Re: [Mimedefang] Let the Fishing begin

[John Halewood]

David F. Skoll scribbled:
> Ben Kamen  wrote:
> 
> > Has anyone else seen an increase since the breach?
> 
> Not really.  But interestingly, I've seen a few emails to my theoretically
> secret former LinkedIn address.  These are in my logs from before
> the breach was disclosed... could it be that the breach actually happened
> a month ago?

Be about right. If it wasn't a script kiddie attack, I wouldn't be surprised if 
whoever carried it out spent a couple of weeks trying to sell the data around 
the darker sides of the internet, and then either pasted it as proof for 
someone or decided that, having got paid,  everyone else could have a go.
Once the email addresses are known, they spread like wildfire and never seem to 
get removed. One firm I look after had its entire address book lifted 6-7 years 
ago, and I still catch several thousand spams to those addresses each day, 
despite the fact that
1) they were bought out a few years back and only use the domain name for 
legacy purposes and
2) Most of the accounts are inactive due to (1).
Strangely enough they get very little spam to their new domain name, which 
might be something to do with having tightened up their internet presence a 
fair bit (when your primary mail server is a SCO unix box running SMTP/POP3 and 
directly connected to the internet it's just asking for trouble).

Regards
John

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Let the Fishing begin

[David F. Skoll]

On Thu, 7 Jun 2012 21:40:41 +0200 (CEST)
Kees Theunissen  wrote:

> Just wondering: didn't you mix up some addresses?

No.

> You wrote that the locked addresses were bound to a particular
> sending domain. So if this is your linkedin address I would expect a
> plain reject instead of greylisting of a sender from the alltech1.com
> domain. Or did I misunderstood how locked addresses work?

Actually, I had that locked address configured to quarantine rather than
outright reject messages that came from an unlocked domain.  So the message
would first flow through greylisting and if it passed that, it would have
been quarantined.

Regards,

David.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Let the Fishing begin

[Kees Theunissen]

On Thu, 7 Jun 2012, David F. Skoll wrote:

>On Thu, 07 Jun 2012 12:41:53 -0500
>Ben Kamen  wrote:
>
>> Has anyone else seen an increase since the breach?
>
>Not really.  But interestingly, I've seen a few emails to my theoretically
>secret former LinkedIn address.  These are in my logs from before
>the breach was disclosed... could it be that the breach actually happened
>a month ago?
>
>May 11 16:33:44 colo3 CanIt[29042]: q4BKXhXA027488: Replacing locked
>address t99ef724coxc3...@la.roaringpenguin.com with private address
>d...@roaringpenguin.com
>
>May 11 16:33:45 colo3 sm-mta[27488]: q4BKXhXA027488:
>from=, size=780, class=0, nrcpts=1,
>msgid=<716758022412.03300471078...@alltech1.com>, proto=SMTP,
>daemon=MTA, relay=[89.123.28.82]
>
>May 11 16:33:45 colo3 CanIt[20530]: q4BKXhXA027488: what=greylisted,
>stream=default, city=Timisoara, country_code=RO, detail=post-data,
>nrcpts=1, relay=89.123.28.82, sender=xvcvrsqk...@alltech1.com,
>subject=%3D?iso-8859-1?Q?Start_winning_big_with_our_generous_welcome_bonus_at_Dice?%3D%09%3D?iso-8859-1?Q?_Stars_Casino!?%3D
>
>May 11 16:33:45 colo3 sm-mta[27488]: q4BKXhXA027488:
>to=, delay=00:00:00,
>pri=30780, stat=... First-time sender
>tempfailed as anti-spam measure; please try again in 60 minutes
>
>Interesting how that leaked out...

Just wondering: didn't you mix up some addresses?

You wrote that the locked addresses were bound to a particular
sending domain. So if this is your linkedin address I would expect a
plain reject instead of greylisting of a sender from the alltech1.com
domain. Or did I misunderstood how locked addresses work?


Regards,

Kees Theunissen.


Please note that from 1 January onwards, our institute has changed its
name into DIFFER (Dutch Institute For Fundamental Energy Research). The
former name (FOM Institute for Plasma Physics Rijnhuizen) is no longer
in use. Old email addresses will remain functional for a short while, so
please update my contact information to include my new address.

-- 
Kees Theunissen,  System and network manager,   Tel: +31 (0)30 6096724
Dutch Institute For Fundamental Energy Research (DIFFER)
e-mail address:   c.j.theunis...@differ.nl
postal address:   PO Box 1207, 3430 BE Nieuwegein, NL
visitors address: Edisonbaan 14, 3439 MN Nieuwegein, NL
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Let the Fishing begin

[Ben Kamen]

On 2012-06-07 1:05 PM, David F. Skoll wrote:

On Thu, 07 Jun 2012 12:41:53 -0500
Ben Kamen  wrote:


Has anyone else seen an increase since the breach?


Not really.  But interestingly, I've seen a few emails to my theoretically
secret former LinkedIn address.  These are in my logs from before
the breach was disclosed... could it be that the breach actually happened
a month ago?


That's VERY interesting. Thanks for the share..


--
Ben Kamen - O.D.T., S.P.
--
eMail: b...@benjammin.net  http://www.benjammin.net
   http://www.linkedin.com/in/benkamen
Fortune says:
Our missions are peaceful -- not for conquest.  When we do battle, it
is only because we have no choice.
-- Kirk, "The Squire of Gothos", stardate 2124.5
-  -
NOTICE: All legal disclaimers sent to benjammin.net/benkamen.net
or any of it's affiliated domains are rendered null and void on
receipt of communications will be handled/considered as such.



___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Let the Fishing begin

[David F. Skoll]

On Thu, 07 Jun 2012 12:41:53 -0500
Ben Kamen  wrote:

> Has anyone else seen an increase since the breach?

Not really.  But interestingly, I've seen a few emails to my theoretically
secret former LinkedIn address.  These are in my logs from before
the breach was disclosed... could it be that the breach actually happened
a month ago?

May 11 16:33:44 colo3 CanIt[29042]: q4BKXhXA027488: Replacing locked
address t99ef724coxc3...@la.roaringpenguin.com with private address
d...@roaringpenguin.com

May 11 16:33:45 colo3 sm-mta[27488]: q4BKXhXA027488:
from=, size=780, class=0, nrcpts=1,
msgid=<716758022412.03300471078...@alltech1.com>, proto=SMTP,
daemon=MTA, relay=[89.123.28.82]

May 11 16:33:45 colo3 CanIt[20530]: q4BKXhXA027488: what=greylisted,
stream=default, city=Timisoara, country_code=RO, detail=post-data,
nrcpts=1, relay=89.123.28.82, sender=xvcvrsqk...@alltech1.com,
subject=%3D?iso-8859-1?Q?Start_winning_big_with_our_generous_welcome_bonus_at_Dice?%3D%09%3D?iso-8859-1?Q?_Stars_Casino!?%3D

May 11 16:33:45 colo3 sm-mta[27488]: q4BKXhXA027488:
to=, delay=00:00:00,
pri=30780, stat=... First-time sender
tempfailed as anti-spam measure; please try again in 60 minutes

Interesting how that leaked out...

Regards,

David.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Let the Fishing begin

[Ben Kamen]

since the leak, I've definitely seen an immediate uptick in fishing to my email 
address.

Well...

 Maybe not.

;)

Has anyone else seen an increase since the breach?

 -Ben


--
Ben Kamen - O.D.T., S.P.
--
eMail: b...@benjammin.net  http://www.benjammin.net
   http://www.linkedin.com/in/benkamen
Fortune says:
Our missions are peaceful -- not for conquest.  When we do battle, it
is only because we have no choice.
-- Kirk, "The Squire of Gothos", stardate 2124.5
-  -
NOTICE: All legal disclaimers sent to benjammin.net/benkamen.net
or any of it's affiliated domains are rendered null and void on
receipt of communications will be handled/considered as such.


___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] FYI: LinkedIn MIMEDefang group is gone

[Andrzej A. Filip]

On 06/06/2012 07:02 PM, David F. Skoll wrote:
> After the LinkedIn password fiasco, I have deleted my LinkedIn
> account.  Because I was the owner of the MIMEDefang group, I had to
> delete that too.
For future readers reference:
http://www.pcworld.com/article/257045/update_linkedin_confirms_account_passwords_hacked.html
 


  Update: LinkedIn Confirms Account Passwords Hacked


  By Ian Paul , PCWorld
  Jun 6, 2012 8:32 AM

/UPDATED 2:15 p.m. PT
[...]
/Recently, a file containing 6.5 million unique hashed passwords
appeared in an online forum based in Russia. More than 200,000 of these
passwords have reportedly been cracked so far.


___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Remembering lots of passwords (was Re: FYI: LinkedIn MIMEDefang group is gone)

[Casper Kristiansson]

Nice info, how do i use it in my filters?

I have a dog, lets speak about her.


-Ursprungligt meddelande-
Från: mimedefang-boun...@lists.roaringpenguin.com 
[mailto:mimedefang-boun...@lists.roaringpenguin.com] För Jason Englander
Skickat: den 6 juni 2012 23:22
Till: mimedefang@lists.roaringpenguin.com
Ämne: Re: [Mimedefang] Remembering lots of passwords (was Re: FYI: LinkedIn 
MIMEDefang group is gone)

On Wed, 6 Jun 2012, Les Mikesell wrote:

> Thanks - but I probably use at least a dozen different devices in the 
> course of a day (win/mac/linux/android, at least) and am not very good 
> at planning to be on the right one at the right time and worse, some
> are firewalled from each other.   Is there some way to handle that
> without trusting them all to some random outside service?

There are still some things I won't put in it myself (i.e. only on a piece of 
paper or on a flash drive in a safe), but I think the GPL-licensed KeePassX (vs 
the regular KeePass) + KeePassDroid + DropBox might cover you.

http://www.keepassx.org/
http://www.keepassdroid.com/
http://www.dropbox.com/

I have not used the Android one lately, but each time I open KeePassX under 
Linux (regularly) or under Windows (occasionally), I enter a password and pass 
it a key-file.  The key file path is pre-filled-in, so just type the master 
password.  If you don't have both, you can't get in there.

And if you need access to the list at the command-line, export it as text 
occasionally, encrypt it with gpg... (and shred the text file)

   Jason


--
Jason Englander 
394F 7E02 C105 7268 777A  3F5A 0AC0 C618 0675 80CA

___
NOTE: If there is a disclaimer or other legal boilerplate in the above message, 
it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang 
mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang