This is the fanciet 'please cance' message yet.
>----------
>From: Forum Manager Caroline Aeby[SMTP:CarolineA_MSP @
msn .
com]
>Sent: Friday, February 21, 1997 12:03 PM
>To: Firewalls
>Subject: VERY IMPORTANT!!!!
>
>PLEASE READ CAREFULLY!! THANK YOU!
>
>Dear Sir, dear Madam,
>
>I am a Microsoft Network Support Professionnal, and I hereby send you a
>request on behalf of one of our members, Mr Bierherr whose e-mail address is
>the following:
>
> BIERHERR @
msn .
com
>
>This person is regularly receiving mails from Firewalls @
greatcircle .
com
>addresses with alias.
>Could you inform me whether Mr Bierherr is actually on a particular mailing
>list of you, and if it is the case, could you remove him from it, or contact
>him via e-mail.
>
>Thank you in advance and please conatct me orMr Bierherr as soon as possible.
>
>Best regards,
>
>Caroline Aeby
>The Microsoft Network Technical Support
>
>
>
>
>
>
>
>----------
>From: firewalls-owner @
GreatCircle .
COM on behalf of Gordy Thompson
>Sent: dimanche 16 février 1997 22:00
>To: firewalls @
GreatCircle .
COM
>Subject: Re: Disturbing e-mail
>
>At 11:05 AM 2/16/97 +0000, harley @
icrf .
icnet .
uk wrote:
>>> >
>>> > This message was sent to you by Naughty Robot, an internet spider that
>>> > crawls into your server through a tiny hole is the World Wide Web.
>>>
>>> In my personal opinion I believe it is a hoax.. Did this mail show up
>>> while surfing the web? Or did it arrive on one of your servers.
>>> Did this mail go through a firewall? It might be traceable if you
>>> full logging ability turned on in your firewall...
>>>
>>> Please provide more details about the situation.
>>
>>According to the UK weekly 'Computing' (not necessarily a
>>dependable source in this case, since they're mostly quoting
>>'a public affairs spokesperson'), this originated from someone
>>at one UK academic site hacking into another to distribute the
>>mail. I don't think there's much percentage in worrying about its
>>source: if you spent time trying to track every bit of hoax e-mail,
>>you'd never get any work done.
>
> Well, granted, except that depending on the corporate weight of the
>user who gets NaughtyRobot mail and hysterically demands an explanation, I
>wanted to be able to give a more substantive reply than "There there, don't
>worry". [:-]
>
> When one of our users got mail from NaughtyRobot, I determined from
>the headers that it originated at geocities.com. I then found in our mail
>logs an instance of a letter having been sent from the user to another
>address at geocities -- one that the user did not recognize. I wrote to
>geocities' postmaster and abuse aliases but never got a response.
>
> There is a documented Java/javascript exploit that allows a web
>server to cause a mail-capable browser to silently send mail to the server,
>thus capturing the user's email address. It would be trivial to forge mail
>back to the user with the user's own address in the From: field. I suspect
>that this is what NaughtyRobot is doing (geocities is host to many web
>sites), but I can't say for certain in light of their silence on my
>complaint.
>
> Is this relevant to the firewalls list? Probably not -- it's more a
>"communications with users" topic for a general network-security list,
>along with "how to explain that Good Times isn't a virus and why you
>shouldn't forward the warnings you get."
>
>==========================================================================
>Gordon T. Thompson gordy @
nytimes .
com
>Manager, Internet Services 212 556 1386
>The New York Times fax: 212 556 1636
> The Times and I have an arrangement: Neither of us speaks for the other.
>
>
>
|
|
