<<<How does S.P.(U.T.U.)M. do that Voodoo
we do so well?>>>
Go to the latest and greatest version of SpuTools® at:
Many people come to us, and they say:
"How in 'Bob's' name did you nail that spammer? I mean, she faked her
e-mail address and real name...so, why wasn't she anonymous?"
Let's face it: Not every anti-spammer has hundreds of cybernetically
enhanced Yeti at her disposal, ready to launch stealth remotely-piloted
nanotech surveillance vehicles at a moment's notice. Not every
anti-spammer is directly wired into the backbone of the Net via a
[SubNectivity] wetware interface. But every *anti-spammer* would like
to know how we utilize the freely-available, non-wetware Net resources
out there to bag and tag Net.vermin.
In the past, we have begged off answering this question for fear of
alerting the "Bad Guyz" to the exoteric sources and methods we use.
We worried that intelligent spammers or warez traders might peruse our
site and devise crafty countermeasures to our internet sleuthing.
We have now come to the conclusion that there aren't any intelligent
spammers or warez traders.
Therefore, here goes.
Pick your Net.abusing Target:
Type 1: Stupid Clueless Newbie, posting in the clear
Type 2: Careful clueless spammer/warez kiddie, attempting pseudonymity
Type 3: Professional SpamDude, posting pseudo-anon from rogue ISP
{Note: our focus will be on Usenet posts, not on unsolicited commercial
e-mail (UCE) Spam, although the techniques enumerated below can be used
against most UCE spammers, as well.}
{Also note: Yes, there are many cool anti-spammer sites/techniques/bots
we have not mentioned here. You may assume this was done deliberately.
Please do not inundate Unit IV's in-box with your recommendation that we
"Check Out" the latest and greatest net.surveillance resources.
We know already. Some techniques are too...dangerous for the uninitiated.}
If you plan on spending any significant amount of time Spam-slamming,
you'll probably want to bookmark the following sites in your browser
of choice and rearrange them according to your liking (which is why
I have not done so for you).
A Spam article appears on a.b.s. with the following characteristics:
-------------------------------begin Spam quote-------------------------
Path: ix.netcom.com!ix.netcom.com!news-res.gsl.net!news.gsl.net!
usenet.eel.ufl.edu!hookup!chi-news.cic.net!ddsw1!news.mcs.net!
news.abs.net!jspivey
^^^^^^^
From: an538425@anon.penent.fi --Note misspelling of anon.PENET.fi--
sign of a true pro
Newsgroups: alt.2600.hackerz,alt.2600.phreakz,alt.2600.warez,
alt.binaries.misc,alt.binaries.slack,alt.binaries.warez,
alt.binaries.warez.ibm-pc,alt.binaries.warez.ibm-pc.d,
alt.binaries.warez.ibm-pc.dos,alt.binaries.warez.ibm-pc.old,
alt.bio.hackers,alt.hacker,alt.hackers.groups,alt.warez.ibm-pc,
alt.warez.ibm-pc.apps,alt.warez.ibm-pc.old
Subject: !!Help with DETROIT 1115 !!!!
Date: 28 Jul 1996 22:05:56 GMT
Organization: ABSnet Internet Services, Inc.-(410)-685-2000 -sales@abs.net
Lines: 9
Message-ID: [4tgo85$ehh@news.abs.net>
NNTP-Posting-Host: ppp103.bcpl.lib.md.us
X-Newsreader: News Xpress Version 1.0 Beta #3
Xref: ix.netcom.com alt.2600.hackerz:3493 alt.2600.phreakz:1807
alt.2600.warez:7009 alt.binaries.misc:146348 alt.binaries.slack:8098
alt.binaries.warez:19901 alt.binaries.warez.ibm-pc:543268
alt.binaries.warez.ibm-pc.d:7196 alt.binaries.warez.ibm-pc.dos:2622
alt.binaries.warez.ibm-pc.old:13458 alt.bio.hackers:2856
alt.hacker:16141 alt.hackers.groups:981 alt.warez.ibm-pc:4333
alt.warez.ibm-pc.apps:10372 alt.warez.ibm-pc.old:3688
I'm running detroit 1115 on at 5x86 32 meg system. When I run ppp
type appz I get an error message. Example like cuteftp or mIRC.
Here's the error message:
"A fatal exception 0E has occurred at 0028:C0F4BED2 in VXD WSOCK(01) +
00000ED2"
Then the app closes. What does this mean? How can I fix it? Post a
messages... Thanks
---------------------------end Spam quote---------------------------
Classic hallmarks of Type I Newbie: real user name in path, ISP contact
phone number in organization, terrible formatting, multiple copies of
same message in post (inadvertent extra "paste"), AOL or .edu-ish domain
name.
If the poster has had the stupidity to post with her real name and/or home
address, we have her. This almost always means that the path information
and nntp posting host have not been forged...
Thus:
1) Perform whois do domainname.com if U.S. domain. Should you find
the official Internic whois server slow, you may want to bookmark one of the
whois servers geographically near to you. If the domain is from outside the
U.S., Internic may or may not have the contact info in its database.
For European sites, check out RIPE; alternative site is RIPE via WAIS.
For other foreign sites, we have found that visiting the ISP's website
(www.ispname.com or www.ispname.net) yields contact info in a flash
(especially recommended for all the Canadian spam-originating ISPs
cropping up nowadays).
2) Attempt to finger user@host.com...this will likely yield great results
for .edu accounts, mediocre results for small ISPs, and poor results for
nationwide ISPs (which routinely do not accept finger requests, even from
the same domain). Other finger gateways via the web can be found here.
Another method of getting at a spammer's e-mail address is by using the
technique described here to telnet to the mail port (25) of the spammer's
SMTP host (more useful for UCE e-mail spam, but thrown in for completeness).
3) Reverse e-mail search via IAF to confirm real name/look for other
accounts perhaps more precious to the spammer.
4) Send e-mail complaint to administrative sysop you found listed in
internic database, or the alternative abuse e-mail address used by the ISP
(see our FAQ or the Spam FAQ for details).
Be polite. Consider using the complaint form from the "Get That Spammer!"
site. Emphasize the fact that the offender contravened the ISP's Terms of
Service (TOS)/Acceptable Use Policy (AUP) by committing net.abuse.
5) [Optional] AltaVista/DejaNews search for further info on poster
(prior posts to alt.depression, alt.recovery.gerbils, etc.).
Never underestimate the intimidation value to the anti-Spammer of
narcissistic spammer websites.
6) [Optional] Use 411, Switchboard, or LookupUSA to get
the spammer's phone number-- especially if he is a Make Money Fast (MMF)
spammer. Know the address but not the area code? No problem. Proceed to
http://www.555-1212.com/ and punch in the city to get the area code...
or vice versa. After you get the area code, you get a bonus prize--
a link to one of the most complete phone number search pages around.
7) [Optional] Map MMF perpetrator's location in 3-space via vicinity.com
(after all, they gave you their address!).
8) [Optional] Post all of the above to your newsgroup +
news.admin.net-abuse.misc and/or news.admin.net-abuse.usenet. Do *not*
quote the entire message or ("Bob" help us) binary-- the full header plus
a few characteristic lines will do (make sure the MMF Spam "names list"
remains intact). Do *not* backspam info to the 100 sites the original
spammer used, however, else you will be defeating the purpose of
SpamSlamming which is {class?}
"Conserving Bandwidth!".
Thank you.
9) [Optional] If warez are involved (illegally copied software), then the
Software Publishing Association (piracy@spa.org; Peter Beruk, Domestic
Anti-Piracy, (202) 452-1600 ext. 314 [pberuk@spa.org]), the FBI
nccs@fbi.gov), and/or the security sysop of the ISP (e.g.,
security@netcom.com) may need to be alerted.
10) [Optional] If MMF is involved, especially if it is a repeat MMF from
the same user, then the U.S. Postal Inspectors Service Postal Fraud
hotline (jccheezum@uspis.gov), the IRS Net Abuse Division
(net-abuse@nocs.insp.irs.gov
), the FTC (consumerline@ftc.gov),
and/or the National Fraud Information Center(nfic@internetMCI.com;
http://www.fraud.org/nficmail.htm)
may need to be alerted.
Type 2 Spammer: Careful clueless spammer/warez d00d, attempting pseudonymity
The key to identification of the pseudoanonymous perpetrator is finding as
many "sharp edges" as possible to the post. By "sharp edges", we mean
unique characteristics which can lead one to the real poster. Even
messages posted via chained anon remailers can contain "sharp edges"
(for example, in a distinctive signature used by the poster in a previous,
non-anon posting). Remember, all the major web-spider based search
engines (AltaVista, HotBot, Excite, Webcrawler) can search for absolutely
any text on any web page...and some (AltaVista, DejaNews) can do so
for the Usenet, as well.
Here's an example of a guy who thought he was posting "anonymously":
----------------------------begin Spam quote---------------------------
Path: ...!usenet.eel.ufl.edu!bofh.dot!news.atlantic.net!
ppp-gnv-fl-039.atlantic.net!user
From: DonJuanToupe@all.net (Don Juan Toupe)
Newsgroups: alt.binaries.slack
Subject: F*#K da police!
Date: 4 Jun 1996 04:19:54 GMT
Organization: lovegodz
Lines: 4
Message-ID: [DonJuanToupe-0406960138120001@ppp-gnv-fl-039.atlantic.net>
NNTP-Posting-Host: ppp-gnv-fl-039.atlantic.net
Let's get to trading
--
do it if it feels good......
-------------------------------end Spam quote---------------------------
Note hallmarks of Type II post: faked nym instead of real name, faked
(usually somewhat humorous)e-mail return address, intact path, intact nntp
posting host, *Unique fake organization name*,intact X-Newsreader line
(usually; not so in this case).
Suggested approach depends on which "sharp edge" sticks out the most.
Our goal is rapidly to get the perp's REAL name and city of residence;
from this, all else (phone number, map to house, DMV records-- ha ha,
only serious) can be obtained.
Why is the perp's real name important?
Why don't we just hand the case over to the ISP: "Some bozo calling
herself zeus@mountolympus.com is spamming our site/newsgroup-- tell her to
stop it."?
Consider: Most ISP abuse sysops are INUNDATED with requests from rank
newbies for aid in persecuting/burning at stake UCE or Usenet spammers.
Few of these requests give the sysop ANY sharp edges with which to start
investigating the issue. If we, as good Netizens, have free mental cycles
to burn on hunting down these scum, the enforcement action from the
responsive ISP sysop can proceed IMMEDIATELY-- usually, one strongly-worded
e-mail from the ISP sysop restating the ISP's TOS is enough to get most
Type I and Type II spammers to swear off spamming forever (or at least to
stay the hell out of our newsgroup).
Thus, one search scheme would be:
1) Do AltaVista and/or DejaNews search for bogus@name.com to look for times
when the poster included her real name. Especially zoom in on alt.test.*
hierarchy posts, as these may contain at least one instance of posting
"in the clear" as the spammer fine-tuned her newsreader's configuration.
2) Do AltaVista/DejaNews search on any "sharp edge" that sticks out:
Example: This warez d00d (above) used the Organization: lovegodz on all
of his Usenet posts. He forgot to remove same when posting pseudoanon to
a.b.s. We searched for Organization: lovegodz (as well as for posts
containing his sig), found all his posts to alt.baldness, and from thence
found his narcisstic website, which was chock full of juicy
personal information.
Other promising "sharp edges": trailing user name in path
(...!news.foo.com!imamoron), funky newsreaders (ZippityDooDah News Alpha
0.9), unique sig components. Look hard. You are smarter than the
Type II Spammer. The Force has power over weak minds.
3) What if the perp used "X-No-Archive: yes" in her headers and steps 1 and
2 have failed? You may get lucky, and find a follow-up to a previous post
by the bad guy which was not posted without "no-archive". Otherwise, the
old fashioned way might work: go to a relevant Usenet newsgroup, sort the
posters by author name, and look for the dude "by hand". Yes, when this
involves 5000 plus articles in alt.binaries.warez.ibm-pc, the task
can be tedious...which is why Spam-slamming is for the patient hunter.
4) After finding real name, go through steps enumerated above for Type 1
Spammer. If you are unable to find the real name and/or username, then
give the ISP as much information as possible (several relevant posts *with
full headers*)-- their NNTP logs may be able to pinpoint the perp.
Type 3: Professional SpamDude, posting pseudo-anon from possibly rogue ISP
This is where the task can become difficult, and even dangerous.
A number of these professional SpamDudes take retaliatory action against
netizens who attempt to oppose their flagrant net.abuse (e.g., via e-mail
bombing, threatening e-mail [bogus lawsuit threats are de rigueur],
posting user information to sex-related newsgroups for the purpose of
having others do their harassment for them, etc.). Be very sure that you
have taken *strong* precautions to prevent this from harming your
net.life before going up against a Jeff Slaton-type SpamDude.
Here's an example:
----------------------------Begin SpamQuote-------------------------------
Path: netnews.worldnet.att.net!worldnet.att.net!ix.netcom.com!
super.zippo.com!zdc-e!newsfeed.gte.net!igmg.com!
From: IGMG [igmg@hotmaiI.com>
Newsgroups: alt.binaries.slack
Subject: Post your message to EVERY newsgroup for $35.00 74559601490745
Date: Fri, 13 Dec 1996 13:15:24 EST
Organization: Internet Global Marketing Group [igmg@hotmail.com>
Lines: 48
Expires: +3days
Message-ID: [121319961315241490745igmg@hotmaiI.com5960>
NNTP-Posting-Host: npr236127.gte.net
To reply to this message use the email address at the end...
I have developed a Windows 95 and Windows NT Internet Marketing Solution
that will revolutionize the way you conduct direct marketing over the
Internet.
[snip]
If you want more information or want to purchase a copy for yourself
contact IGMG at igmg@hotmail.com
If money is tight now, then it was tight last week too, and it will
continue to be tight until you do something to attract PAYING customers to
your site. It's true, how many people do you think are reading this
same message you are right now? Think about it and contact igmg@hotmail.com
Thanks For Your Time -
IGMG
igmg@hotmail.com
--------------------------------------------------------------------
This message was posted using Internet Global Marketing Software.
Post your business advertisement to over 28,000 newsgroups at once.
Custom software and cdrom's with millions of email address's
For more information contact igmg@hotmail.com
--------------------------------end SpamQuote------------------------
It is obvious that a reverse search for igmg@hotmail.com via IAF will come
up empty, and that fingering same will be fruitless. The Spammer's reply
e-mail address in these cases is almost always a "one-time cipher"-- a
recently-created throw-away account. They *know* they are going to be
inundated with complaints, even e-mail bombs (which S.P.[U.T.U.]M. does
not condone); they are hoping that the benefits (several hundred clueless
Spam-Dude-wannabe positive responses) will outweigh the risks (loss of
their throw-away account).
Thus, in these cases, massive retaliation is usually called for:
1) Before doing *anything*, however, carefully search:
news.admin.announce Announcements for news adminstrators. (Moderated)
news.admin.net-abuse.bulletins Bulletins of action re net abuse.(Moderated)
news.admin.net-abuse.email Discussion of abuse of email systems.
news.admin.net-abuse.policy Discussion of net abuse policy. (Moderated)
news.admin.net-abuse.sightings Sightings of net abuse. (Moderated)
news.admin.net-abuse.usenet Discussion of abuse of the Usenet system.
...for evidence that the Usenet Ghods are aware of the situation and are
taking action to identify and neutralize the Spammer. Oftentimes, these
professional SpamDudes leave a trail of slime across thousands of
newsgroups, generating *tons* of counterproductive back-spamming
complaints. Don't go there. Go underground, dig for data on the Spammer,
and post only the juicy, new tidbits that aren't already yesterday's news.
2) Analyze the path carefully. In this instance, we have a very strange
path that has been tampered with, ending in: newsfeed.gte.net!igmg.com!
--note that the final host in a non-forged path should not end with !
but rather something like "news.foo.net", or "news.foo.net!user", or
"news.foo.net!not-for-mail". Thus, we can assume that IGMG.COM is bogus,
and that a whois on domain IGMG.COM would be a waste of time.
3) Look at the return e-mail address...look *very* carefully, and you will
see that the e-mail address in the "from" section has been forged as well:
igmg@hotmaiI.com (with a capital "I") does not equal igmg@hotmail.com!
Thus, we note some of the trademark concatenated deceptions of the
professional SpamDude. However, we are not deterred.
4) Even the Subject: line has been tampered with: Note unique spam message
ID to attempt to fool the cancelbots (each message would therefore seem
different to a bot which counts instances of a unique header/subject line,
even though the content was the same).
5) The nntp posting host is usually the hardest "sharp edge" to forge.
Remember, however, that the professional SpamDude is likely VICTIMIZING
the posting ISP, especially if it is a major backbone provider
(GTE.NET, UU.NET, etc.). This is sometimes done via open NNTP servers--
Usenet servers which allow anyone in the world to utilize their computers
to post messages. Oftentimes, the ISP has no idea that they have left
this security "backdoor" wide open-- a fact exploited by the alt.religion.
scientology vertical spam flooder, among others.
Our next mission is to:
---determine if hotmail.com is a rogue ISP that was created for the
purpose of spamming, or a victim of this Spammer
AND, if rogue, or if the Spammer name is the same as the administrative
contact name via Internic Whois,
---To determine the upstream ISPs supplying service to the rogue ISP, so
as to cut them off at the knees.
In this instance, we went to hotmail's website
(http://207.82.169.123/about.html) and found lots of contact info on this
apparently non-rogue ISP, enabling us to identify the domains of the
administrators, as well as the upstream ISPs.
BUT, you ask, what if all you have on a Spammer is an IP address, of the
form 123.45.679.910? Then, you must resolve the IP address into a DNS name
via NSLOOKUP or DIG...or, if that fails, attempt to run a traceroute on
the IP address. For a good explanation of how traceroute works, along with
more info on this DNS thang, check this out.
New Addition: What if all you have is a numeric IP address, but it doesn't
resolve via NSLOOKUP into a valid DNS name?
Good question.
Here's an even better answer:
-------------Quoted article from news.admin.net-abuse.usenet:-------------
Date: Sat, 28 Jun 1997 19:35:01 -0500
From: bill@scconsult.com (Bill Stewart-Cole)
Newsgroups: news.admin.net-abuse.usenet,news.admin.net-abuse.email
Subject: Re: How do I trace an IP address spam?
Message-ID:
References: <33B5A02F.37C4@nemo1.ix.netcom.com>
Organization: Despams 'r' us Rogue Midwest Office
In article <33B5A02F.37C4@nemo1.ix.netcom.com>, "William A. Levinson"
wrote:
>A pornographic Web site spammed an all-ages newsgroup to which I
>subscribe, and posted a link to an IP address. I tried NSTRACE at
>http://zeus.lyceum.com which supposedly traces IP addresses, but it came
>back with a "nonexistent address." The link, unfortunately, is quite
>functional though.
>
> A spam that includes a domain name, of course, can be traced with
>InterNIC's WHOIS function.
So can an IP address, but it a bit more complex.
The complexity comes from the way IP addresses are registered with the
InterNIC. They are allocated to providers who assign thems in variously
sized vlocks to cutomers who may or may not have those blocks registered.
Conceivably an address could match a dozen entries, and while the most
direct responsibility is in the owner of the smallest block containing the
address, there are all sorts of evasive games that can be played.
As for how to look up an address, you can start with the complete address
and just work upwards. I'll use a completely bogus address for the
examples. To start just try the complete address:
whois 255.123.34.56
If that gets nothing (likely) try:
whois 255.123.34.0
That should get something for any address above 192.0.0.0. For addresses
below that mark (which is the division between historical Class B and Class
C networks) try
whois 255.123.0.0
Which would work for Class B addresses. Below 128.0.0.0 are Class A nets,
which would be registered as a whole and found with:
whois 255.0.0.0
Note that as you go up from sub-C nets to A nets you are looking at an
increasing likelihood that the registered owner of the address space has in
fact assigned the specific address you want to someone else, and that
they've further reassigned it, with no sub-registrations. PSI is one of the
worst offenders in this area, because they are one of the few major
providers with an A net (38.*) and their incentive to subregister their
space to customers is very low.
--
Bill Stewart-Cole bill@scconsult.com
I'm not spam-blocked because I like playing the hardass net-fascist.
Cruelty to the clueless on Usenet is my way of dealing with stress.
--------------------end quote of Usenet article-----------------------
{S.P.(U.T.U.)M. Control sez: That sig really gets me hot!}
Ahem. Back to our discussion, already in progress...
How do we determine upstream ISPs for rogue services (SpammmDuuude.com,
for example)? Either via traceroute, looking for the last DNS name above
the domain in question; or via Internic search for the DNS host names:
-------------------------------example!-------------------------------
Path: ...!hunter.premier.net!news.cais.net!news.ac.net!imci4!
newsfeed.internetmci.com!in3.uu.net!mae-east.nntp.mfs.net!nntp.ianet.com!
nude.sexplaza.com!usenet
From: melanie@sexplaza.com
Subject: visit our web site!
Newsgroups: alt.binaries.slack,alt.angst,alc.suicide,alt.basement.graveyard
Date: Mon, 29 Jul 1996 10:34:10 EDT
Lines: 5
Message-ID: [431ubb@sexplaza.com>
Reply-To: melanie@sexplaza.com
NNTP-Posting-Host: nf12.ppp.ianet.com
X-Newsreader: Forte Agent .99d/15.123
Xref: alt.binaries.slack:8123 alt.angst:97413 alc.suicide:418
alt.basement.graveyard:4563
Big {sanitized}, big {sanitized}, everything you want!
Visit our radical news web site at http://www.sexplaza.com
and I promise that we'll give you free {sanitized} and all that good stuff.
Love, Melanie
---------------------------
Here we go again with these Canadians...
---------------------------
Sex Plaza (SEXPLAZA-DOM)
6433 Jarry E, suite 200
St-Leonard, Quebec H1P 1W1
Canada
Domain Name: SEXPLAZA.COM
Administrative Contact, Billing Contact:
Doucet, Michel (MD306) michel@CONNECTMMIC.NET
+1 514-332-6642
Technical Contact, Zone Contact:
Salhany, Joseph (JS550) jsalhany@CONNECTMMIC.NET
+1 (514) 332-6642
Record last updated on 10-Jan-96. Record created on 02-Dec-95.
Domain servers in listed order:
CASPER.MMICLINK.NET 204.236.104.4
MMIC.CONNECTMMIC.NET 199.166.219.5
------------------
And now, for the upstream (posting) ISP:
------------------
Ichthus Access Networking, Inc. (IANET2-DOM)
712 Chestnut St.
Kenova, WV 25530-1511
USA
Domain Name: IANET.COM
Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
Adkins, Garry P. (GA86) adkinsg@IANET.NET
(304) 453-5757
Record last updated on 26-Jun-96.
Record created on 15-May-95.
Domain servers in listed order:
PIRANHA.IANET.NET 204.183.217.3
DNS.IANET.NET 204.183.217.2
-------------------------------
Hey, guys, isn't ICHTHUS about, like,
CHRISTIANITY... as in Jesus? Hmm, do you
know what is passing through your servers...
You do now.
-------------------------------
Buh bye.
--
SubGenius Police, Usenet Tactical Unit (Mobile), AKA S.P.(U.T.U.)M.
Berserker Lairds of Overkill Wetware/Mechanoyeti Enforcers
-------------------------end quote--------------------------------------
[Note that we uncovered other leads to Upstream ISPs of sexplaza:
CASPER.MMICLINK.NET 204.236.104.4
MMIC.CONNECTMMIC.NET 199.166.219.5
which were, in fact, useful later {led us to fonorola.net contact info}.
IANET.NET appeared to be an unwitting victim in this case.].
How to respond to the professional SpamDude?
1) Don't bother sending a complaint to a rogue ISP (e.g., SpammmDuuude.com)
...they will either:
a) laugh and ignore you severely or
b) e-mail back a threatening message or
c) e-mail bomb you and/or
d) forge posts under your name that could get you in trouble or, at the
very least, embarrass you.
Go above them to the first upstream ISP that appears legitimate (visit the
upstream ISP's website and look around for terms of service, etc.) and
complain to them.
2) If necessary, post a copy of your upstream ISP info to the appropriate
news.admin.net-abuse.* newsgroup, along with any juicy bits of data on the
SpamDude you uncovered in your research. ONCE AGAIN, make sure you
*take steps* to protect yourself if you go up against the professional
spammers. Verbum sat sapienti est.
3) As far as alerting the authorities goes: UCE falls under the US Federal
law against unsolicited messages transmitted via fax/computer systems
(USC 47, Section 227):
http://www.law.cornell.edu/uscode/47/227.html
Cases involving application of this law to E-Mail SpamDudes/Dudettes are
right now undergoing Federal law enforcement review, and will soon end up
in court. Whether a law will (or should) be written to stop Usenet
spamming (at least the most egregious MMFs and commercial spammers) has yet
to be determined. However, we eternal optimists at S.P.(U.T.U.)M. Central
believe the winds are shifting to favor True Netizens...the courts of the
Con are becoming more CyberAware every day...
Time will tell.
Recommended Online Sources of Further Enlightenment:
Recommended Offline Reading:
-
Cheswick, WR, Bellovin, SM, Firewalls and Internet Security: Repelling
the Wily Hacker, New York: Addison-Wesley Publishing Company 1994 ISBN
0-201-63357-4
-
Gilster, Paul, Finding it on the Internet, New York: John Wiley &
Sons, Inc., 1994 ISBN 0-471-03857-1
-
Wolff , Michael (ed.), Your Personal Netspy: How You Can Access the Facts
and Cover Your Tracks Using the Internet and Online Services, New York:
Wolff New Media LLC, 1996 ISBN 0-679-77029-1
http://www.ypn.com/
-
Knightmare, The, Secrets of a Super Hacker, Port Townsend, WA: Loompanics
Unlimited, 1994 ISBN 1-55950-106-5
-
Zimmerman, Philip R., The Official PGP User's Guide, Cambridge, Mass:
M.I.T. Press, 1996 ISBN 0-262-74017-6
-
Wayner, Peter, Disappearing Cryptography: Being and Nothingness on the
Net, Boston: Academic Press Professional, 1996 ISBN 0-12-738671-8
-
O'Malley, Chris, Snoops: Welcome to a small town called the internet,
where everyone knows your business, Popular Science, Jan 97, p. 56
-
Carl, Leo D., The International Dictionary of Intelligence, McLean,
VA: Maven Books, 1990. ISBN 0-487234-23-4
-
Ostrovsky, Victor and Hoy, Claire, By Way of Deception: The Making and
Unmaking of a Mossad Officer, New York: St. Martin's Press, 1990 ISBN
0-312-05613-3
-
Honeycutt, Jerry, Pike,Mary Ann, et al., Special Edition: Using the Internet, 3rd Edition,
Indianapolis, IN: QueŽ Corporation, 1996. ISBN 0-7897-0846-9
-
Weiss, Aaron, The Complete Idiot's Guide to Protecting Yourself on the Internet, Indianapolis, IN: QueŽ Corporation, 1995. ISBN 1-56761-593-7
-
Griffith, Samuel B.(trans), Sun Tzu: The Art of War, New York:
Oxford University Press, 1963 ISBN 0-19-501476-6
Hope this helped...for more info and lots more links, see our
alt.binaries.slack FAQ
--
S.P.(U.T.U.)M. Control
Atu 0: The Fool
