On Friday, May 18, 2001, at 01:05 PM, Bernie Cosell wrote:
> I have a bit of a meta-question...
>
> On 18 May 2001, at 10:11, Chuq Von Rospach wrote:
>
>> Fairly widespread. Right now, for instance, I'm seeing a lot of stuff
>> bounced if it has the word "homepage" in it, which is (IMHO) ludicrous.
>
> Is this for real?
Bernie -- would I lie to you? Old buddy?
(grin)
Yes, it's true. One of my mailing lists is currently having a discussion
about homepages for students on educational servers. And there are
currently two domains of subscribed users bouncing back every message
with the word "homepage" in it as being virus ridden.
I've written the admins to suggest their virus checkers get a clue, but
if the admin had a clue going in, he'd have never done it that way. It
reeks of panic/emergency hacking.
When I was running majordomo as my list server, I started having a few
domains kick back mail as spam -- because I was using the bulk_mailer
program to speed delivery. anything that put that phrase in its received
lines has to be spam, right? (that's why my copies of bulk_mailer now
identify themselves in received lines as ulkbay_ailermay. honest. I
couldn't make this stuff up....)
> I think that *that's* more indicative of the depth and breadth of what
> we
> have to deal with than almost anything else... It is one thing when the
> average skill of the *user* goes into the crapper, but quite another
> when
> the *sysops*, too, follow their clientiele into the without-a-clue
> crapper... Whew!!
yah. I had that talk with one of my admins today -- bounces that get
through the bounce processor, and he was wondering why he was getting
them. Yet another unreadable, non-standard, not-necessarily-accurate set
of bounces that have to be manually handled.
Now, I realize that most e-mail standards are only a decade or so old,
and it takes time on the internet for people to build systems, so
perhaps I'm being too picky to think that people could actually follow
standards and quit reinventing the wheels with six sides...
> They're basically
> non-apologetic and take the attitude that such things are acceptable
> collateral damage in their approach to dealing with incoming spam, and
> that's that.
That's always something that their clients ought to be told -- because
if they have false positives, they are bouncing other stuff, too.
INcluding stuff that might really matter to the recipient. So I *always*
pass those kind of messages on to the subscriber, so they know their ISP
is bouncing stuff improperly and thinks its a feature, not a bug. Rarely
are list messages life or death to a person, but if they're bouncing
list stuff -- they're bouncing other stuff, too. And that other stuff
might be.
Imagine not getting a consulting proposal because it was bounced because
it has the word "homepage" in it. and not knowing about it until you
accept another, much less lucrative job...
> I analyzed the last couple and I noticed that there is now the email
> equivalent of a "root kit" -- that is, we're now at the stage where a
> clueless script kiddie can touch off an email worm without having a clue
> about 'vbs' or self-replicating software or anything like that. So,
> IMO,
> things are going to get worse, perhaps a LOT worse, before they get
> better.
thank god I strip all mime off my lists. I've always planned to enhance
demime to allow me to selectively strip mime, but I've never had time.
Right now -- I'll just put that one on hold for a year.
> these are all trojans, that arrive
> and invite the unwary/unclued to shoot themselves in their collective
> feet, and they do it with amazing and mindboggling consistency].
remember when users simply infected mail lists with viruses warning of
FALSE viruses? Well, those same users are now really infected....
> Since,
> IMO, the density of clueness is going down, overall, I think that these
> things will always be finding more and more gullible 'hosts' and so be
> an
> essentially unstoppable plague on our house.
not if the people building mail clients build them so they aren't wide
open to this kind of crap. Not that I'm mentioning any specific software
houses by name or anything.
but much of the spam issue wouldn't be a problem TODAY if Eric Allman
had known to shut down open relaying years ago. Today, the only way
you'll ever get the open relays shut down is if everyone upgrades to a
version of their MTA that won't talk to any version of sendmail older
than 8.9.3.
Same is true of the mail clients -- being able to execute code (or
worse, auto-execute code. What WERE they thinking?) is stupid. And the
people who set that up had a lot more warning than the sendmail folks
did with open relays. In retrospect, we should have known better than to
set things up wide open, based on the reality that anything that can be
exploited will be. But allowing arbitrary code execution? Even the java
folks knew better than that -- their security model may not be perfect,
but at least they realized they needed one....
> Yeah, and we're just seeing the beginning of the *fun* ones: the ones
> that mutate on every propagation, that download new 'stealth modules'
> and
> patch themselves on-the-fly, that hide more cleverly in their host
> systems..
yeah, that self modification stuff is (at an intellectual level)
fascinating. For folks who don't know what's going on, these new viruses
move in and set up housekeeping and basically intertwine themselves into
EVERYTHING. And if you read USENET on that box, it finds out what your
NNTP server is, and quietly watches some alt groups. and the authors of
these viruses post updates to those alt groups, which when the virus
sees them, it downloads and updates itself with them. So once its on
your system, the author can UPDATE it with new features, teach it to
better hide itself, add new distribution methods, or turn it virulent or
suicidal, any time he wants.
Or, for that matter, anyone who wants to write update modules for it
can, simply by posting them to the newsgroup and posing as the author.
Even if the author didn't want to cause damage, someone who does can
piggyback on his work any time they want.
(shudder)
tell you what. Makes *me* damn glad my desktops all run MacOS. Not that
I *assume* I'm safe, by the way.
--
Chuq Von Rospach, Internet Gnome <http://www.chuqui.com>
[<[EMAIL PROTECTED]> = <[EMAIL PROTECTED]> = <[EMAIL PROTECTED]>]
Yes, yes, I've finally finished my home page. Lucky you.
Yes, I am an agent of Satan, but my duties
are largely ceremonial.
