish whether or not to extend a line of credit to them! I wish I could have avoided swearing, but it makes me feel physically sick to think that someone can publically admit to being such a colossal moron and still have a job. Not only that, but to have people thanking her for her insight!! Idiots! How much time was wasted by her, her sales droids, her marketers etc.? Idiots! Using the word "creative" as a noun when referring to banner-ad files? Idiot!! AAAGHHH!

Re:I'm Surprized... (4, Interesting)

jimicus (737525) | about 4 years ago | (#33147732)

I'm also suitably stupefied. All the "pink" and "red" flags that they are obviously so clever to spot, and which she spends almost the entire article talking about, are just her dancing around the elephant in the room: that she and her team are complete fucking idiots.

Part of me wonders if there is a difference in industries which makes this look so damn stupid.

Anyone in IT has probably seen so much malware, so many phishing and scam attempts that there's a strong chance most of us would have checked any company registration numbers with the relevant authorities, checked WHOIS information and contacted the bank directly using one of the banks' own published numbers before even returning the first email. But if you didn't normally meet such rubbish (because the IT department has already filtered out most of the malware, scams and phishing attempts before they even hit your mailbox), I wonder if you'd develop the same level of cynicism?

Re:I'm Surprized... (0)

Anonymous Coward | about 4 years ago | (#33148278)

How did she became the "CMO of Casale Media, Inc." without having even rudimentary knowledge of their most important medium today? GP is right, she's being lauded for describing her path from colossal moron to self-important moron.

Re:I'm Surprized... (2, Insightful)

WrongSizeGlass (838941) | about 4 years ago | (#33148372)

I agree that she shouldn't be applauded for finally figuring out she was on 'Candid Camera', but keep in mind that it isn't always in their best interest to find these scammers out. They profit from providing their services to all comers, including those that happen to be in the malware business. Keeping the 'cash engine' running often serves up some blinders.

Some of our clients have forums on their sites. We train them to check the domain info of the user trying to join their forum, compare the IP to other IP's that have been blocked, actually *read* the username and e-mail username, etc, etc before approving the user. It's unfortunate that being suspicious is now a prerequisite to being good at what you do on the internet.

Re:I'm Surprized... (1)

John Hasler (414242) | about 4 years ago | (#33148960)

I agree that she shouldn't be applauded for finally figuring out she was on 'Candid Camera', but keep in mind that it isn't always in their best interest to find these scammers out.

But she did refuse their business in the end. Thus she would have saved money had she checked the bank phone number and therefor dropped them at the very beginning.

They profit from providing their services to all comers, including those that happen to be in the malware business. Keeping the 'cash engine' running often serves up some blinders.

This is true, and she notes it as a reason not to rely on the sales department to investigate new customers. In the old days this was handled by accounting (in all industries, not just advertising) and there was always tension between them and sales.

Re:I'm Surprized... (1)

couchslug (175151) | about 4 years ago | (#33149014)

"It's unfortunate that being suspicious is now a prerequisite to being good at what you do on the internet."

Being suspicious is a prerequisite to being good at life.

Re:I'm Surprized... (1)

v1 (525388) | about 4 years ago | (#33149288)

I thought that was downright hilarious, just taking numbers off the client's provided reference sheet, calling them, and getting the green light. With absolutely no verification of who was at the other end of the phone. There's absolutely zero point in taking references if you're going to implicitly trust them without any guarantee of who they are. The whole point of a reference is to get facts from a credible source. And all they were using it for is to get facts, completely skipping the "credible source" aspect.

IMHO, if I could either check ON the number or CALL the number, I'd chose to check ON it. References, however glowing, without a verified source, are next to worthless.

That, and only doing whois lookups after a red flag? wow. And these guys are patting themselves on the back for being such super sleuths. I'd say this was more of a very close call from a fairly amateur scammer than something to be proud of. I would be embarrassed to have this story get out, certainly not going to publish it.

Re:I'm Surprized... (1)

jkxx (739331) | about 4 years ago | (#33147726)

Me too.. or three - Verifying phone numbers and domain registrations is basic common sense stuff. These guys must've never heard of spammers or been victimized by the same. And they are running ads that will be unleashed on an unsuspecting audience? Perhaps running noscript/adblock/etc is no longer the paranoid thing to do - looks like it's becoming the only *right* thing to do.

Re:I'm Surprized... (2, Interesting)

RDW (41497) | about 4 years ago | (#33147864)

Re:I'm Surprized... (2, Informative)

Dynamoo (527749) | about 4 years ago | (#33148440)

Interesting.. but written by someone who works for Media Breakaway (formerly OptInRealBig) who don't exactly have a squeaky clean reputation when it comes to checking who they do business with.

Pink flag (3, Funny)

kaoshin (110328) | about 4 years ago | (#33147330)

"We've also highlighted some pink flags"

Is that close to a fuchsia, because I like totally need a flag like that to match my new outfit.

Re:Pink flag (1)

operagost (62405) | about 4 years ago | (#33150718)

That got me too. She was looking for a color to denote a situation that warranted concern, and she thought of pink instead of yellow. Does she throw out the white flag when everything's a go? Must be color blind.

Such high standards! (4, Insightful)

Anonymous Coward | about 4 years ago | (#33147352)

I'm comforted to know that Casale Media will pass on obnoxious mortgage refinance advertising from only verified and legitimate predatory lenders!

These checks aren't in place out of any concern for the security of ad viewers. Casale Media here is only concerned that the phantom business will disappear without paying once the botnet is established. Ad networks have demonstrated they don't give a damn so long as they get their cut.

My AdBlock Plus stays on.

Big Surprise (5, Insightful)

VonSkippy (892467) | about 4 years ago | (#33147392)

And site owners and advertisers wonder why users go to such extremes with Adblock plus and NoScript to block ad's.

If the sites (or ad distributors) can't guarantee the safety of their own sites, then users have to do whatever is necessary to protect their own systems. If that means no advertising income for those sites - tough luck.

Re:Big Surprise (2, Informative)

toQDuj (806112) | about 4 years ago | (#33147782)

Not very extreme anymore. I just noticed that with the safari extensions, it is just one click away from the safari extensions gallery from being useful and implemented.

Re:Big Surprise (3, Insightful)

Tapewolf (1639955) | about 4 years ago | (#33147812)

And site owners and advertisers wonder why users go to such extremes with Adblock plus and NoScript to block ad's.

This. I don't mind advertisements, but after I got stung by a drive-by exploit on a work machine (either on Slashdot itself or one of its linked articles), I went straight for Adblock Plus.

I can't remember what the payload was now - something that installed 'XP Antivirus 2010' or whatever (*) - but at the time, only two AV suites could detect it and the company-mandated AV wasn't among these.

(*) Which gleefully detected 'viruses' in several ARM, MIPS and SH3 binaries before I was able to kill it

shame on you (1)

viralMeme (1461143) | about 4 years ago | (#33147846)

"I got stung by a drive-by exploit on a work machine .. something that installed 'XP Antivirus 2010"

Run your browser from a read-only device, that way you won't ever get stung.

Pendrive [pendrivelinux.com]

Re:shame on you (1)

Tapewolf (1639955) | about 4 years ago | (#33147906)

Run your browser from a read-only device, that way you won't ever get stung.

I did the next best thing and installed Xubuntu on an old laptop for browsing. Some of us have to develop on Windows, though. Unfortunately.

Re:shame on you (1)

Aphoxema (1088507) | about 4 years ago | (#33150962)

"I got stung by a drive-by exploit on a work machine .. something that installed 'XP Antivirus 2010"

Run your browser from a read-only device, that way you won't ever get stung.

Pendrive [pendrivelinux.com]

You could also just run your browser in a virtual machine and set the write-back to a file that's deleted every restart.

Re:Big Surprise (0)

Anonymous Coward | about 4 years ago | (#33147910)

How ever all ad distributors will guarantee ads will play, Content of course is always hit or miss. There have been loads of times when video sites Force ads but fail to load sponsored TV segment. YES I'M LOOKING AT YOU CBS!

Adblock Plus is never going to be uninstalled or disabled from my machines.

Re:Big Surprise (1)

Sycraft-fu (314770) | about 4 years ago | (#33150088)

No kidding. I finally got ABP for Firefox. For a long time I didn't, because I understand sites need ads to be able to provide good content for free. I'm a realist. However, I finally got fed up and loaded it for three reasons:

1) Ads that block off the whole page, or redirect you while surfing and so on. Used to be just Flash shit did that so flashblock did the trick nicely. Not any more, now there's HTML ads that are massive problems. They don't want to show you an ad, they want to stop you from browsing and force you to deal with the ad. No. I'm not ok with that.

2) Ads lagging out websites. I'd go to a site and it wouldn't load because a fucking ad server was down and the site will not load until that loads.

3) Malware ads. Not only are they generally annoying, poping up "Click here to get protected," modal dialogue boxes, they are dangerous and they piss off my virus scanner.

So now ABP is on. I've got a few sites, Slashdot, Hardforum, etc that are whitelisted to they can still get ad money but everything else is blocked. If sites want it off, they have to start taking better steps to ensure their ads are acceptable.

Maybe it's me (4, Insightful)

rk (6314) | about 4 years ago | (#33147422)

But if a WHOIS lookup on a new customer's domain isn't in your SOP from the get-go, you're strictly amateur hour.

Re:Maybe it's me (2, Insightful)

Anonymous Coward | about 4 years ago | (#33147454)

There is a bit of a work around.

The guys who provided a fresh set of domains really were not thinking through all of the angles.

You can easily purchase a dated domain for cheap and with any planning it would be trivial to wind up with a handful of older domains spanning various ages.

However, I do not know if the re-purchase resets the date. Otherwise, a private sale would have to be used.

In the end, these guys are likely hitting multiple sales agencies looking for a catch. While these guys might have not taken the bait I'm quite sure someone else would.

Re:Maybe it's me (2, Interesting)

Kireas (1784888) | about 4 years ago | (#33147496)

Oddly enough, that's what I thought...a WHOIS on the domains provided, as well as some checks on the bank (to check that the number you are given is actually their number) can't be that hard.

I mean, we have Google. Checking these things must only take another 10 minutes or so...? Nonetheless, can't blame them. 10 minutes adds up across many prospective clients.

Re:Maybe it's me (2, Informative)

Dynamoo (527749) | about 4 years ago | (#33148466)

Well, that's how *I* would start vetting, but then I work in the IT security field and not advertising!

But.. check the WHOIS for the registration date and valid contact details, check that the registrar isn't someone odd like China or Russia, check to see where the site is hosted, check the other sites on the same server and nearby IP addresses, also check the nameservers and if you are feeling more advanced check the MX handler. DomainTools or Robtex is your friend here.. very often you will find red flags using just those checks alone.

Re:Maybe it's me (1)

greed (112493) | about 4 years ago | (#33150740)

That, and accepting the bank phone number provided by the customer.

On the rare occasion my bank phones me, I ask them how I can call back with information I have (on my ATM card, on my statement, in my telephone book). Every single time they have complimented me on that procedure and provided the name and extension number to reach them. (OK, some times they've told me anyone in the call centre can help, and I don't need to talk to the person who called me in the first place.)

If you're verifying something someone provides you, you cannot use the information they provide you....

Re:Maybe it's me (1)

swb (14022) | about 4 years ago | (#33151044)

Isn't the part of the problem that these "ad networks" and the tangled webs of ad brokers, resellers, agencies, service providers, programmers, designers, etc that result the person offering the ad may well be thrice removed from the ad's actual creator, the company being advertised, etc?

For example, if I'm a small agency that wants to place banner ads, I'm not going to bother trying to place them directly with web sites, I go through a network. Now I may go through a small network that places its ads in a larger one. At this point, who is really paying attention to where the ads come from or who they belong to?

reputable ad networks? (4, Interesting)

stephanruby (542433) | about 4 years ago | (#33147480)

reputable ad networks? What are those? Is he speaking of google ad-sense? or Hulu ads? Personally, I don't consider ad networks that use banner ads as anything that are reputable (this includes any of the shady ad-networks that Google purchased as well). Non-obtrusive text ads, I can deal with. Even Hulu ads, I can deal with since it's film on film. It's just that I hate banner ads, or animated ads, when I'm in reading-mode.

Re:reputable ad networks? (1)

Aphoxema (1088507) | about 4 years ago | (#33151088)

reputable ad networks? What are those? Is he speaking of google ad-sense? or Hulu ads? Personally, I don't consider ad networks that use banner ads as anything that are reputable (this includes any of the shady ad-networks that Google purchased as well). Non-obtrusive text ads, I can deal with. Even Hulu ads, I can deal with since it's film on film. It's just that I hate banner ads, or animated ads, when I'm in reading-mode.

I've noticed more and more ads are finding ways to subtly act like they are a part of the site. Instead of the old crap that pretended to be a Windows window, now it's "Download now" or "Download Torrent Here" or "More about this here". What's even worse are one's that attempt to provide information in the middle of instructive articles misleading you.

It's all a monstrosity. There is nothing I despise more than advertising, it's the reason I stopped watching television years ago and it may yet be the reason I stop watching Hulu.

Re:reputable ad networks? (1)

sexconker (1179573) | about 4 years ago | (#33151934)

"Reputable ad networks" is an oxymoron.
Like "trustworthy door-to-door salesman", "truthful infomercial", "respectable telemarketer", or "honest politician".

Even Hulu ads, I can deal with since it's (1)

klimaservisi (1871606) | about 4 years ago | (#33147710)

SOP from the get-go, you're strictly amateur hour. pgup http://www.klimaservisii.com/ [klimaservisii.com]

Don't know about anyone else... (2, Insightful)

myrmidon666 (1228658) | about 4 years ago | (#33147770)

But, I'm not really surprised the lengths these "fake companies" will go. Money is a precious thing in this world and if you can't 'seem' to make it legally, you may just turn to crime. Even people who would have never considered doing something like this may be driven to new heights [digitaljournal.com] in desperation.

However, some of these people may or may not be the desperate, dirt poor, starving, "means-to-an-end" people I portrayed but, take a minute and think of the things you would probably do if there was truly, no other way you could think to survive in this messed up little world.

Malicious malverts (1)

viralMeme (1461143) | about 4 years ago | (#33147832)

Ultimately, how does the end users computer get infected by this `malware'?

Re:Malicious malverts (3, Informative)

asdf7890 (1518587) | about 4 years ago | (#33148206)

Ultimately, how does the end users computer get infected by this `malware'?

The site linked to by the advert includes code that exploits a drive-by install using an unpatched exploit for the user's browser/OS, or uses some form of human engineering to get them to install it (i.e. like the many many "your machine is infected, follow these instructions to fix this" things that are seen out there).

At least one ad network I've seen seems to allow advertises to include custom javascript in their adverts, either that or the advertisers have found a way around the filtering the ad network does on the content, at which point such unpatched flaws can be exploited without the user needing to click the ad at all.

You lost me at "reputable ad networks" (5, Insightful)

erroneus (253617) | about 4 years ago | (#33148308)

In so many words others have expressed what I have summarized down to "advertisers don't respect their audience." Their approach has almost always been the capitalist "what the market will bear" approach and as people have grown accustomed to being assaulted with ever more eye-catching colors, styles, techniques and technologies, the limits of what the market will bear erode. People no longer realize they are being disrespected. Their paid-for internet connection are being utilized. Their time is being wasted. They will install software that resists being uninstalled and drains performance and stability from their computers. I see no end to what they will do.

There is a blurry and indistinguishable line between "reputable ad networks" and "the bad guys." The reputable are certainly not constrained by morals and not by law. How can we know they aren't simply being complicit?

Re:You lost me at "reputable ad networks" (1)

foniksonik (573572) | about 4 years ago | (#33148668)

Most consumers pay a fixed fee for their connection and rarely use 50% of it's throughput. For these people ads are not taxing enough to be considered abusive even if the ads are being served partly on their dime. It's like TV or radio to them. Unmetered access so no opportunity cost.

Re:You lost me at "reputable ad networks" (1)

erroneus (253617) | about 4 years ago | (#33149356)

If I have 20 acres of land and someone decides they want to post a sign advertising their crap on an unused portion of my land, it is actionable. It does not matter that I do not use it. It's mine, not theirs. It is a form of trespass.

The same goes for any medium or service I pay for. Look at cable/satellite TV. I don't pay for it and never have. (I don't watch it any longer either because my cable guy wouldn't take a bribe the last go around.) I don't pay for anything to provide ad space for someone else.

Whether or not I have room for it, time for it or otherwise have resources for it is irrelevant.

Re:You lost me at "reputable ad networks" (0)

Anonymous Coward | about 4 years ago | (#33151040)

Their approach has almost always been the capitalist "what the market will bear" approach and as people have grown accustomed to being assaulted with ever more eye-catching colors...

Capitalism is a political philosophy. "what the market will bear" is a pricing strategy. There are others, see here [wikipedia.org] . To describe it as "capitalist" is to mistake two concepts. Unless you can take that wiki page and tell me which are the capitalist strategies and which are the non-capitalist strategies...

Re:You lost me at "reputable ad networks" (2, Interesting)

Aphoxema (1088507) | about 4 years ago | (#33151138)

In so many words others have expressed what I have summarized down to "advertisers don't respect their audience." Their approach has almost always been the capitalist "what the market will bear" approach and as people have grown accustomed to being assaulted with ever more eye-catching colors, styles, techniques and technologies, the limits of what the market will bear erode. People no longer realize they are being disrespected. Their paid-for internet connection are being utilized. Their time is being wasted. They will install software that resists being uninstalled and drains performance and stability from their computers. I see no end to what they will do.

There is a blurry and indistinguishable line between "reputable ad networks" and "the bad guys." The reputable are certainly not constrained by morals and not by law. How can we know they aren't simply being complicit?

They're disrespectful and idiots. What "targeted advertising" gets is showing people what they already have. I play EVE Online. I look up stuff on EVE Online. Going by my cookies and such, advertisers know I play EVE Online. So, what is advertised to me? To try EVE Online. They succeed in nothing.

Re:You lost me at "reputable ad networks" (1)

userw014 (707413) | about 4 years ago | (#33152040)

I am not a customer of the advertisers. I (and my family) are a resource or commodity they don't have to pay for but are selling to other people. They only care about me insofar as my shrieks of pain at being abused don't cause the advertising customers (clients) to stop buying advertising from them, or the web hosting sites from selling space to them.

There are so many advertising agencies - all trying to harvest money from their clients - all chasing each other to the bottom of the gutter.

Given the lack of enforceable, public standards involving advertising - and given the innate nature of the relationships and accountability mechanisms involved, I don't see why I shouldn't block every advertising agency I encounter, as aggressively as I can. I also don't see this as being an unreasonable attitude. If anything, it strikes me as perfectly sane, like closing my windows before it rains, washing and bathing, and locking the doors to my house when I'm not home. Good, sane, common sense.

The cost to me of an advertising failure is enormous. Lost access to the web. Possible lost acccess to the internet for employment related uses. Huge chunks of time cleaning up some mess. The risk of Identity theft, etc.. There is even a cost to me of advertising success - slower access to web pages I do want to visit, and cluttered web pages too. But I don't see a benefit anymore. I don't even want to listen to them justify their existence anymore. Give me back my junk postal mail and local newspaper weighed down with advertising flyers. I feel much safer with them - and if paranoia strikes me there, I can handle that stuff with rubber gloves when dispossing of the dross - and only once a day at that.

Back in the misty reaches of the past (Internet Time), I could be convinced to tolerate advertising on the web as part of a mechanism to pay for the free content that I was interested in. Back in those misty times, I usually used Netscape on a Solaris box. I had a Windows/9x machine at home - but hardly used it for the Web because with a new family, I was too tired at night.

These days, for my home LAN, I agressively block huge chunks of the internet - with FreeBSD "ipfw" tables and by running my own DNS relay that blocks many domains - hphishing, advertising, hosting, and ISP (by making the authority a IP address in a range that my FreeBSD router returns a "network unreachable" for.) Firefox has AdBlock+ and NoScript. Safari is used rarely. Chrome only for 2 sites - all to keep the cookies segregated.

At home, web pages look like swiss cheese. Sometimes, I white-list a site - but not often. But I'm (mostly) satisfied. I'd like to block even more.

Do something about pages that wont load noscript'd (3, Insightful)

Marrow (195242) | about 4 years ago | (#33148370)

There are plenty of pages where the site just will not load unless you give permission to run layers and layers of 3rd,4th,5th party scripts. What can we do as consumers or developers to prevent such behavior on the part of websites?

Re:Do something about pages that wont load noscrip (4, Insightful)

pushf popf (741049) | about 4 years ago | (#33148746)

There are plenty of pages where the site just will not load unless you give permission to run layers and layers of 3rd,4th,5th party scripts. What can we do as consumers or developers to prevent such behavior on the part of websites?

Install User Agent Switcher and browse as Google.

nobody blows off Google.

Re:Do something about pages that wont load noscrip (0)

Anonymous Coward | about 4 years ago | (#33148844)

Don't go to the site?

Re:Do something about pages that wont load noscrip (1)

John Hasler (414242) | about 4 years ago | (#33149088)

What can we do as consumers or developers to prevent such behavior on the part of websites?

Take your business elsewhere.

"reputable ad network"... (1)

John Hasler (414242) | about 4 years ago | (#33148564)

...is an oxymoron.

Why so many pink flags..? (0)

Anonymous Coward | about 4 years ago | (#33150176)

'cause otherwise they'd have had to change the light bulb.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>