On Fri, Sep 6, 2024 at 12:04 AM Tim via users <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
On Thu, 2024-09-05 at 13:11 -0400, Jeffrey Walton wrote:
> This made my radar today:
> <https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/>.
> It's like Peter Gutmann said: "A great many of today’s security
> technologies are “secure” only because no-one has ever bothered
> attacking them."
Security failures like this exist in many other things: You give up a
telephone service, someone acquires your old number, people use your
old phone number to exploit you. Likewise with email addresses. I've
kept old email addresses just to stop someone else misusing them.
I have an account on a community network that was the first public
access to internet where I live. My extended family includes kids, and
I have noticed increases in smap messages (currently running around 100
per day) when kids get internet access and also times when corresponding
with friends and relatives after someone dies.
I gave up on an old website, kept the domain name for a while, left the
site showing a site closed down notice, with a redirection to the new
one.
Over the years I have purchased gear from businesses that have since
failed. In many case their domains have been taken over by click-bait
sites. There was also an incident where a small scientific NGO had
some clone the site with the name changed by swapping underscore and
dash. The new name came first in web searches.
I eventually decided it was a waste of my money. The moment the
domain expired, someone grabbed it, and filled it with junk that
scrapes content from elsewhere hoping to get people reading it, hoping
that it'll get former traffic to my site. Years later, it's still like
that. I have a look from time to time. It contains nonsense, it's not
any kind of service, it's just a domain squatting parasite.
They must have a way to monetize clicks that makes it worth maintaining
the name.
It's a shame that domain names became so expensive, it may have been worth a
few dollars just to maintain ownership of the domain name, but there's
a threshold to how much money you're prepared to waste. And you can
also run afoul of rules about not hoarding domain names.
AI seems to have been a big boost to clickbait sites. They can take the top
100 Windows questions and use AI to generate pages that claim to have
the best answers.
--
George N. White III
-- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
