Feeds

We've found the perfect solution to spam: Mark takes the stand

  • alert
  • submit to reddit

High performance access to file storage

Right of Reply We have found the perfect Solution to Spam

Greetings

'GIEIS' or the Global ISP Email Identity system offers Mr McCarthy the 'Technical Satire of the Year Award'. The entire development team has had such a great laugh at the article posted here by 'The Register'. So, just to even the score a little, in a good nature of course, we offer this quote from his article by Mr McCarthy:

"The annotated diagrams show tremendous labour and each element appears to have been produced on computer, printed out, cut up and pasted on a separate sheet and then scanned in to make a jpeg."

Wait a minute, this doesn't sound right, why go to all that bother when you can use crop and save it as a jpeg. Then just import it into dreamweaver. Enough said, let's get on with it.

ASRG Who?

The Internet Research Task Force's (IRTF) working group known as the Anti-Spam Research Group (Asrg) has a serious problem. As it has been mentioned I accused the chair of having an open conflict of Interest in relation to the issue of spam. He is not the only person with financial interests in the issue to be posting to the group. I am not going to make any accusations against him or anyone else, I just feel that it is inappropriate for them to be essentially guiding the development of anti-spam solutions for the web. In my view, it is not in their interests to resolve the issue, in fact, if anything, they will only gain financially by increasing the problem. I openly ask anyone to examine the posts of the last six months to the group and to decide for themselves if the posts tend to move in circles. In addition, I would ask those with technical knowledge of MTA and MX systems to examine the 'technical solutions' proposed over the same period, they are very weak and easily bypassed. I have noticed since my departure, that the group is on their best behaviour, let's hope it remains that way and we will be monitoring it.

Just to demonstrate how bad the situation is there, one regular poster, who accused me of not knowing anything in regards to email, suggested using a VPN for the email system. This gentleman also is supposed to work with mail servers. Need I say more?

The ASRG Archive may be located here:

In response to the accusation that I was 'over-posting', I have several comments to make. Firstly, the ASRG is an open forum with no rules or limits imposed on the amount of times posts can be made. Secondly, if you examine the posts made to the ASRG, you will notice that I only replied to those who addressed me or 'GIEIS'. Finally, the chair offered to let me return to posting on the condition that he could moderate the 'content' of my posts, not their frequency. I refused. Therefore, the chair's 'excellent excuse', is highly questionable in my view.

I do admit, fully, that I am completely arrogant in the posts I made, however, arrogance is not a crime.

Another point we wish to put across is that the organisations developed to design a coherent framework for the Internet were designed to work in research environments, not a global market place. This has led to all sorts of conflicts of interest and has directly led to situation we are beginning to see on the web of the world wide wait. We are going to attempt to bypass this process completely, thus, avoiding all 'interested' parties. 'GIEIS' will approach ISPs and email suppliers directly and obtain support from other companies. The people who really run the web, rather than quango organisations.

Do I really know anything about IT?

Now Mr McCarthy has accused me of recently learning HTML, email systems and their protocols. Perhaps the confusion has come about due to the fact that I was never contacted in regards to the original story nor given the opportunity of correcting a number of innocent mistakes throughout it. So, 'The Register' has let me respond and I am happy with that.

I myself am an engineer with multiple disciplines. I starting programming at the age of 6 on a ZX spectrum given to me by one of my uncles. By the age of 9 myself and my younger brother were involved in constructing complex electronic devices such as radio transceivers. My mother always enjoys telling people of how when we were children, we had a pressure sensor under a mat to warn us of when our parents were coming upstairs. It was finally discovered by my father and he could do nothing but laugh.

In secondary school (well, college really), I was the nightmare of the IT department. I began my career pirating games and selling them on for £3 per 5 and a quarter inch disk, and yes, it was the BBC Micro. At this time, the first generation of the Acorn Archimedes had just been released and I was hooked and so the nightmare began. I started to reverse engineering the RISC OS and then I had some fun. Machines in the school would boot up and immediately shut down again, some had their FPemulator (Floating Point emulator) unplugged and others played the tune 'Get Ready For This' and had a dancer on screen moving to beat. This was ripped from a virus known as 'Funky Demo'. Numerous virus' appear in machines throughout the school at regular intervals.

Also, at this time I was introduced to the Apple Macintosh classic. These machines were protected by software from a company connected to the Western Education and Library Board known as Computer Development, based in Omagh, Northern Ireland. I took particular exception to this product as it was very good. I traced at board level the route of certain instructions for the password protection that revealed the Mac OS. After a few experiments, and a few lost Macs, I figured out that I could run a patch lead between two points on the board. When the password was entered the patch lead caused an error and the protection OS collapsed revealing the Mac OS. From here we just removed the system folders and the little Macs showed their disapproval with a sad face on boot. Computer development released a number of versions to counter-act my hacking, however, they were never successful.

At 14, we had another bit of fun at the expense of WELB. Myself, and another individual who will only be named as George, performed our first successful social engineering experiment. We managed to convince library employees to provide us with the passwords to access their Apple Macintoshes, with the excuse of not being able to load certain files. We promptly removed all the system folders and left a few gifts, the damage was estimated in the region of £2000. I was reprimanded by my computer teacher for the incident, however, he could see the funny side of it and I was too young for any form of prosecution. I think I spent the majority of my education in the year head's office denying all knowledge of any computer vandalism. I knew they could never prove anything. I am still, to this day, best friends with the son of the computer teacher I tortured.

For my GCSE in computers, I used my knowledge that I had gained in reverse engineering the RISC OS and created a computer assisted learning package for physics on the A5000 which used RISC OS 3. I got slapped a little over structure, however, I still got the one of the highest marks that year. After this, I moved on to do mechanical, electronic and computer engineering. It bored me to tears, they were doing things I had done before I was even 11. So, I applied for a job with MSN technical support and was offered the job in front of 20 other applicants immediately after the interview, I was only 17. Throughout my time with MSN I was taking 3 times the call volume compared with anyone else. Most averaged 600 calls per month, my average was in excess of 1800. I punched quite a number of holes in Microsoft's software, unfortunately, I am bound by a non-disclosure agreement and I cannot discuss them, ever. It was upon leaving MSN that the idea for 'GIEIS' began to develop.

I swiftly got bored of the call-centre and vowed never to use a telephone again. Even conversations with friends were completed in under 3 minutes flat. I became a network engineer supporting networks all across Ireland, from banks to schools. We installed everything from routers to email. I think the only thing I haven't connected to a PC is a kitchen sink, and before you ask, yes, we have tried a toaster. We used the Com port and a few stepping motors to achieve it, however, we soon became annoyed that we had to boot the PC every time we wanted toast. I would advise any reader not to get a group of engineers drunk as the results can be unpredictable.

After this, I went round Europe for a year and returned to do an honours degree in E-business in Europe's foremost technical University, the University of Ulster, Magee. I also had started with Dr John DeSalvo's GPGRA (the expert on the Shroud of Turin) as part of the advisory board and he even wrote some of my references for entry to the University citing both my mathematical and technical ability. At the time I was also the webmaster for the association and won an award for the website design as voted by the general public. The design of the site I am using for 'GIEIS' is just the result of not having the time, nor the interest, to develop. I can program in VB, ASP, PHP and SQL as well.

I was the director of e-business with a failed start-up Internet company, however, I did come in very late on the project and by this stage all I could do was damage limitation for the directors involved. So, I used my talents and examine all current business legislation pertaining to the UK and provided several options. Since, they are not jail, I think I done my job quite well.

I am also trained in advanced mathematics. accountancy, business management, e-business management, software development and marketing.

I plead the Fifth on my Internet activities. Right now, I am on summer vacation and I got bored with designing the wireless WAN topologies for several regions of Ireland. So, I decided to menace big business for a while.

'GIEIS', fact or fiction?

'GIEIS' is fact. The confusion over the system has been due to a number of factors. Firstly, the system is being developed online from 6 years of rough draft notes. The online version number that changes every 24-48 hours as it is reflecting the chronology of those notes. This includes changes and alterations made over that period. The site has been up for less than 2 weeks and has already caused a storm on the Internet. If it was really junk, which there is ample amounts of on the web, why all the fuss?

Secondly, part of the marketing strategy behind 'GIEIS' is to create as much controversy as possible. This only leads to marketing that we could not even hope to purchase. In my work for the GPGRA one thing I was really good at was creating controversy and I have just modified those techniques for 'GIEIS'. It has worked, because here you are reading about it. We knew that by causing a storm in the ASRG that companies such as Verisign, Ciphertrust, Spamwolf, McAfee, etc. would become very worried at the development of 'GIEIS'. 'GIEIS' would either cause the closure or a severe drop in profits for these type of companies. We also suspected that one or more of these type of companies would attempt some form of preemptive strike against the technology. Fortunately, this came in the form of the story published here by 'The Register'. When the story finally broke, we knew we had them all terrified and we now have come out of our corner, in true Irish fashion, fighting.

Thirdly, we deliberately introduced confusion over the systems architecture. This was not to protect any secrets we had, it was just another tactic in the controversial marketing tactic. We are well aware that 'GIEIS' must be a public entity and can never be run by any form of company. Thus, we have no real requirement to hide our work. It generated a large volume of posts on the subject, therefore they were doing all the donkey work of establishing the system as a serious contender.

Finally, we let it 'slip' that we were about to begin an extensive marketing campaign to several individuals on the ASRG mailing list. We made one post to lisnews.com in regards to the inappropriate content filter and how it would be offered to libraries for free, saving them large volumes of money due to the court ruling on the matter. Then suddenly, 'The Register's' story appeared on the subject bearing all the information that had appeared from the ASRG. Very strange. We received a tip-off that certain companies, which shall remain nameless, had people tasked to follow our online marketing campaign and attempt to refer all readers of it to the article if possible. We were impressed to say the least, but we had our doubts, so we monitored google for the lisnews.com link to appear on 'GIEIS'. As soon as it appeared we moved to lisnews.com and monitored the site. Within 30 minutes a comment appeared directing people to the article under the name of 'Anonymous Coward'.

You may view it here:

We were stunned that we caused so much concern. 'GIEIS' was a contender.

Is there a conspiracy against 'GIEIS'?

If there is it is the worst one in the history of mankind. Anyone would think that the story reported here would have killed off 'GIEIS', but in fact, it had the opposite effect. We were flooded with messages of support for every area of system development and just support in general. People really respected that we were attempting one of the biggest ever job creation schemes and also that we were trying to protect their children.

How does it work?

The principle is so simple, you will be surprised at how anyone could get confused. The main confusion with engineers is that they are used to terms such as MTA and MX, etc. 'GIEIS' represents a radical departure from current email provisions and the terms are new. Quite a lot of people understand about 80% of what we are proposing, although they are impatient waiting on extremely low-level technical material. Personally, until they can grasp the system at high level, I would feel that they would be completely lost at low-level.

Our view is very simple, SMTP/NNTP, the current email and news architecture is directly responsible for the spread of spam, virus', trojans, etc. SMTP (and NNTP) was never designed to used in a global marketplace. It is a trust based architecture, in other words, it relies on the goodwill of senders. It was designed at a time when the Internet was extremely small compared to todays standards and before any online ventures had been established (AOL was around). Anyone can setup a server and begin transmitting emails all you require is access to the Internet and a good speed DNS. 'GIEIS' is not trust based.

'GIEIS' would completely remove all current SMTP technology, or make its use redundant on a large scale. I will remove all the terminology and demonstrate it. I will also remove all the encryption and security tests.

No user or company will be able to set up a server for mail. They can of course, setup an SMTP server, however, it will not deliver anything to any network under 'GIEIS' and with the global spread of 'GIEIS' there would be very few people to transmit to.

Instead all emails are routed to a central server at either the business' or individual's ISP. All security options are dictated by this server, not the client. The business or individual after transmission to the special server has no more input in the equation.

Now, the sender's special server does its tests and sends the email to the recipient's special server with a code attached to it. The recipient's special server contacts 'GIEIS' and presents it with a code that was attached at send time by the sender's special server. 'GIEIS' then contacts the sender's special server and confirms if the mail was sent from it or not. If it was sent from there, then 'GIEIS' instructs the recipient's special server to allow the email to pass to the receiver's inbox. If not, 'GIEIS' instructs the recipient's server to destroy the email. Any mail without a code, such as that from SMTP, would be automatically destroyed.

'GIEIS' and the nine step program to a better Internet

To Send 1. Upload message to special server at ISP. 2. Server performs tests and attaches code to those that pass. 3. Server sends mail.

To Receive 4. Receive email. 5. Send code to 'GIEIS'. 6. No code, Destroy email.

At 'GIEIS' 7. 'GIEIS' decodes code and connects to the sending server. 8. 'GIEIS' checks the DB and confirms message was/was not sent. 9. 'GIEIS' contacts receiver and says 'deliver' or 'destroy'.

Simple when you know how. What is so confusing or incoherent about this?

Security

All 'GIEIS' servers will run on a separate transmission protocol (not TCP/IP). They will be connected to the rest of the Internet via a bridge (gateway). Therefore, no mapping or other network information can be obtained using standard TCP/IP tools. Furthermore, 'GIEIS' servers will only respond to encrypted commands. The encryption code will be changed frequently. The servers will not even produce an error response to any failed attempt at communication.

There is an extensive list of measures that are employed including back-tracing, virus scanning (outbound as well as inbound), rate limitations, daily limits, recipient limitations, real-time monitoring, heuristics, encrypted codes, etc.

No one, since 'GIEIS' has been released has been able to demonstrate a method of bypassing the system. 'GIEIS' is not based upon client/server architecture but rather, client/server/server architecture. This additional level, creates a buffer between communication systems and the general public. In effect, an inner communications loop that is isolated. 'GIEIS' will not have one central point to its architecture but around 1100 different centres across the world that can absorb the flow of traffic in times of failure(s). There will be a central controlling centre, however, the rest can operate independently should it fail.

The Infamous Brian Hamilton

Mr Hamilton, not his real name, is another member of the 'GIEIS' development team. Brian is employed by one the UK's major ISPs as is one of their senior network engineers. With almost 20 years of experience there are few that can compare with him in the field. The company that Mr Hamilton works for currently has partnerships with anti-spam solution providers that 'GIEIS' would put out of business upon implementation.

When Mr Hamilton posted to the ASRG he did not attempt to hide where the email had come from. We could have selected a different ISP, disconnected to receive a new IP address, or simply used an anonymous proxy. Brian even set the address up using my own personal ICQ address. Easily traceable. We were simply making the point that no one really knows who or how many are involved in 'GIEIS'. Also, no one knows who these people currently work for or the seniority of their positions. There are numerous benefits operating like this.

Mr Hamilton offered me a piece of advice, "Take it easy on them kid. They are only humans."

Any more surprises we should know of?

Three components that have not been released yet, we will mention here today. The first is an anti-spam system for SMS (and MMS), it is only a matter of time before these services, like email, are free to the public again from the Internet. The second, relates to PC to phone features, these service could be exploited to get round local legal problems of contacting customers, by moving completely out of the jurisdiction and using cheap Internet based calls. The third system and the most important is that 'GIEIS' would have the capability to prevent copyright theft across the Internet, including p2p file sharing systems. Good news for the music and film industries.

Comments to affected Companies

Those companies that can foresee themselves being made redundant by 'GIEIS', should take a pro-active response to the situation. There is no point them burying their heads in the sand, praying that 'GIEIS' will go away. This has only been 2 weeks, imagine what it will be like in 1 year from now? Anyone made redundant by 'GIEIS' will be offered employment with the new public body automatically. 'GIEIS' is all about several main issues; employment, child protection, business protection, and human rights.

Egyptology and the Giza what?

I shouldn't really have to do this, 'GIEIS' should be judged on its own merits not on my interests, however, since the subject was brought up I feel I have to respond. Early in 2000, I was reading a book by Graham Hancock entitled 'FingerPrints of the Gods'. The book detailed a fascinating correlation between ancient societies and presented evidence of their incredible knowledge in numerous fields. Generally, history presents us with a picture of development of society from primitive and follows a linear pattern until we arrive at modern man. This would stand to reason, however, the scientific evidence completely refutes it. These anomalies are often completely ignored, or the most bizarre explanations appear to account for them.

There was a portion in the book that described how the Great Pyramid can be shown to be a scale version of one hemisphere of the Earth on a scale of approx. 1:43,000. Now as a mathematician, I knew that this could be said of any structure based on pi, including a tennis ball, however, I thought, if the other two pyramids beside the Great Pyramid can be shown to be scale representations of two other planets and the scale factors are the same, then we really have something. As both the other pyramids are smaller than the Great Pyramid then I knew I had only Mercury and Venus to choose from. So, I sat down with my trusty calculator and done a few calculations, then the unbelievable happened, the same scale factor appeared accurate to with +/- 4%. I had done it, I was the first in the world to prove, beyond any doubt, that the pyramids of the Giza Necropolis were, in fact, a scale representation of the three inner planets. Furthermore, I proved that the building themselves were mathematically encoded with various pieces of information.

The next stage after this was to determine if there was a logical pattern that progressed to reveal additional information. Thus, began 'The Case for the Giza Necropolis Primer'. There were only two sources of accurate information on my research, one was at my site and the other was at the world's largest research association dedicated to the Giza Necropolis, The Great Pyramid of Giza Research Association (GPGRA, www.gizapyramid.com). Any other material that appears on the web was not authorised by myself, as you will see from my site below, there is no mention of any asteroid or anything of that nature. I was an advisory board member along side people such as Dr Volodymyr Krasnoholovets senior physics director of the Ukrainian National Academy of Sciences. Dr Volodymyr Krasnoholovets worked on both the Mir space station and the Russian Nuclear program, my homepage was referenced from his personal site in relation to discussions the nature of reality, we also had extended private conversations in regards to the abstract nature of zero (sounds really interesting doesn't it). Here is a copy of my proper website:

There are numerous facts I can cite to support myself. The first is that out of 80 or so pyramids found in Egypt, not a single body has been found in any, thus completely refuting the 'tomb only' theory. The Great Pyramid is accurately aligned to the cardinal points of the compass to within 3 seconds of a degree (1 second being 1/60 of 1 degree) along sides that are the length of the Empire states building. Egyptologist's claim that this was done using visual observation of a star. I could just picture some Egyptian shouting the length of the Empire States building, 'To the left a bit Jim!'. You have my permission to pause until you stop laughing. If you want something that will really blow you away, follow this link and read the section entitled 'Unusual effects induced by the Pyramid'.

Conclusion

I am right, everyone else is wrong. Told you I was arrogant.

Mark McCarron




Related Stories

Dutch mass spammer loses grip
US anti-spam laws 'will legalise spam'
Earthlink brings down the Buffalo Spammer
AOL wins $7m in spam case
Evil spammers jailed for two years
AOL spammer pleads guilty to forgery
Rise of the Spam Zombies
On Spam cures that are worse than the disease
Anti-spam packages 'too unreliable' to certify

Fab O'Really T'shirt at Cash and Carrion
How to deal with Spammers - permanently

High performance access to file storage

More from The Register

next story
Forget the beach 'n' boardwalk, check out the Santa Cruz STEVE JOBS FOUNTAIN
Reg reader snaps shot of touching tribute to Apple icon
Happy 40th Playmobil: Reg looks back at small, rude world of our favourite tiny toys
Little men straddle LOHAN, attend tiny G20 Summit... ah, sweet memories...
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
Lego is the TOOL OF SATAN, thunders Polish priest
New minifigs like Monster Fighters are turning kids to the dark side
Dark SITH LORD 'Darth Vader' joins battle to rule, er, Ukraine
Only I can 'make an empire out of a republic' intones presidential candidate
Chinese company counters pollution by importing fresh air
Citizens line up for bags of that sweet, sweet mountain air
Google asks April Fools: Want a job? Be our 'Pokemon Master'
Mountain View is prankin' like it's 1999...
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.