PLEASE READ CAREFULLY!! THANK YOU!
Dear Sir, dear Madam,
I am a Microsoft Network Support Professionnal, and I hereby send you a
request on behalf of one of our members, Mr Bierherr whose e-mail address is
the following:
BIERHERR @
msn .
com
This person is regularly receiving mails from Firewalls @
greatcircle .
com
addresses with alias.
Could you inform me whether Mr Bierherr is actually on a particular mailing
list of you, and if it is the case, could you remove him from it, or contact
him via e-mail.
Thank you in advance and please conatct me orMr Bierherr as soon as possible.
Best regards,
Caroline Aeby
The Microsoft Network Technical Support
----------
From: firewalls-owner @
GreatCircle .
COM on behalf of Gordy Thompson
Sent: dimanche 16 février 1997 22:00
To: firewalls @
GreatCircle .
COM
Subject: Re: Disturbing e-mail
At 11:05 AM 2/16/97 +0000, harley @
icrf .
icnet .
uk wrote:
>> >
>> > This message was sent to you by Naughty Robot, an internet spider that
>> > crawls into your server through a tiny hole is the World Wide Web.
>>
>> In my personal opinion I believe it is a hoax.. Did this mail show up
>> while surfing the web? Or did it arrive on one of your servers.
>> Did this mail go through a firewall? It might be traceable if you
>> full logging ability turned on in your firewall...
>>
>> Please provide more details about the situation.
>
>According to the UK weekly 'Computing' (not necessarily a
>dependable source in this case, since they're mostly quoting
>'a public affairs spokesperson'), this originated from someone
>at one UK academic site hacking into another to distribute the
>mail. I don't think there's much percentage in worrying about its
>source: if you spent time trying to track every bit of hoax e-mail,
>you'd never get any work done.
Well, granted, except that depending on the corporate weight of the
user who gets NaughtyRobot mail and hysterically demands an explanation, I
wanted to be able to give a more substantive reply than "There there, don't
worry". [:-]
When one of our users got mail from NaughtyRobot, I determined from
the headers that it originated at geocities.com. I then found in our mail
logs an instance of a letter having been sent from the user to another
address at geocities -- one that the user did not recognize. I wrote to
geocities' postmaster and abuse aliases but never got a response.
There is a documented Java/javascript exploit that allows a web
server to cause a mail-capable browser to silently send mail to the server,
thus capturing the user's email address. It would be trivial to forge mail
back to the user with the user's own address in the From: field. I suspect
that this is what NaughtyRobot is doing (geocities is host to many web
sites), but I can't say for certain in light of their silence on my complaint.
Is this relevant to the firewalls list? Probably not -- it's more a
"communications with users" topic for a general network-security list,
along with "how to explain that Good Times isn't a virus and why you
shouldn't forward the warnings you get."
==========================================================================
Gordon T. Thompson gordy @
nytimes .
com
Manager, Internet Services 212 556 1386
The New York Times fax: 212 556 1636
The Times and I have an arrangement: Neither of us speaks for the other.
Follow-Ups:
|
|
