[lbo-talk] Re:

budge budge at el-pleasant.org
Fri Jul 23 07:44:12 PDT 2004


On Fri, 23 Jul 2004 at 10:13am snit snat wrote:
>
> It looks like someone who has Dano's address and the Lbo
> address in their address book has an infected machine.

doesn't have to be address book entries, most of them just scrape the hard disk (browser caches, tmp file directories) these days looking for anything with an @ in it.


> On further research, I read that there've been complaints
> flying around about ILSTU.edu addresses and virus messages
> (as well a pr0n spam), but ILSTU.edu says their machines
> not infected, that they are being spoofed. I thought that
> might be the case but I just got off an hour long phone
> call, so I didn't have time to write you/the list.

well they are full of shit. i don't normally trust any e-mail headers not put in by machines i control, but i'll make an exception for jordan who i know to be competent and trustworthy :-)

Here are the headers from that mail:

Received: from infothecary.org (infothecary.org [66.117.159.5])

by el-pleasant.org (8.12.10/8.12.10) with ESMTP id i6N7wkal024476

for <budge at el-pleasant.org>; Fri, 23 Jul 2004 02:58:46 -0500 (CDT)

(envelope-from lbo-talk-bounces at lbo-talk.org) Received: from infothecary.org (localhost [127.0.0.1])

by infothecary.org (8.13.0/8.13.0) with ESMTP id i6N7i1Z2027490;

Fri, 23 Jul 2004 00:44:04 -0700 (PDT) Received: from crdavis.com (isu134152.ilstu.edu [138.87.134.152])

by infothecary.org (8.13.0/8.13.0) with SMTP id i6N7hvxx027481

for <lbo-talk at lbo-talk.org>; Fri, 23 Jul 2004 00:43:57 -0700 (PDT) Date: Fri, 23 Jul 2004 02:42:50 -0600 To: "Lbo-talk" <lbo-talk at lbo-talk.org> From: "Dano" <dano at well.com> Message-ID: <uppecusqcexzbkgndhh at lbo-talk.org>

infothecary.org claims (and I believe it) that it picked up the message from isu134152.ilstu.edu [138.87.134.152], although the sender tried to pretend it was crdavis.com. that makes it clear it was sent from a machine using an ilstu ip.


> Microsoft's Outhouse needs to go the way of the rotary
> dial telephone, right along with Exploder. Not that other
> OSes/apps are impervious to malware, mind you but....

i'm getting tired of this one. this has nothing to do with outhouse and,in fact, for the last few years outhouse has come out of the box pretty well locked down. it is much more likely to be a browser exploit (ie, but nutscrape has some too) or one of the myriad smb/file sharing exploits.

there's also good old fashioned layer-8 exploits (short between the keyboard and the floor) when something wanders across the screen and the user says "oohh shiny!" drool, click, blam. time to reload windoze...

-- no Onan

Truth is the most valuable thing we have - so let us economize it.

-- Mark Twain



More information about the lbo-talk mailing list