×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

A Foolproof Way To End Bank Account Phishing?

earlytime Re:The simple way to end phishing. (436 comments)

Agreed. You have to fight the problem at the source. take the profit out of spamming & phishing and it will be drastically reduced. what we do now is like pouring perfume in the sewer because is smells so bad.

First thing you've got to do is recognize that email is broken. we need an "smtp 2.0" which eliminates the spoofable "feature" of smtp mail, and ensures positive id for the sending and receiving servers. There are many ways to do this, but a place to start is to require DomainKeys on smtp 2.0 servers, which goes a long way towards this end.

Once we know who is talking to us, and who we're talking to, we can finally address the real issue. It costs almost nothing to send a billion emails, but it costs plenty to sort through a billion spams. If I can't spoof my source domain, then it becomes much more expensive to send spam if I have to authenticate when claiming to be a legitimate e-mail domain like yahoo, gmail or hotmail.

Also devise a scheme where it is computationally expensive to send an email, but is trivial to receive one. It wouldn't be expensive to send 1000 outgoing messages an hour, but 1000(or more) a minute will require serious hardware. The harder I make the challenge, the fewer emails a bogus (a small server is unlikely to be legitimately sending millions of messages) server can try to deliver.

smtp 2.0 servers would be set to favor established domains to which we frequently send & receive messages, also to set a hard limit for the number of messages an unknown domain can send to us. Since nobody will accept more than a handfull of emails from my newly registered domain, I have to drop a lot more money on bogus domains which i can't even use for a year or two. you can protect legitimate new domains by following a "certified SSL" protocol for validating the identity of a domain owner. anybody without a certified domain or an established domain will have a really hard time getting their spam delivered.

Of course the attackers will find weaknesses in the processes and protocols, but we can simply ensure that servers are ready to migrate to the rules of mail 2.1, which fills in the gaps of smtp 2.0. If your servers aren't updated to a recent smtp version, I can stop "preferring" your mail.

more than 7 years ago

Submissions

top

VMware 5.0 Released

earlytime earlytime writes  |  more than 3 years ago

earlytime (15364) writes "VMware releases vSphere 5 today. After much publicity about it's new licensing scheme, techies worldwide get to take the new release for a spin an see if all of the new features are worth the fuss. From TFA : "With the release of VMware vSphere 5, VMware is helping customers accelerate their journey toward a more efficient and automated cloud infrastructure," said Bogomil Balkansky, senior vice president, cloud infrastructure products, VMware. "The enhancements and new innovations we've introduced in VMware vSphere 5 provide a robust, reliable platform for business applications, enabling customers to effectively respond to the growing needs of their business and giving them confidence in their IT transformation.""
Link to Original Source

Journals

earlytime has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?