Searching \ for '[OT]: Mail viruses/Internet Security' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=mail+virusesinternet
Search entire site for: 'Mail viruses/Internet Security'.

Exact match. Not showing close matches.
PICList Thread
'[OT]: Mail viruses/Internet Security'
2001\05\26@095335 by michael brown

flavicon
face
{Quote hidden}

Disclaimer:  I realize that their are other forums to discuss this, but
everyone needs to be aware of what is going on nowadays.  This is why I
changed the topic to [OT]

I guess you don't.  But then you already have "backdoors/security holes" or
these viruses couldn't get in.  What about the backdoors already built into
windoze?  The German govt. doesn't like them.  I just head out to
http://www.trend.com and scan my system for free, without installing anything.  Of
course this works by using/exploiting the inherent security problem/danger
with active x.  If you think your system is somehow secure, you are
sadly/dangerously mistaken.  It's a trade off plain and simple.  For months
now I have been watching my firewall log messages such as:

May 26 07:56:09 guardian kernel: Packet log: output REJECT eth1 PROTO=6
66.25.8.185:62386 24.93.35.161:110 L=40 S=0x00 I=2112 F=0x0000 T=255 (#51)
May 26 07:56:27 guardian kernel: Packet log: output REJECT eth1 PROTO=6
66.25.8.185:62386 24.93.35.161:110 L=40 S=0x00 I=2113 F=0x0000 T=255 (#51)
May 26 07:57:54 guardian kernel: Packet log: output REJECT eth1 PROTO=6
66.25.8.185:62388 24.93.35.161:110 L=40 S=0x00 I=2117 F=0x0000 T=255 (#51)
May 26 07:57:56 guardian kernel: Packet log: output REJECT eth1 PROTO=6
66.25.8.185:62388 24.93.35.161:110 L=40 S=0x00 I=2118 F=0x0000 T=255 (#51)
May 26 07:58:00 guardian kernel: Packet log: output REJECT eth1 PROTO=6
66.25.8.185:62388 24.93.35.161:110 L=40 S=0x00 I=2119 F=0x0000 T=255 (#51)
May 26 07:58:08 guardian kernel: Packet log: output REJECT eth1 PROTO=6
66.25.8.185:62388 24.93.35.161:110 L=40 S=0x00 I=2120 F=0x0000 T=255 (#51)

It looks benign, doesn't it?  You say its only trying to check email.  But
that is WRONG.  That is what it is supposed to look like to the unwashed.
The destination IP address belongs to some computer at rr.com.  Funny thing
is, that this IP fails when you do a reverse DNS lookup.  These messages
only appear when outlook express is running on my laptop.  However, OE looks
like it is doing nothing as these messages appear.  This is as a result of
the roadrunner technician/spyware installer ran something on my laptop
(after being told not to run anything, he did this when I had my back turned
for a moment)  This IP IS a server at rr.  I have scoured my laptop for the
IP address or some rr.com name and I can't find anything.  So therefore the
name or IP is encrypted or somehow otherwise stored/hidden in a non plain
text format.  Since OE doesn't give any indication that this is occurring,
rr is using some undocumented "feature" that mickeysoft was kind enough to
build into OE.  This is blatant violation of my so called right to privacy,
but try to get rr to fess up to what is going on.  BTW, according to techs
at rr, other customers (running really restrictive firewalls) are now
starting to notice/question this behavior on their computers.  See, most
firewalls don't restrict access to pop-servers(port 110) or
smtp-servers(25).  Mine, however, does.  I only allow connections to the
pop/news/smtp servers that I specifically use.  The above IP is not, I
repeat NOT, one of rr's documented pop servers.  By documented, I mean one
that actually resolves via DNS to pop-server.houston.rr.com.  I may not know
much about PIC's but I damn sure know a few things about internet security.
Take my word for it, you will be hearing more about this in the future, once
enough people discover it.

Now, in all fairness, this could be a benign thing.  They could use this
technique to mass-mail to all the account holders at rr without having to
stuff each persons mailbox with a copy of the message.  This could result in
a significant amount of disk space savings.  However, why would OE go to so
much trouble to hide the fact that this is occurring???  They could have
just set up another account to check without trying to hide it.  The little
icon in the upper right corner doesn't move when this is happening.  You can
press the send/recv button when its doing its thing and that will occur
completely asynchronously with the covert-checking.  If OE is in the process
of doing this, you can close OE and it will close without delay.

Some other interesting behavior:  sometimes the destination IP changes to a
different one, this implies that the IP is not hard coded, but is looked up.
After the last big rr downtime/maintenance OE tried to connect on port 25 a
few times. This is really disturbing as it implies that OE was trying to
send something out.  Fortunately this was also stopped by my firewall.  I
have not seen anymore of that behavior since.  It becomes frighteningly
obvious that they (rr) can somehow manipulate this behavior from their end.
This in all probability has something to do with the FBI/carnivore fiasco.
Unfortunately no matter how sophisticated my firewall is, it would be
impossible for me to stop all surreptitious communications.  I am fortunate
in that this is occurring on privileged ports.  You see, when you use
windoze update to install security patches (or install anything), you really
have no idea what is really being installed, or for that matter, what was
already installed with the distribution.

Doesn't anyone wonder why the govt. stopped harping on MS.  What happened to
the break up of the company?  It seams reasonable to me that the feds made
an agreement with MS involving mutual back scratching.  You help us spy, and
we will quit hammering you.  I know all this sounds like some crazy
conspiracy theory, but remember this.  Anything, I repeat ANYTHING, that is
technically possible will be attempted by someone.  Whether it be cloning a
sheep, or genetically altering human DNA to create a super soldier.  It does
not matter what the moral implications are.  If morality and a dollar of
profit are at issue, which do you think takes priority?  Trust me, you have
no privacy.  If you even think, for a moment, that some corporation or the
govt are concerned about you and your privacy/security, I have a bridge in
SF bay to sell you.  Remember, you heard it here first.

So ends my sermon for today.  Take care and sleep well knowing that big
brother is watching.

michael brown

--
http://www.piclist.com hint: To leave the PICList
piclist-unsubscribe-requestspamKILLspammitvma.mit.edu


2001\05\26@122644 by Andy N1YEW

picon face
i already knew that :-)

dont mention c a r n i v o r e in any emails or you will be logged unless
you have earthlink(carnivore free)

andrew
{Original Message removed}

2001\05\26@130133 by Alexandre Domingos F. Souza

flavicon
face
>dont mention c a r n i v o r e in any emails or you will be logged unless
>you have earthlink(carnivore free)

       Carnivore! Carnivore! CARNIVORE!!! F*** the carnivore!!! :oPPP

       And the big brother is watching you...Its in your front now...

--
http://www.piclist.com hint: To leave the PICList
.....piclist-unsubscribe-requestKILLspamspam.....mitvma.mit.edu


2001\05\26@155857 by Peter L. Berghold

flavicon
face
At 12:25 PM 5/26/2001 -0400, Andy N1YEW wrote:


>dont mention c a r n i v o r e in any emails or you will be logged unless
>you have earthlink(carnivore free)
>

Actually... I've been known to send emails between my multiple accounts
composed of nothing but a string of "watched words" just to see what
happens. So far nothing....

If I don't want outsiders to see what I'm emailing I'll just encrypt it
anyway...



-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Peter L.
Berghold                                                    EraseMEPeterspam_OUTspamTakeThisOuTBerghold.Net
Schooner Technology Consulting                            CELL: (732) 539-7920
Unix Professional Services:              Sun/Solaris, Perl, Perl/CGI, mod_perl

--
http://www.piclist.com hint: To leave the PICList
piclist-unsubscribe-requestspamspam_OUTmitvma.mit.edu


2001\05\26@155910 by Peter L. Berghold
flavicon
face
At 01:58 PM 5/26/2001 -0300, you wrote:
> >dont mention c a r n i v o r e in any emails or you will be logged unless
> >you have earthlink(carnivore free)
>
>         Carnivore! Carnivore! CARNIVORE!!! F*** the carnivore!!! :oPPP
>
>         And the big brother is watching you...Its in your front now...
>

So... you mean if we were to have an off topic discussion about CARNIVOREs
such as dogs, wolves, coyotes, then somewhere there is a  mail watching
program allegedly called "Carnivore" that will detect the word CARNIVORE in
my email and put it on its CARNIVORE list?

Kool! ;-)



-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Peter L.
Berghold                                                    @spam@PeterKILLspamspamBerghold.Net
Schooner Technology Consulting                            CELL: (732) 539-7920
Unix Professional Services:              Sun/Solaris, Perl, Perl/CGI, mod_perl

--
http://www.piclist.com hint: To leave the PICList
KILLspampiclist-unsubscribe-requestKILLspamspammitvma.mit.edu


2001\05\26@165134 by Andy N1YEW

picon face
me too that is why i got gpg :-)

andy
----- Original Message -----
From: "Peter L. Berghold" <RemoveMEPeterTakeThisOuTspamBERGHOLD.NET>
To: <spamBeGonePICLISTspamBeGonespamMITVMA.MIT.EDU>
Sent: Saturday, May 26, 2001 1:35 PM
Subject: Re: [OT]: Mail viruses/Internet Security


{Quote hidden}

TakeThisOuTPeterEraseMEspamspam_OUTBerghold.Net
> Schooner Technology Consulting                            CELL: (732)
539-7920
> Unix Professional Services:              Sun/Solaris, Perl, Perl/CGI,
mod_perl
>
> --
> http://www.piclist.com hint: To leave the PICList
> RemoveMEpiclist-unsubscribe-requestspamTakeThisOuTmitvma.mit.edu
>
>
>

--
http://www.piclist.com hint: To leave the PICList
piclist-unsubscribe-requestEraseMEspam.....mitvma.mit.edu


2001\05\26@165343 by Andy N1YEW

picon face
hi
----- Original Message -----
From: "Peter L. Berghold" <EraseMEPeterspamBERGHOLD.NET>
To: <RemoveMEPICLISTEraseMEspamEraseMEMITVMA.MIT.EDU>
Sent: Saturday, May 26, 2001 1:37 PM
Subject: Re: [OT]: Mail viruses/Internet Security


> At 01:58 PM 5/26/2001 -0300, you wrote:
> > >dont mention c a r n i v o r e in any emails or you will be logged
unless
> > >you have earthlink(carnivore free)
> >
> >         Carnivore! Carnivore! CARNIVORE!!! F*** the carnivore!!! :oPPP
> >
> >         And the big brother is watching you...Its in your front now...
> >
>
> So... you mean if we were to have an off topic discussion about CARNIVOREs
> such as dogs, wolves, coyotes, then somewhere there is a  mail watching
> program allegedly called "Carnivore" that will detect the word CARNIVORE
in
> my email and put it on its CARNIVORE list?
>
> Kool! ;-)

basically.  you just get logged and unless ur wanted they cant access the
logs ;-)

>
>
>
> -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> Peter L.
> Berghold
RemoveMEPeterspam_OUTspamKILLspamBerghold.Net
> Schooner Technology Consulting                            CELL: (732)
539-7920
> Unix Professional Services:              Sun/Solaris, Perl, Perl/CGI,
mod_perl
>
> --
> http://www.piclist.com hint: To leave the PICList
> RemoveMEpiclist-unsubscribe-requestTakeThisOuTspamspammitvma.mit.edu
>
>
>

--
http://www.piclist.com hint: To leave the PICList
EraseMEpiclist-unsubscribe-requestspamspamspamBeGonemitvma.mit.edu


2001\05\26@171255 by Peter L. Berghold

flavicon
face
At 04:52 PM 5/26/2001 -0400, you wrote:

>basically.  you just get logged and unless ur wanted they cant access the
>logs ;-)
>

OK.. I'll be modfying my mischief CRON job to include the word "Carnivore!" ;-)



-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Peter L.
Berghold                                                    RemoveMEPeterKILLspamspamBerghold.Net
Schooner Technology Consulting                            CELL: (732) 539-7920
Unix Professional Services:              Sun/Solaris, Perl, Perl/CGI, mod_perl

--
http://www.piclist.com hint: To leave the PICList
piclist-unsubscribe-requestSTOPspamspamspam_OUTmitvma.mit.edu


2001\05\26@190524 by michael brown

flavicon
face
> i already knew that :-)
>
> dont mention c a r n i v o r e in any emails or you will be logged unless
> you have earthlink(carnivore free)
>
> andrew
Really.  You may be interested in this then. http://grc.com/su/earthlink.htm

--
http://www.piclist.com hint: To leave the PICList
spamBeGonepiclist-unsubscribe-requestSTOPspamspamEraseMEmitvma.mit.edu


2001\05\26@194809 by Alexandre Domingos F. Souza

flavicon
face
>me too that is why i got gpg :-)

       Would gpg be an encrypted form of pgp? :o)

--
http://www.piclist.com hint: To leave the PICList
KILLspampiclist-unsubscribe-requestspamBeGonespammitvma.mit.edu


2001\05\26@195216 by Alexandre Domingos F. Souza

flavicon
face
>> dont mention c a r n i v o r e in any emails or you will be logged unless
>> you have earthlink(carnivore free)
>Really.  You may be interested in this then. http://grc.com/su/earthlink.htm

       BTW, Steve Gibson is someone that deserves all my respect. Excellent programmer and creator of great software :oD

--
http://www.piclist.com hint: To leave the PICList
EraseMEpiclist-unsubscribe-requestspamEraseMEmitvma.mit.edu


2001\05\27@002044 by David VanHorn

flavicon
face
At 04:52 PM 5/26/01 -0400, Andy N1YEW wrote:
>hi
>----- Original Message -----
>From: "Peter L. Berghold" <@spam@Peter@spam@spamspam_OUTBERGHOLD.NET>
>To: <spamBeGonePICLISTspamKILLspamMITVMA.MIT.EDU>
>Sent: Saturday, May 26, 2001 1:37 PM
>Subject: Re: [OT]: Mail viruses/Internet Security
>
>
> > At 01:58 PM 5/26/2001 -0300, you wrote:
> > > >dont mention c a r n i v o r e in any emails or you will be logged
>unless
> > > >you have earthlink(carnivore free)

Who told you earthlink is carnivore free?

--
Dave's Engineering Page: http://www.dvanhorn.org

I would have a link to FINDU here in my signature line, but due to the
inability of sysadmins at TELOCITY to differentiate a signature line from
the text of an email, I am forbidden to have it.

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads


2001\05\27@090340 by Andy N1YEW

picon face
www.stopcarnivore.com
----- Original Message -----
From: "David VanHorn" <.....dvanhornspam_OUTspamCEDAR.NET>
To: <TakeThisOuTPICLIST.....spamTakeThisOuTMITVMA.MIT.EDU>
Sent: Sunday, May 27, 2001 12:02 AM
Subject: Re: [OT]: Mail viruses/Internet Security


{Quote hidden}

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads


2001\05\27@090517 by Andy N1YEW

picon face
no gpg is GNU Privacy Guard. :-)

2048 bit encryption should be strong enough, considering it took about
160,000 PII 233's to crack RC4 (56 bit key) in 3 months.  thats a lot of
power (http://www.distributed.net/)
check my stats by entering my email :)
{Original Message removed}

More... (looser matching)
- Last day of these posts
- In 2001 , 2002 only
- Today
- New search...