Administrator
|
An HTML attachment was scrubbed...
URL: /pipermail/friam_redfish.com/attachments/20050104/19da55a6/attachment.htm -------------- next part -------------- This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "Dog.com" was believed to be infected by a virus and has been replaced by this warning message. If you wish to receive a copy of the *infected* attachment, please forward this email to the support department requesting a copy of the attachment. At Wed Jan 5 00:11:36 2005 the virus scanner said: Dog.com Infection: W32/Bagle.AG@mm Executable DOS/Windows programs are dangerous in email (Dog.com) Note to Help Desk: Look on Virus MailScanner in /var/spool/MailScanner/quarantine/20050105 (message 1Cm2WC-0001Lm-QP). -- Postmaster |
While this wave of spam messages sent from Owen's spoofed address continue,
I switched his account to "moderated". Hopefully that will be a temporary fix until SPF is installed. In no way should this move reflect poorly on Owen - In fact, after a long series of secret backroom delibirations, we are happy to announce that Owen Densmore has won FRIAMGroup's "Most Valuable Poster" award for 2004. If you see Owen around, please congratulate him. ;-) -Steve FRIAMGroup list admin P.S. Bruce's "All my .exes live in Texas" won the list's coveted "Most Original Wordplay" for 2004. :-) http://www.countrygoldusa.com/all_my_exes.asp |
Steve, would you mind forwarding me a copy of one or two of these
messages, including the headers? What is easily visible in matters like these is almost always spoofed, and the headers themselves will contain the real info. You are probably looking at junk that is being spewed from an infected host with no intelligence behind it other than it is spoofing messages using people in the infected person's address book. On Jan 4, 2005, at 9:37 PM, Stephen Guerin wrote: > While this wave of spam messages sent from Owen's spoofed address > continue, > I switched his account to "moderated". Hopefully that will be a > temporary > fix until SPF is installed. Thank you, Tim Densmore ------------------------------- "There's an awful lot of people in the world that sneer at Segways because other people are having fun. There must be something bad about it. But I always tell people, that hey, these Segways are so environmentally conscious. I carry four of them in the trunk of my Hummer." -The Woz |
Tim Densmore wrote:
> Steve, would you mind forwarding me a copy of one or two of these > messages, including the headers? What is easily visible in matters like > these is almost always spoofed, and the headers themselves will contain > the real info. You are probably looking at junk that is being spewed > from an infected host with no intelligence behind it other than it is > spoofing messages using people in the infected person's address book. It's actually a bagel/beagle virus message and not even the latest at that. If I recall correctly, once that virus infects a host, it uses email addresses harvested from a variety of files on the host and proceeds to send itself to those email addresses using one of them as the from. This means that the infected host has both the Friam mailing list and Owen's address somewhere in a file, usually an Outlook address book. There is a high probability, therefore, that the infected host belongs to someone on the FRIAM list. I took a quick look at the headers as I received them and it's unclear whether any are original or all of them have been modified by whichever virus scanner looked at my copy (it could have been Sandia's, redfish's hosting company, backspaces, or ?). The Received: header list is short, and appears to originate with athens.hostgo.com receiving the email from doug.org. -- Ray Parks [hidden email] IDART Project Lead Voice:505-844-4024 IORTA Department Fax:505-844-9641 http://www.sandia.gov/idart Pager:800-690-5288 |
I doubt it passed through backspaces' servers outbound since hostgo
requires either authentication or pop-before-smtp. Mail is an interesting problem with (IMO) no clear solution. Yes, on the one hand, several of the protocols mentioned may help stop the spread of spam/viruses, but on the other hand would likely bankrupt many ISPs who already take hundreds of calls a day for simple POP setup problems (and I get *very* nervous when I hear that Microsoft pushing a standards proposal). Any time a user has to enter a password more than once, it seems that rather than doubling the problems they experience with miskeying or forgetting, it actually increases them exponentially. Even the common format of "password once, verify once" is often a major stumbling block IME. Public/private key combos might be a solution, but I shudder to think what it would be like to lead Joe Averageuser (or Jane Luddite) through key management. In any event, what is very clear at this point is that port blocking and refusal of same-network relaying doesn't do anything to stop the spread of infection, but does inconvenience users greatly. Digitally signing messages seems to be an obvious way to keep issues like spoofing/phishing to a minimum, but I have yet to see a good checksum method for the average user. Like I said, an interesting problem. On Jan 5, 2005, at 10:33 AM, Raymond C. Parks wrote: > Tim Densmore wrote: > >> Steve, would you mind forwarding me a copy of one or two of these >> messages, including the headers? What is easily visible in matters >> like these is almost always spoofed, and the headers themselves will >> contain the real info. You are probably looking at junk that is >> being spewed from an infected host with no intelligence behind it >> other than it is spoofing messages using people in the infected >> person's address book. > > It's actually a bagel/beagle virus message and not even the latest > at that. If I recall correctly, once that virus infects a host, it > uses email addresses harvested from a variety of files on the host and > proceeds to send itself to those email addresses using one of them as > the from. This means that the infected host has both the Friam > mailing list and Owen's address somewhere in a file, usually an > Outlook address book. There is a high probability, therefore, that > the infected host belongs to someone on the FRIAM list. > > I took a quick look at the headers as I received them and it's > unclear whether any are original or all of them have been modified by > whichever virus scanner looked at my copy (it could have been > Sandia's, redfish's hosting company, backspaces, or ?). The Received: > header list is short, and appears to originate with athens.hostgo.com > receiving the email from doug.org. > > -- > Ray Parks [hidden email] > IDART Project Lead Voice:505-844-4024 > IORTA Department Fax:505-844-9641 > http://www.sandia.gov/idart Pager:800-690-5288 > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9AM @ Jane's Cafe > Lecture schedule, archives, unsubscribe, etc.: > http://www.friam.org > Tim Densmore ------------------------------- "There's an awful lot of people in the world that sneer at Segways because other people are having fun. There must be something bad about it. But I always tell people, that hey, these Segways are so environmentally conscious. I carry four of them in the trunk of my Hummer." -The Woz |
Tim, I'd like to add to your excellent points. I'm very nervous about
people trying to "solve" the spam problem, because I believe those solutions will be the beginning of censorship on the Internet. For an interesting discussion of related issues, see: http://www.fourmilab.ch/documents/digital-imprimatur/ I shudder at the attempts Microsoft has made to make email as complicated as the rest of their software. They must see this as an opportunity to "own" email. Having worked with those people, I'm sure of it. Personally, I view spam from a somewhat Taoist perspective, and believe that spam is the price we pay for freedom of speech. And in that light, it is a very small price. On Jan 5, 2005, at 11:01 AM, Tim Densmore wrote: > I doubt it passed through backspaces' servers outbound since hostgo > requires either authentication or pop-before-smtp. Mail is an > interesting problem with (IMO) no clear solution. Yes, on the one > hand, several of the protocols mentioned may help stop the spread of > spam/viruses, but on the other hand would likely bankrupt many ISPs > who already take hundreds of calls a day for simple POP setup problems > (and I get *very* nervous when I hear that Microsoft pushing a > standards proposal). Any time a user has to enter a password more > than once, it seems that rather than doubling the problems they > experience with miskeying or forgetting, it actually increases them > exponentially. Even the common format of "password once, verify once" > is often a major stumbling block IME. Public/private key combos might > be a solution, but I shudder to think what it would be like to lead > Joe Averageuser (or Jane Luddite) through key management. In any > event, what is very clear at this point is that port blocking and > refusal of same-network relaying doesn't do anything to stop the > spread of infection, but does inconvenience users greatly. Digitally > signing messages seems to be an obvious way to keep issues like > spoofing/phishing to a minimum, but I have yet to see a good checksum > method for the average user. Like I said, an interesting problem. > > > On Jan 5, 2005, at 10:33 AM, Raymond C. Parks wrote: > >> Tim Densmore wrote: >> >>> Steve, would you mind forwarding me a copy of one or two of these >>> messages, including the headers? What is easily visible in matters >>> like these is almost always spoofed, and the headers themselves will >>> contain the real info. You are probably looking at junk that is >>> being spewed from an infected host with no intelligence behind it >>> other than it is spoofing messages using people in the infected >>> person's address book. >> >> It's actually a bagel/beagle virus message and not even the latest >> at that. If I recall correctly, once that virus infects a host, it >> uses email addresses harvested from a variety of files on the host >> and proceeds to send itself to those email addresses using one of >> them as the from. This means that the infected host has both the >> Friam mailing list and Owen's address somewhere in a file, usually an >> Outlook address book. There is a high probability, therefore, that >> the infected host belongs to someone on the FRIAM list. >> >> I took a quick look at the headers as I received them and it's >> unclear whether any are original or all of them have been modified by >> whichever virus scanner looked at my copy (it could have been >> Sandia's, redfish's hosting company, backspaces, or ?). The >> Received: header list is short, and appears to originate with >> athens.hostgo.com receiving the email from doug.org. >> >> -- >> Ray Parks [hidden email] >> IDART Project Lead Voice:505-844-4024 >> IORTA Department Fax:505-844-9641 >> http://www.sandia.gov/idart Pager:800-690-5288 >> >> >> ============================================================ >> FRIAM Applied Complexity Group listserv >> Meets Fridays 9AM @ Jane's Cafe >> Lecture schedule, archives, unsubscribe, etc.: >> http://www.friam.org >> > Thank you, > Tim Densmore > > ------------------------------- > > "There's an awful lot of people in the world that sneer at Segways > because other people are having fun. There must be something bad about > it. But I always tell people, that hey, these Segways are so > environmentally conscious. I carry four of them in the trunk of my > Hummer." > > -The Woz > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9AM @ Jane's Cafe > Lecture schedule, archives, unsubscribe, etc.: > http://www.friam.org |
Edward, hi,
(Eric Smith: I think I have not met you before in person.) Spam as the price for freedom of speech. I agree with the sentiments you expressed as a zeroth-order take; I immediately am brought to ask "how does it scale", given that time and attention are a very finite bound? It seems that in human society we have encountered similar problems on different hardware, and many of the ineffables that we recognize as important, often rebel against, and have in all societies, are the evolved answer: gossip, referral, reputation, parochialism, etc. I wonder whether the problem of internet communication will at some point adopt nontrivial "social" technologies, which are not necessarily directly implemented as packet-transfer protocol technologies etc. In discussions with Mark Miller a few years ago, I learned that this was the sort of application he had in mind for his "Pet Name Markup Language" and related projects. I don't have good references, but have this somewhat related thread: http://www.eros-os.org/~majordomo/e-lang/1401.html Probably many of you know a lot about this system in detail, which I don't. I can see that spam filters are trying to implement pattern-recognition methods we would normally associated with individual-level cognition, probably partly for ease of implementation but also partly to avoid centralized control. It would be interesting to me if we could understand enough about constructive social dynamics to independently "evolve" similar systems in the somewhat lower-dimensional problem space of reliable and reasonably safe content exchange via email. My guess is that we would have conflicted attitudes toward even the best of them, as we do toward their social counterparts, because while they avoid the worst evils of autocratic control, they do lead to some losses of autonomy, create confusions, and make other concessions. This, in addition to your other very good point, that complexity in itself is an almost default source of troubles. Eric |
According to the WP article whose link is below, 2004 spam approached 80% of
all email. http://www.washingtonpost.com/wp-dyn/articles/A46037-2005Jan3.html Frank --- Frank C. Wimberly 140 Calle Ojo Feliz Santa Fe, NM 87505 Phone: 505 995-8715 or 505 670-9918 (cell) |
Free forum by Nabble | Edit this page |