nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: amazonaws.com?

From: Joel Jaeggli <joelja () bogus com>
Date: Thu, 29 May 2008 06:46:48 -0700
Dorn Hetzel wrote:
Yeah, there was a day when anyone could buy a pickup truck full of ammonium nitrate fertilizer from a random feed store and not attract any attention at all, now, maybe not. Just like port 25, it has plenty of legitimate uses, and some more problematic ones. 

Equating port 25 use with domestic terrorism is specious.
Ammonium nitrate requires requires some care in handling regardless of your intentions,see for exmple the oppau or texas city disasters.
On Thu, May 29, 2008 at 9:14 AM, Matthew Huff <mhuff () ox com <mailto:mhuff () ox com>> wrote: 

    The financial services world felt the same pre-9/11. Since then
    FINRA and SEC regulations enforce "Know Your Customer" rules that
    require extensive record keeping. The regulations now are quite
    burdensome. Given that usage of "cloud" resources could be used for
    DDOS and other illegal activities, I wonder how long it will take
    companies to realize that if they don't do a good job of self
    policing, the result will be something they would prefer not to have
    happen.

    ----
    Matthew Huff       | One Manhattanville Rd
    OTA Management LLC | Purchase, NY 10577
    www.otaotr.com <http://www.otaotr.com>     | Phone: 914-460-4039
    aim: matthewbhuff  | Fax:   914-460-4139

    -----Original Message-----
    From: Joel Jaeggli [mailto:joelja () bogus com <mailto:joelja () bogus com>]
    Sent: Thursday, May 29, 2008 9:09 AM
    To: Dorn Hetzel
    Cc: nanog () nanog org <mailto:nanog () nanog org>
    Subject: Re: amazonaws.com <http://amazonaws.com>?

    Dorn Hetzel wrote:
     > There is a really huge difference in the ease with which payment
    from a
     > credit card can be reversed if fraudulent, and the amount of effort
     > necessary to reverse a wire transfer. I won't go so far as to say
    that
     > reversing a wire transfer is impossible, but I would claim it's
    many orders
     > of magnitude harder than the credit card reversal.

    To paraphrase one of my colleagues from the user interaction world:

           "The key to offering a compelling service is minimising
           transaction hassles."

    I encourage all my competitors to implement inconvenient hard to use
    payment methods....

     > A mere "court subpoena" wouldn't even be remotely sufficient.
     The person
     > wanting their money back would pretty much have to sue for it and
    win.
     > Heck, people that get scammed and send their money via western
    union can't
     > even get their money back...  People who sell physical goods that get
     > shipped internationally to places where they can't get them back
    from have
     > been dealing with irrevocable payment forms for a long, long
    time, and those
     > are generally wire transfers.
     >
     > Once that guy in Frackustan has my widgets, I need to make darn
    sure he
     > can't take his money back :)
     >
     > So, yeah, there would be some customers for whom the couple of
    business
     > hours it take their wire to go through (that's a pretty typical
    time from my
     > actual experience) would be longer than they would want to wait
    for their
     > port 25 or other "risky" service to be enabled, but really, how
    many is that
     > going to be.  We're not talking about the wait for ordinary
    customers who
     > don't need those particular services that tend to be problem
    children, and
     > we're not talking about existing accounts of long standing, just
    about a
     > barrier for the drive-by customer who wants to use services and
    then not pay
     > the cost when they violate the AUP...
     >
     > On Wed, May 28, 2008 at 11:53 PM, Peter Beckman
    <beckman () angryox com <mailto:beckman () angryox com>> wrote:
     >
     >> On Wed, 28 May 2008, Barry Shein wrote:
     >>
     >>  On May 28, 2008 at 21:43 beckman () angryox com
    <mailto:beckman () angryox com> (Peter Beckman) wrote:
     >>>> On Wed, 28 May 2008, Dorn Hetzel wrote:
     >>>>
     >>>>> I would think that simply requiring some appropriate amount of
     >>> irrevocable
     >>>>> funds (wire transfer, etc) for a deposit that will be
    forfeited in the
     >>> case
     >>>>> of usage in violation of AUP/contract/etc would be both
    sufficient and
     >>> not
     >>>>> excessive for allowing port 25 access, etc.
     >>>>   Until you find out that the source of those supposedly
    irrevocable
     >>> funds
     >>>>   was stolen or fraudulent, and you have some sort of court
    subpoena to
     >>> give
     >>>>   it back.
     >>>>
     >>>>   I don't believe there is a way for you to outwit the
    scammer/spammer
     >>> by
     >>>>   making them pay more of their or someone elses money.  If
    you have
     >>> what
     >>>>   they need, they'll find a way to trick you into giving it to
    them.
     >>> Are you still trying to prove that Amazon, Dell, The World, etc
    can't
     >>> possibly work?
     >>>
     >>  Amazon and Dell ship physical goods.  Amazon Web Services sells
    services,
     >>  as do I.  Services are commonly enabled and activated
    immediately after
     >>  payment or verification of a valid credit card, as is often
    expected by
     >>  the customer immediately after payment.  Shipment of physical
    goods will
     >>  almost always take at least 24 hours, often longer, enabling
    more thorough
     >>  checks of credit, however they might do it.
     >>
     >>  And even with the extra time to review the transaction and
    attempt to
     >>  detect fraud, I'm confident Amazon and Dell lose millions per
    year due to
     >>  fraud.  The reality is that the millions they lose to fraud
    doesn't affect
     >>  us because a Blu-Ray player purchased with a stolen credit card
    doesn't
     >>  send spam or initiate DOS attacks.
     >>
     >>  At least not yet; those Blu-Ray players do have an ethernet port.
     >>
     >>  By your reasoning why don't the spammers just empty out
    Amazon's (et
     >>> al) warehouses and retire! Oh right, they'd have to sell it all
    over
     >>> the internet which'd mean taking credit cards...
     >>>
     >>  Now you're just being rediculous.  Or sarcastic.  :-)
     >>
     >>  I am a big, big fan of assessing charges for AUP abuse and
    making some
     >>> realistic attempt to try to make sure it's collectible, and
    otherwise
     >>> make some attempt to know who you're doing business with.
     >>>
     >>  Charging whom?  The spammer who pays your extra AUP abuse
    charges with
     >>  stolen paypal accounts, credit cards, and legit bank accounts
    funded by
     >>  money stolen from paypal accounts and transferred from stolen
    credit
     >>  cards?
     >>
     >>  If you are taking card-not-present credit card transactions
    over the
     >>  Internet or phone, and not shipping physical goods but
    providing services,
     >>  in my experience the merchant gets screwed, no matter how much
    money you
     >>  might have charged for the privilege of using port 25 or
    violating AUPs.
     >>  That money you collected and believed was yours and was in your
    bank
     >>  account can be taken out just as easily 6 months later, after
    the lazy
     >>  card holder finally reviews his credit card bill, sees unrecognized
     >>  charges and says "This is fraudulent!"  And there you are,
    without your
     >>  money.
     >>
     >>  Getting someone to fax their ID in takes extra time and
    resources, and
     >>  means it might be hours before you get your account "approved,"
    and for
     >>  some service providers, part of the value of the service is the
    immediacy
     >>  in which a customer can gain new service.
     >>
     >>
     >> Beckman
     >>
    ---------------------------------------------------------------------------
>> Peter Beckman Internet Guy 
     >> beckman () angryox com <mailto:beckman () angryox com>
     >> http://www.angryox.com/
     >>
    ---------------------------------------------------------------------------
     >>
     >>
     >
Previous By Date Next
Previous By Thread Next

Current thread: