[bct] Re: Stop Stop Stop

  • From: "Larry Skutchan" <blindcooltech@xxxxxxxxx>
  • To: <blindcooltech@xxxxxxxxxxxxx>
  • Date: Sun, 19 Mar 2006 04:44:34 -0500

Hi Tim.

Thanks for the excellent explanations. I do have a question or two though. How does the digital signatures feature in Outlook Express fit into all this?

I've seen these mail spoofers before, but never one that was so directly targeted. It really brings home the point about how unsecure email is and how much of a misperception there is about how volnarable it really is. I mean, even if you digitally sign your messages, that's really only doing any good for the people who know that you normally send signed messages. Most people, upon receiving an unsigned message, just open it assuming it is from who it says.

----- Original Message ----- From: "Tim Cross" <tcross@xxxxxxxxxxxxxxx>
To: <blindcooltech@xxxxxxxxxxxxx>
Sent: Saturday, March 18, 2006 11:40 PM
Subject: [bct] Re: Stop Stop Stop



Hi Ray,

I'm afraid its not quite that simple. The problem is that you can
easily forge mail headers. The way SMTP works means you have no
control over what mail servers an e-mail message is relayed through.
Each server it gets relayed through adds a Received header. I can
easily make an e-mail appear to have originated from a random IP
address by finding an open relay mail server and passing it a message
with some already contrived fake Received headers.

Really, the only way to know for certain a mail is from someone is if
they use something like PGP (Pretty Good Privacy). However, there are
some problems with athat as well, mainly due to patents and export
restrictions within the US relating to the export of cryptographic
software. The most widely used package is openPGP. There is also
gnupg, but it doesn't support all the encryption types that openPGP
supports and vice versa, so you can get some compatibility problems.

The bottom line is you have to be fairly suspicious regarding e-mail
and the Internet generally.

The recent proglems on this list are just the result of some poor
loser who is probably fairly socially inept with few friends and not a
lot of intelligence. There are small groups of users in this catagory
who think its clever to do this sort of thing. They are like virus
creators, they think its clever. The irony is that writing a virus and
forging idetities on the internet is pretty much within the ability of
most 12 year olds - its not hard and its not particularly clever. To
some extent, its the electronic equivalent of vandhalism and just like
in most other aspects of life, its always easier to destroy than
create. If the person who did this really was clever and talented,
then they could do something worthwhile.

tim

Ray Foret Jr. writes:
> Indeed, and, I have a small request. If ANY OF YOU WHOM SO EVER, > receive a message from me the authenticity of which you are > uncertain,please phone me and ask me about it. I'll keep an archive of > all sent messages so I can go back and check if ever you do.
>
> If I am correct, it is possible to tell who actually sent a message by > opening the property sheet of the suspect message and looking at the > extensive header information which contains the IP. addresses of all the > servers through which the message passed on it's way to every recipient. > Am I missing anything important?
>
> Sincerely yours,
> The Constantly Barefoot,
> Ray
> Home phone and fax:
> (985)853-0139
> E-mail:
> rforetjr@xxxxxxxxxxxxx
> Skype Name:
> barefootedray
> Blog:
> www.raysworld.blogs.com
> Podcast xml feed:
> http://raysworld.blogs.com/rw/rss.xml
> God bless President George W. Bush!
> God bless our troops!
> and God bless America
> ----- Original Message ----- > From: Mary Emerson
> To: blindcooltech@xxxxxxxxxxxxx
> Sent: Saturday, March 18, 2006 11:52 AM
> Subject: [bct] Re: Stop Stop Stop
>
>
> Larry,
>
> Those impersonation messages were spooky. One tip-off is that he called > you Larry, and then at the very end, he mentioned Daniel. Daniel? I > don't think we call the Scarlet Wombat "Daniel" and I don't recall > another Daniel on the list, but of course I could be mistaken.
>
> This is really spooky stuff. As Larry said, this same weird message > supposedly came from others on the list, but the real people never sent > these bogus messages; mis-spellings, improper grammar, message contents > and the writing styles were not the same as the real people who post > their messages.
>
> Glad this character has been removed from the list, and let's hope we > never hear from the person again.
>
>
> Mary Emerson
> E-mail: maryemerson@xxxxxxxxxxxxx
> Skype name: mkemerson
> Podcast web site: http://www.emerson.libsyn.com
> Podcast feed: emerson.libsyn.com/rss<!DOCTYPE HTML PUBLIC "-//W3C//DTD > HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
> <META content="MSHTML 6.00.2900.2802" name=GENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=#ffffff>
> <DIV><FONT face=Arial size=2>Indeed, and, I have a small request.&nbsp; > If ANY
> OF YOU WHOM SO EVER, receive a message from me the authenticity of which > you are
> uncertain,please phone me and ask me about it.&nbsp; I'll keep an > archive of all
> sent messages so I can go back and check if ever you do.&nbsp; > </FONT></DIV>
> <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
> <DIV><FONT face=Arial size=2>If I am correct, it is possible to tell who
> actually sent a message by opening the property sheet of the suspect > message and
> looking at the extensive header information which contains the IP. > addresses of
> all the servers through which the message passed on it's way to every > recipient.
> &nbsp;Am I missing anything important?&nbsp; </FONT></DIV>
> <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
> <DIV><FONT face=Arial size=2>Sincerely yours,<BR>The Constantly
> Barefoot,<BR>Ray<BR>Home phone and > fax:<BR>(985)853-0139<BR>E-mail:<BR><A
> href="mailto:rforetjr@xxxxxxxxxxxxx";>rforetjr@xxxxxxxxxxxxx</A><BR>Skype
> Name:<BR>barefootedray<BR>Blog:<BR><A
> href="http://www.raysworld.blogs.com";>www.raysworld.blogs.com</A><BR>Podcast > xml
> feed:<BR><A
> href="http://raysworld.blogs.com/rw/rss.xml";>http://raysworld.blogs.com/rw/rss.xml</A><BR>God
> bless President George W. Bush!<BR>God bless our troops!<BR>and God > bless
> America</FONT></DIV>
> <DIV style="FONT: 10pt arial">----- Original Message ----- > <DIV style="BACKGROUND: #e4e4e4; font-color: black"><B>From:</B> <A
> title=maryemerson@xxxxxxxxxxxxx > href="mailto:maryemerson@xxxxxxxxxxxxx";>Mary
> Emerson</A> </DIV>
> <DIV><B>To:</B> <A title=blindcooltech@xxxxxxxxxxxxx
> href="mailto:blindcooltech@xxxxxxxxxxxxx";>blindcooltech@xxxxxxxxxxxxx</A> > </DIV>
> <DIV><B>Sent:</B> Saturday, March 18, 2006 11:52 AM</DIV>
> <DIV><B>Subject:</B> [bct] Re: Stop Stop Stop</DIV></DIV>
> <DIV><BR></DIV>
> <DIV><FONT face=Courier size=2>Larry,</FONT></DIV>
> <DIV><FONT face=Courier size=2></FONT>&nbsp;</DIV>
> <DIV><FONT face=Courier size=2>Those impersonation messages were spooky. > One
> tip-off is that he called you Larry, and then at the very end, he > mentioned
> Daniel. Daniel? I don't think we call the Scarlet Wombat "Daniel" and I > don't
> recall another Daniel on the list, but of course I could be
> mistaken.</FONT></DIV>
> <DIV><FONT face=Courier size=2></FONT>&nbsp;</DIV>
> <DIV><FONT face=Courier size=2>This is really spooky stuff. As Larry > said, this
> same weird message supposedly came from others on the list, but the real > people
> never sent these bogus messages; mis-spellings,&nbsp;improper
> grammar,&nbsp;message contents and the writing styles were not the same > as the
> real people who post their messages.&nbsp;&nbsp;</FONT></DIV>
> <DIV><FONT face=Courier size=2></FONT>&nbsp;</DIV>
> <DIV>Glad this character has been removed from the list, and let's hope > we never
> hear from the person again.</DIV>
> <DIV>&nbsp;</DIV>
> <DIV><FONT face=Courier size=2></FONT>&nbsp;</DIV>
> <DIV><FONT face=Courier size=2>Mary Emerson<BR>E-mail: <A
> href="mailto:maryemerson@xxxxxxxxxxxxx";>maryemerson@xxxxxxxxxxxxx</A><BR>Skype
> name: mkemerson<BR>Podcast web site: <A
> href="http://www.emerson.libsyn.com";>http://www.emerson.libsyn.com</A><BR>Podcast
> feed: emerson.libsyn.com/rss</FONT></DIV></BODY></HTML>




Other related posts: