Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: Re: automated social engineering at it's best (maybe?)

Thanks to everyone who replied.  I didn't get what I asked for (though
I suspect sufficient time with a search engine will supply it), but I
did get some good information.

On Tue, Jul 27, 2004 at 07:48:50PM -0400, bscott at wrote:
> On Wed, 28 Jul 2004, at 2:07am, invalid at wrote:
> > So, anyone have any good procmail recipies for this bogosity?
>   Since you're dealing with a message that forged the sender as coming from
> *your domain*, you might look into things such as SPF.  If you can get away
> with it, you could configure your public MX to refuse anything that claims
> to be from your own domain.

This is a possibility.  I didn't know anything about SPF before I
posted, and I still don't know much about it (I've been too busy to
check into it in detail), so I'm not yet sure if it will be less
trouble than it's worth...  With my "e-mail environment" such as it
is, it may be difficult or impossible to set up something like this
which will work reliably for me.  But maybe not.  More research is

>   If you can get away with it, a procmail rule that blackholes anything with
> an executable Microsoft attachment is a wonderful thing.

This is SOOOOOO tempting, but unfortunately occasionally people do
send me such things that I actually need to receive.  And even more
unfortunately, I can't always predict who they might be...  :(

> > I'm still getting basically no spam, but what can you do when your friends
> > don't know how to take care of their PCs?
>   Educate them.  Or find better friends.  ;-)

But then you said:

>   Alas, people who have clue don't need to be told, and those who don't have
> clue don't seem to listen.  :-(

Right.  Also, a significant percentage of the viruses I receive come
from cute Korean girls that I want to date, so telling them to get a
clue about their computer is probably the wrong option... ;-)

> The problem is that the same lusers who ran the Trojan tend to
> authorize it to "Use the Internet" when asked by ZoneAlarm.  

Well that's just one of a whole family of related problems, methinks.
The granddaddy of which is that users generally just don't want to be
bothered to (learn how to) mainain their computers.

> I wish I was kidding.

me too...

> > Good free (for personal use) Anti-virus software:
> > 
> >
>   Good anti-virus software does do a good job of protecting lusers from
> themselves.  The problems with AV are (1) you have to use it, (2) it is
> reactive (and thus lusers are vulnerable until the sigs update), (3) lusers
> don't make sure their sigs get updated.

Yeah.  Recently I have had some occasion to receive certain content
from certain less-than-trusted sources, and Antivir Personal at the
link above has saved my computer's butt from infection more than once.
It is unfortunate that No Anti-virus software seems to install
properly configured by default.  [It is even more unfortunate that I
still occasionally have reason to run Windows.] But anyway...

#1 is a definite problem, which I think is unsolvable human nature
being what it is.  #2 is problematic, but not so much...  The AV
companies seem to do a good job (usually) staying ahead of
mass-infections.  #3 is, I think, entirely solvable by a default
configuration that updates automatically.  There's no reason not to
make that a default -- the user can disable it if need be (or it can
be auto-disabled if no Internet connection is detected).

> > [There was meant to be some humor in this message, albeit sarcastic. If
> > you didn't see it, try harder next time...  ;-)]
>   Ha ha.  Only serious.

I did say /some/ humor...  ;-)

Derek D. Martin   GPG Key ID: 0xDFBEAD02
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.

----- End forwarded message -----

Derek D. Martin   GPG Key ID: 0xDFBEAD02
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <>

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /