Thread: Re: Linux and spyware?
View Single Post

  #2 (permalink)  
Old 06-30-2003
Roodwriter@core.com
 
Posts: n/a
Default Re: Linux and spyware?
Christopher Browne wrote:

> After a long battle with technology, Anonymous <nobody@bikikii.ath.cx>, an
> earthling, wrote:
>> "CB" == Christopher Browne <cbbrowne@acm.org>:
>> CB> And note that the only thing about this that you can forcibly do
>> CB> anything about is to choose not to follow the web links.
>>
>> Things that might also help:
>> - use a different account when browsing "unknown" web sites
>> - use an anonymyzing web proxy
>> - tell your browser not to store cookies and disable javascript
>>
>> This way, you don't have to mess with your normal browser's
>> cookies/javascript settings. Use your normal account for browsing
>> "trusted" sites, and a specially hardened environment for "unknown"
>> sites.
>>
>> Of course, using an anonymizing web proxy is a good thing regardless
>> of the site you visit...
>
> But this STILL misses the point.
>
> If you follow the link sent in an email message,
> <http://www.hotteens.com/start+1023+stuff/>
> then they can know that the email address they tried is a "good" one,
> irrespective of what "anonymization" techniques you might try.
>
> Using an anonymizing web proxy doesn't "fix" that. Nor does using a
> different user account. Nor does disabling cookies or JavaScript.
>
> Sheesh.
>
> The "log all web requests" technique DOES NOT REQUIRE SPECIAL
> PROTOCOLS. It DOES NOT REQUIRE BROWSER EXTENSIONS.
>
> This thread has been demonstrating that there are a lot of people that
> have somehow bought into some mystical magical notion that "Linux is
> Secure" as a result of having Good Fairy Pixies around, whereas
> Windows is insecure due to having Bad Fairy Pixies. Or based on
> thoughts similarly fanciful.
>
> Reality, of course, is that there is no magic, fairies, pixies, or
> such involved. And reality is that things /aren't/ magically secure.
>
> In fact, reality is that even though you may be browsing from a Linux
> box, there may be quite a lot of surveillance the Bad Guys can do on
> you. If you don't believe that, then look at the logs collected in
> /var/log/apache, and see if you can't imagine creative ways to abuse
> that information, particularly if you have ways of injecting URLs of
> YOUR choice into the mix.


For what it's worth, whenever I get a spam I use the "bounce" facility of
KMail to send it back. It simulates a bad address. My ISP also has a
spam-catching facility that records addresses marked as spammers and blocks
them.

I don't get much spam and then rarely from the same address twice.

Of course, bouncing won't help if the spammer is using brute-force tactics.

--Rod

--
Author of "Linux for Non-Geeks--Clear-eyed Answers for Practical Consumers"
and "Boring Stories from Uncle Rod." Both are available at
http://www.rodwriterpublishing.com/index.html

To reply by e-mail, take the extra "o" out of my e-mail address. It's to
confuse spambots, of course.
Reply With Quote