Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

A Foolproof Way To End Bank Account Phishing?

earlytime Re:The simple way to end phishing. (436 comments)

Agreed. You have to fight the problem at the source. take the profit out of spamming & phishing and it will be drastically reduced. what we do now is like pouring perfume in the sewer because is smells so bad.

First thing you've got to do is recognize that email is broken. we need an "smtp 2.0" which eliminates the spoofable "feature" of smtp mail, and ensures positive id for the sending and receiving servers. There are many ways to do this, but a place to start is to require DomainKeys on smtp 2.0 servers, which goes a long way towards this end.

Once we know who is talking to us, and who we're talking to, we can finally address the real issue. It costs almost nothing to send a billion emails, but it costs plenty to sort through a billion spams. If I can't spoof my source domain, then it becomes much more expensive to send spam if I have to authenticate when claiming to be a legitimate e-mail domain like yahoo, gmail or hotmail.

Also devise a scheme where it is computationally expensive to send an email, but is trivial to receive one. It wouldn't be expensive to send 1000 outgoing messages an hour, but 1000(or more) a minute will require serious hardware. The harder I make the challenge, the fewer emails a bogus (a small server is unlikely to be legitimately sending millions of messages) server can try to deliver.

smtp 2.0 servers would be set to favor established domains to which we frequently send & receive messages, also to set a hard limit for the number of messages an unknown domain can send to us. Since nobody will accept more than a handfull of emails from my newly registered domain, I have to drop a lot more money on bogus domains which i can't even use for a year or two. you can protect legitimate new domains by following a "certified SSL" protocol for validating the identity of a domain owner. anybody without a certified domain or an established domain will have a really hard time getting their spam delivered.

Of course the attackers will find weaknesses in the processes and protocols, but we can simply ensure that servers are ready to migrate to the rules of mail 2.1, which fills in the gaps of smtp 2.0. If your servers aren't updated to a recent smtp version, I can stop "preferring" your mail.

more than 7 years ago

Submissions

top

VMware 5.0 Released

earlytime earlytime writes  |  more than 2 years ago

earlytime (15364) writes "VMware releases vSphere 5 today. After much publicity about it's new licensing scheme, techies worldwide get to take the new release for a spin an see if all of the new features are worth the fuss. From TFA : "With the release of VMware vSphere 5, VMware is helping customers accelerate their journey toward a more efficient and automated cloud infrastructure," said Bogomil Balkansky, senior vice president, cloud infrastructure products, VMware. "The enhancements and new innovations we've introduced in VMware vSphere 5 provide a robust, reliable platform for business applications, enabling customers to effectively respond to the growing needs of their business and giving them confidence in their IT transformation.""
Link to Original Source

Journals

earlytime has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...