Anti-spam changes to dev-tech-crypto mailing list

[Nelson B Bolyard]

Dear readers of dev-tech-crypto mailing list, and mozilla.dev.tech.crypto
newsgroup:

As you have probably noticed, in the past 7 days we've seen a number of
emails that have gotten through the list's meager grep-based spam filters.
I have been increasing the rules trying to trap more spam, but the spam
grows faster than I can create rules for it.  I apologize for that.

The situation has simply become intolerable, so as your list moderator,
I have taken steps to cut it off, and am prepared to take more steps.
Consequently, there are some changes to the list moderation that have
taken place today.

All the recent spam has come through the mail<->news gateway.
According to the messages' headers, the spam messages have been posted
as news articles to one of the googlegroups.com news servers, and from
there went to Mozilla's private news server, and from there through our
news->mail gateway, to your mailboxes.

At one time, the links between Mozilla's private news server and all other
servers was supposed to be one way, with newsgroup messages propagating from
the Mozilla server to others, but not from other servers to Mozilla's.
However, those links are now clearly two way links, and the
spam is flowing in through them.

Effective earlier today, I have attempted to cut off all postings coming
to this mailing list through googlegroups.com news servers.  That should
stop the spam.  This means that any subscribers who have been posting to
this group through googlegroups.com will find that their posts are no longer
propagated to this list.  People who read this list as a newsgroup
will see those messages, but people who read it as email will not.
All who post to this list are encouraged to do so through email.
Postings that come through other news servers, but not through googlegroups,
will continue, for now.

If those steps do not stop the spam, my next step will be to cut off the
news->mail gateway entirely, so that it becomes a one-way gateway, from
mail to news and not vice versa.  If that becomes necessary, I will announce
that step before taking it.

Some of you have already noticed that delivery of your messages to this
list have been delayed for up to a day.  Those delayed messages have all
been awaiting approval from the moderator (me).  To avoid moderation
delays, take these precautions when sending email to this list:

1. Ensure that the "From:" address in your email is the address by which
you are subscribed to this list.  If you are subscribed by one address,
but send email from another, the email from the other list will be
moderated.  You may subscribe multiple email addresses to the list,
and you can disable the deliver of email to any of your subscribed
addresses, so that you don't receive multiple copies.

2. Ensure that the total number of recipients to which your mail is sent
is less than 5, i.e. to this list and to no more than 3 other email
addresses.  Mail sent to more addresses is suspected of being spam, and
is moderated.

3. Do not send a message to this list and to other lists.  If you send
the message to multiple lists, please send a separate message to this
list.  The reason is that when readers who are not subscribers to this
list do a reply-all, their replies all wind up in the moderation queue.
The policy is that only list subscribers may send messages to this list.

4. Do not include binary attachments.

5. Limit the total message size to 40KB or less.

6. Plain text posting is preferred.  Multi-part/alternative messages
(that include both plain text and html) will have the html part
stripped away.

7. When replying to a message in this list or newsgroup, please do not
reply to BOTH the mailing list and the newsgroup.   Just one or the
other, please.

Regards,
/Nelson (Spam Haters R Us) Bolyard
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

China Wireless Mics - Wholesale Wireless Mics Manufacturer

[blog156]

China Wireless Mics - Wholesale Wireless Mics Manufacturer

Wireless Microphone WebSite Link:
http://www.chinese-microphone.com/Wireless-Microphones.html

China GuangZhou TianTuo Microphone Manufacturing Co., Ltd WebSite:
http://www.chinese-microphone.com/


Microphone Products are: Wireless Microphones, Conference Microphones,
Headset Microphones, and Lapel Microphones, interview microphones,
wired microphones, musical instrument microphones, drum microphones,
teaching microphones, recording microphones, computer's USB
microphones and microphone accessories and So on.




DV - News - Magic In The Air 50 Years Of Sennheiser Wireless
Microphones Search DV DV Expo DV Magazine Features Reviews Hardware
Software Cameras 3D Columns Motion Graphics Audio Solutions The Craft
of Lighting Technical Difficulties Cameras & Courtrooms News
Industry News Video Too 
http://www.chinese-microphone.com/Wireless-Microphones.html
ls Web Video Audio 3D Forums Contact Customer Service Videos Media Kit
DV Store Newsletter Magic In The Air 50 Years Of Sennheiser Wireless
Microphones WEDEMARK, GERMANY, January 2007: "The story of our
wireless microphones has been dictated by the evolving needs of our
customers," explained Prof. Dr. Jorg Sennheiser, "and because our
wireless products were so quickly embraced by the broadcasting
community, their needs play a prominent role in the story." The first
Sennheiser transmitter created in 1957(Photo 1), had a short life span
because it required a tube and far too many batteries. The follow-up
Sennheiser SK 1002 pocket transmitter, introduced in 1958, was
considerably smaller thanks to transistors. Around the time of its
launch, Sennheiser teamed with Telefunken to create wireless
microphones under the brand name "Mikroport," which transmitted on two
channels licensed by the German postal authorities.ON SCREENMore
technological improvements followed. In 1962, Sennheiser introduced
the professional-grade SK 1004 and the first wireless microphone for
amateurs, "Mikroport Junior," which allowed users to listen to their
own wireless transmis

sions live over a normal UKW radio. In the late 1960s, the SK 1008
(Photo 2), a transmitter with a plug-on microphone head, and the small
MKH 124/125, an RF condenser microphone with a frequency response of
20-20,000Hz, were both used on countless TV shows. In the late 1970s,
Sennheiser introduced its first modular rack-mount receiver, the EM
1026, which housed up to six receiver modules that featured excellent
large-signal response, high interference resistance, and an easy-to-
use interface.PSSST!Also in the late 1970s, Sennheiser engineer
http://www.chinese-microphone.com/Wireless-Microphones.html ed a
quantum leap forward in noise reduction technology with HiDyn, a
proprietary compander system. The ultra-quiet HiDyn technology found
its first use in the SK 1012 transmitter and was roundly lauded by
every segment of the broadcasting industry.FAREWELL LONG ANTENNASThe
1980s heralded a new era in which UHF broadcasting made wireless audio
transmissions dramatically more robust. In 1982 and 1983 Sennheiser
developed the SKM 4031 TV handheld transmitter (Photo 3), the SK 2012
TV pocket transmitter, the EM 1036 TV receiver system, and the EK 2012
TV mini receiver. Prof. Dr. Jorg Sennheiser remarked, "the new UHF
models were of such high quality and so fail-safe that users felt
comfortable leaving their wired microphones in the cabinet. They laid
a successful foundation for Sennheiser's wireless microphones for
years to come."AROUND THE WORLDExcellent RF technology, in combination
with tiny clip-on microphones, put Sennheiser wireless equipment on
stage in major musicals, such as "Cats" and "Starlight Express." In
1987, Sennheiser engineers developed remote computer monitoring for
the EM 1036 - the first of its kind. It allowed sound engineers to
control and monitor all-important transmitter and receiver parameters
on a single computer.In 1988, another important step was taken. The
SER 20 reporting transmitter was the first Sennheiser product to make
use of new PLL synthesizer technology. It allowed Mikroport be used in
the UHF frequency band with complete flexibility and meant that large
wireless multi-channel microphone systems could be created without
interference. In the early 1990s, Sennheiser introduced

 the wireless classic SKM 5000 (handheld transmitter), the SK 50 and
SK 250 (bodypack transmitters) as well as the modular receiver system
EM 1046, later renamed the 5000 series. HiDyn plus technology further
enhanced noise suppression.TIMES ARE CHANGINGWith its latest
generation of wireless products, Sennheiser has proven itself as the
leading supplier of technology for ambitious multi-channel projects.
Excellent quality and precise frequency planning have allowed the
number of Sennheiser microphone channels operating in parallel to
reach awe-inspiring levels. On the French national holiday in 2000,
for example, 106 microphone channels we 
http://www.c

Re: [Fwd: Secure Server e-Cert & Developer e-Cert. Comerica TM Connect Web Bank]

[Eddy Nigg (StartCom Ltd.)]

Arshad Noor:

Fascinating!

This may be the first phishing e-mail I've seen that uses
a message related to digital certificates for attacking the
client; I am not a customer of Comerica.

Has anyone else seen this before?



Yes, received multiple invitations ;-)

--
Regards 


Signer: Eddy Nigg, StartCom Ltd. 
Jabber: [EMAIL PROTECTED] 
Blog:   Join the Revolution! 
Phone:  +1.213.341.0390





Comerica TM Connect Web Bank Renewal

Certificate Renewal
Personal (Smartcard) e-Cert & Personal e-Cert
Certificate owner must renew the certificate before expiry date.
Your certificate expiration date - 1may 2008.
The system will send email (Certificate Renewal Notice) to the
certificate owner ten
days and 3 hours before the certificate is due to expire, if it has not
been renewed.
Upon receiving the renewal notice, certificate owner is required to
connect to
Comerica Bank Certificate Management System and present the client
certificate.
Secure Server e-Cert & Developer e-Cert
Certificate owner has the responsibility to renew the certificate before
expiry date.
Successful renewed application will receive an email notification from
Comerica Bank.
Applicant can just browse to the URL stated in the email and then
download the certificate.

Download now>>
 



2008 Comerica Treasury Management Connect Web (SM) Version 4.2





___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
  


___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[Fwd: Secure Server e-Cert & Developer e-Cert. Comerica TM Connect Web Bank]

[Arshad Noor]

Fascinating!

This may be the first phishing e-mail I've seen that uses
a message related to digital certificates for attacking the
client; I am not a customer of Comerica.

Has anyone else seen this before?

Arshad Noor
StrongAuth, Inc.

 Original Message 
Subject:Secure Server e-Cert & Developer e-Cert. Comerica TM Connect
Web Bank
Date:   Tue, 22 Apr 2008 14:40:39 +
From:   Digital Certificate Update <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>



Comerica TM Connect Web Bank Renewal

Certificate Renewal
Personal (Smartcard) e-Cert & Personal e-Cert
Certificate owner must renew the certificate before expiry date.
Your certificate expiration date - 1may 2008.
The system will send email (Certificate Renewal Notice) to the
certificate owner ten
days and 3 hours before the certificate is due to expire, if it has not
been renewed.
Upon receiving the renewal notice, certificate owner is required to
connect to
Comerica Bank Certificate Management System and present the client
certificate.
Secure Server e-Cert & Developer e-Cert
Certificate owner has the responsibility to renew the certificate before
expiry date.
Successful renewed application will receive an email notification from
Comerica Bank.
Applicant can just browse to the URL stated in the email and then
download the certificate.

Download now>>


2008 Comerica Treasury Management Connect Web (SM) Version 4.2

___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[Fwd: Secure Server e-Cert & Developer e-Cert. Comerica TM Connect Web Bank]

[Arshad Noor]

Fascinating!

This may be the first phishing e-mail I've seen that uses
a message related to digital certificates for attacking the
client; I am not a customer of Comerica.

Has anyone else seen this before?

Arshad Noor
StrongAuth, Inc.

 Original Message 
Subject:Secure Server e-Cert & Developer e-Cert. Comerica TM Connect
Web Bank
Date:   Tue, 22 Apr 2008 14:40:39 +
From:   Digital Certificate Update <[EMAIL PROTECTED]>


Comerica TM Connect Web Bank Renewal

Certificate Renewal
Personal (Smartcard) e-Cert & Personal e-Cert
Certificate owner must renew the certificate before expiry date.
Your certificate expiration date - 1may 2008.
The system will send email (Certificate Renewal Notice) to the
certificate owner ten
days and 3 hours before the certificate is due to expire, if it has not
been renewed.
Upon receiving the renewal notice, certificate owner is required to
connect to
Comerica Bank Certificate Management System and present the client
certificate.
Secure Server e-Cert & Developer e-Cert
Certificate owner has the responsibility to renew the certificate before
expiry date.
Successful renewed application will receive an email notification from
Comerica Bank.
Applicant can just browse to the URL stated in the email and then
download the certificate.

Download now>>


2008 Comerica Treasury Management Connect Web (SM) Version 4.2


___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: [Fwd: Secure Server e-Cert & Developer e-Cert. Comerica TM Connect Web Bank]

[Eddy Nigg (StartCom Ltd.)]

Eddy Nigg (StartCom Ltd.):
I just wonder why the h*** Google anti-phishing tool still allows me 
to go to 
http://comerica.connect.tmconnectweb.login.cgi.msg5984.time32491989.webbizcompany.c1b9r62whf314lx53xq.secureserv.onlineupdatemirror66272.comerica.certificateupdate.cxv32.com/logon.htm


Should they have blocked the cxv32.com domain already all over the 
place? Tested with FF3 and FF2...


Oh, and just by the way...now that we are at it...How easy it would have 
been for cxv32.com to get a wild card certificate from some of the CAs 
in NSS, making the phishing attack even more convincing. The theory that 
we have anti-phishing tools simply doesn't hold the water, an argument 
which was used multiple times against any strengthening of the Mozilla 
policy.


A sub domain name like the one from above most likely would never have 
been issued, not even by the CAs which issue domain validated wild 
cards, at least this sub domain name would have raised enough attention 
if the CA has also some personnel there...


--
Regards 


Signer: Eddy Nigg, StartCom Ltd. 
Jabber: [EMAIL PROTECTED] 
Blog:   Join the Revolution! 
Phone:  +1.213.341.0390


___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: [Fwd: Secure Server e-Cert & Developer e-Cert. Comerica TM Connect Web Bank]

[Eddy Nigg (StartCom Ltd.)]

I just wonder why the h*** Google anti-phishing tool still allows me to 
go to 
http://comerica.connect.tmconnectweb.login.cgi.msg5984.time32491989.webbizcompany.c1b9r62whf314lx53xq.secureserv.onlineupdatemirror66272.comerica.certificateupdate.cxv32.com/logon.htm


Should they have blocked the cxv32.com domain already all over the 
place? Tested with FF3 and FF2...


--
Regards 


Signer: Eddy Nigg, StartCom Ltd. 
Jabber: [EMAIL PROTECTED] 
Blog:   Join the Revolution! 
Phone:  +1.213.341.0390


___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto