![](/i/fill.gif) |
![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
On 4/7/2012 20:29, Patrick Elliott wrote:
> but what would you rather get, 500 different
> emails from 10.254.23.1, each one with a different domain name,
You mean, like, google app hosting?
> or the
> ability to mask out ones that go through 2 other "external" IPs, which you
> can surmise makes it a probable fraud, and only have to look at 1-2 emails
> that come from similar locations.
How do you tell there are 500 different emails each with a different domain
name without looking at them?
> For the most part, unless something goes **very** wrong in a network, or a
> major change happens to its morphology, its not just the endpoint that can
> be used to figure where it came from.
And it isn't. The ISPs do it too. It's just a lot of overhead for small ISPs.
> Instead of even an attempt at a smart solution, what we get is clients that
> hide the routing information, and let the scammers add
> "http://www.wellsfargo.com/accounts" to the "mouse over" for all the damn
> links, so that you either a) copy and paste that (it doesn't copy the real
> address under it), and end up at the legit point, of you click the link, and
> end up at "wells.fargo.scam.robyoublind.ru". In other words, the ***EXACT
> OPPOSITE*** of better security, and threat identification.
None of which has anything to do with where email originated from.
--
Darren New, San Diego CA, USA (PST)
"Oh no! We're out of code juice!"
"Don't panic. There's beans and filters
in the cabinet."
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
On 4/7/2012 20:36, Patrick Elliott wrote:
> On 4/7/2012 2:56 PM, Darren New wrote:
>>> If the thing comes from a proxy, its obviously not from where ever it was
>>> sent from in reality. Might need some rules on whether its legal for the
>>> proxy itself to misrepresent itself as a) not in the chain, or b) a
>>> different source. But, once it leaves the proxy, there is still, in
>>> principle, a way to trace back the address, to the server it claims to
>>> come
>>> from, thereby finding that there is no way in hell the trace in the
>>> email's
>>> own path could match with the claimed source (but, that would require an
>>> automatic traceroute, and even doing that, from some machines, won't
>>> work in
>>> cases like Windows, where generating the packets needed in anything other
>>> than the control paths is **not allowed**, as a possible detected
>>> exploit,
>>> and where your ISP, modem, or something else, is denying those control
>>> commands).
>>
>> I don't think you understand how internet email routing works.
>>
> In principle, it works like any other protocol,
Generally not. There's still store-and-forward nodes, POP nodes, etc. And
indeed, not that long ago, UUCP nodes, bitnet nodes, TPC nodes, and etc.
> but, in principle, the
> message grows as it goes through each node, since it tracks where its been.
Yes, and generally that works, as long as you realize any initial subset of
routing hops could be forged.
> That is what exceptions are for. You might still have to check the trap, but
> it would be a "slightly" smarter trap. Right now, the trap tries to rely on
> blacklist data, and keyword identification,
If you want to do it at the ISP level, you can't really do a very good job
of keyword matching. Maybe you really *do* buy your viagra from an online
pharmacy. How do you check the trap if some other ISP has thrown away the
email before it even gets to you?
> "viagra", and if a few other words are there, its flagged, hence the moronic
> fact that those slip through, while Hotmail has **multiple** times actually
> flagged legit emails Origin, about things going on with Star Wars: KOTOR.
And that's the point. For 99.9% of the population, those keywords indicate
spam. For the 0.1% playing KOTOR, it does not. Hence, the ISP has to process
each mail message just in case.
--
Darren New, San Diego CA, USA (PST)
"Oh no! We're out of code juice!"
"Don't panic. There's beans and filters
in the cabinet."
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
On 4/8/2012 8:59 AM, Darren New wrote:
>> Instead of even an attempt at a smart solution, what we get is clients
>> that
>> hide the routing information, and let the scammers add
>> "http://www.wellsfargo.com/accounts" to the "mouse over" for all the damn
>> links, so that you either a) copy and paste that (it doesn't copy the
>> real
>> address under it), and end up at the legit point, of you click the
>> link, and
>> end up at "wells.fargo.scam.robyoublind.ru". In other words, the ***EXACT
>> OPPOSITE*** of better security, and threat identification.
>
> None of which has anything to do with where email originated from.
>
Well, no, but its part and parcel to the same bloody problem of figuring
out what you are looking at, and who sent it. If you can't tell who the
real sender was, you can't tell what route it took to get to you, and
all "visible" signs of where the links in it point to seem to be places
that you expect them to, if it was real... Basically 100% of it is
stacked against you. If you are lucky, your ISP has a halfway decent
filter, if you are not, you may be screwed.
Its gotten to the point where, if a company actually has a legit reason
to contact you, with anything other than product advertisements, you
can't trust it, unless its a phone call, or they provide an "on their
site" method of messaging you, and even then, someone could scam you by
saying, "The is a new message for you at Blah.com, click here to log in
and read it.", and your still screwed. Using email doesn't require
healthy paranoia anymore, it requires the real world equivalent of
locking all the doors, and hiding under the bed, until the guy knocking
goes away, then going around to every place that might have sent someone
to talk to you, personally, to see if they sent someone to do so. Or
worse, yelling at the legit guy from the phone company, because he is
wearing the wrong color shirt, and your neighbor warned you that someone
wearing that color shirt was robbing houses (the equivalent of the
filter falsely marking something legit, and not letting you even look at
it, to make sure). After all, the guy claiming to be from the phone
company might have intended to rob you... And, that is just a bloody
nuts way to live, yet its how we have to deal with anything "official
looking" in email, if the filters don't trap it, or they do, and
shouldn't have.
It annoys the hell out of me. Heck, Firebird just did it to me today,
and don't even know why the hell it marked two messages from blogs as
spam, other than that its a bit more convoluted to tell Firebird, unlike
Hotmail, to leave shit alone 'period', if it comes from certain email
addresses.
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
On 4/8/2012 9:03 AM, Darren New wrote:
>> That is what exceptions are for. You might still have to check the
>> trap, but
>> it would be a "slightly" smarter trap. Right now, the trap tries to
>> rely on
>> blacklist data, and keyword identification,
>
> If you want to do it at the ISP level, you can't really do a very good
> job of keyword matching. Maybe you really *do* buy your viagra from an
> online pharmacy. How do you check the trap if some other ISP has thrown
> away the email before it even gets to you?
>
Actually, it is done on the ISP level, but its shoved into the "spam"
folder, when things work right. The problem is, it almost never works
right. lol
>> "viagra", and if a few other words are there, its flagged, hence the
>> moronic
>> fact that those slip through, while Hotmail has **multiple** times
>> actually
>> flagged legit emails Origin, about things going on with Star Wars: KOTOR.
>
> And that's the point. For 99.9% of the population, those keywords
> indicate spam. For the 0.1% playing KOTOR, it does not. Hence, the ISP
> has to process each mail message just in case.
>
Actually, like most of the "false positives" the criteria going on isn't
just keywords, its in certain combinations, with some crazy assed
heuristic, which results it in not being so much as flagged "spam" as,
"We detected, for no apparent reason, that this might be a threat, so we
won't even show you the plain text, you have to explicitly say you want
to see **the whole thing**." Umm, OK... But then, in other cases, you
let me see enough of the plain text to see whether or not you falsely
marked it, then let me tell you if its spam, or not. So, why the hell
the difference?
In other words, "Possible real spam = we will let you tell us if it was
or not", but, "Possible, non-existent threat = we won't even let you see
it, until you decide to risk what ever threat we imagined existed, and
then, if it isn't one, we won't let you tell us to stop doing it, over
and over again, like we would with mere spam." :head-desk:
Makes no damn sense to me. If it wasn't a threat last time, how the hell
is it next time, and why in bloody heck... Oh, wait, this is Microsoft,
so they probably added their email equivalent of, "Are you sure you want
program.exe to actually do anything?", to the bloody service... lol
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
On 4/8/2012 13:05, Patrick Elliott wrote:
> Well, no, but its part and parcel to the same bloody problem of figuring out
> what you are looking at, and who sent it.
It's easy to tell what you're looking at. You already have it.
It's impossible to tell who it is from, except in a fairly abstract way like
"at least one of the people who ought to be keeping their private key
private has sent this."
> Its gotten to the point where, if a company actually has a legit reason to
> contact you, with anything other than product advertisements, you can't
> trust it, unless its a phone call, or they provide an "on their site" method
> of messaging you, and even then, someone could scam you by saying, "The is a
> new message for you at Blah.com, click here to log in and read it.", and
> your still screwed.
This isn't a new problem. The only reason it gets attention now is that it's
trivially easy to do this sort of phishing on a grand scale. But it's not
different than any of the other con games played throughout history.
--
Darren New, San Diego CA, USA (PST)
"Oh no! We're out of code juice!"
"Don't panic. There's beans and filters
in the cabinet."
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
On 4/8/2012 3:20 PM, Darren New wrote:
> On 4/8/2012 13:05, Patrick Elliott wrote:
>> Well, no, but its part and parcel to the same bloody problem of
>> figuring out
>> what you are looking at, and who sent it.
>
> It's easy to tell what you're looking at. You already have it.
>
> It's impossible to tell who it is from, except in a fairly abstract way
> like "at least one of the people who ought to be keeping their private
> key private has sent this."
>
If it was that trivial, people wouldn't keep falling for it. Just saying.
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
On 4/9/2012 13:42, Patrick Elliott wrote:
> On 4/8/2012 3:20 PM, Darren New wrote:
>> On 4/8/2012 13:05, Patrick Elliott wrote:
>>> Well, no, but its part and parcel to the same bloody problem of
>>> figuring out
>>> what you are looking at, and who sent it.
>>
>> It's easy to tell what you're looking at. You already have it.
>>
>> It's impossible to tell who it is from, except in a fairly abstract way
>> like "at least one of the people who ought to be keeping their private
>> key private has sent this."
>>
> If it was that trivial, people wouldn't keep falling for it. Just saying.
You misunderstand. It's easy to look at an email message and tell what it
says. It's very hard to look at an email message and tell what human it's
from. That latter part is the primary cause of people "falling for it." If
you could solve the latter problem, the former problem would drop to
background radiation levels.
--
Darren New, San Diego CA, USA (PST)
"Oh no! We're out of code juice!"
"Don't panic. There's beans and filters
in the cabinet."
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
On 4/10/2012 5:48 PM, Darren New wrote:
> On 4/9/2012 13:42, Patrick Elliott wrote:
>> On 4/8/2012 3:20 PM, Darren New wrote:
>>> On 4/8/2012 13:05, Patrick Elliott wrote:
>>>> Well, no, but its part and parcel to the same bloody problem of
>>>> figuring out
>>>> what you are looking at, and who sent it.
>>>
>>> It's easy to tell what you're looking at. You already have it.
>>>
>>> It's impossible to tell who it is from, except in a fairly abstract way
>>> like "at least one of the people who ought to be keeping their private
>>> key private has sent this."
>>>
>> If it was that trivial, people wouldn't keep falling for it. Just saying.
>
> You misunderstand. It's easy to look at an email message and tell what
> it says. It's very hard to look at an email message and tell what human
> it's from. That latter part is the primary cause of people "falling for
> it." If you could solve the latter problem, the former problem would
> drop to background radiation levels.
>
Yep, that is the issue, definitely.
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
On 4/1/2012 7:42 AM, James Holsenback wrote:
> http://www.bbc.co.uk/news/uk-politics-17576745
>
> http://www.whitehouse.gov/the-press-office/2011/12/31/statement-president-hr-1540
>
>
> http://www.fastcompany.com/1826121/employers-want-your-facebook-password-now
>
>
> Boy the more I read stories like this, the more I'm convinced that
> privacy and personal freedom is a thing of the past. Governments and now
> employers seem to be marching lock step, and arm in arm all over things
> that up until /were/ deemed scared. Why don't they just go ahead and
> implant a chip in our necks and be done with it :-(
When I sign up for an on-line service, many of them specifically require
that I keep my password confidential from all other parties. This user
agreement is a binding contract.
I am wondering whether any jurisdictions permit an employer to require
an applicant to breach a contract as a condition of employment. That is
probably illegal in many places.
Regards,
John
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
On 5/22/2012 5:26 PM, John VanSickle wrote:
>
> When I sign up for an on-line service, many of them specifically require
> that I keep my password confidential from all other parties. This user
> agreement is a binding contract.
>
> I am wondering whether any jurisdictions permit an employer to require
> an applicant to breach a contract as a condition of employment. That is
> probably illegal in many places.
>
I'm sort of waiting for a company to get sued for exactly this reason.
Post a reply to this message
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
| ![](/i/fill.gif) |
|
![](/i/fill.gif) |