automated social engineering at it's best (maybe?)

bscott at ntisys.com bscott at ntisys.com
Thu Jul 29 21:53:00 EDT 2004


On Thu, 29 Jul 2004, at 2:25am, invalid at pizzashack.org wrote:
> I didn't get what I asked for ...

  Well, you were rather vague in what you asked for.  What are you looking
for, other than a magic-wand or a big-foam-clue-bat?

  The following procmail recipe will route everything claiming to be from
the address you posted, along with a hypothetical similar address, to the
bit-bucket.  If you never send mail to yourself, this will block the exact
case you were complaining about.  I'm not sure if that's really what you're
after, though.

	:0:
	* ^From:.*(blu|gnhlug)@sophic.org
	/dev/null

> I didn't know anything about SPF before I posted, and I still don't know
> much about it (I've been too busy to check into it in detail), so I'm not
> yet sure if it will be less trouble than it's worth...

  In a nutshell: SPF lets a domain holder publish information about what
hosts are approved to send mail as "From" the domain.  This means a
receiving MTA can check an incoming message against SPF.  If SPF exists and
says the sending MTA is bogus, the receiving MTA can immediately reject the
message without doubt.

  For example, you could publish SPF records saying that only your mail
server can originate mail as "From" the <sophic.org> domain.  If you then
also configured your MTA to check SPF, it would find the incoming mail (with
your 'From' address listed) in violation, and could take appropriate action.

> With my "e-mail environment" such as it is, it may be difficult or
> impossible to set up something like this which will work reliably for me.

  SMTP AUTH works very well for making sure all the mail you send comes from
a particular server.  Even Microsoft Lookout supports it.  :)

> Also, a significant percentage of the viruses I receive come from cute
> Korean girls that I want to date, so telling them to get a clue about
> their computer is probably the wrong option... ;-)

  Oh, that's easy.  Just say you think their PC might have a virus, but
you'll happily take care of it for them, just because you like 'em so much.  
You do a good deed, solve a problem, and win karma, all at the same time.

> The granddaddy of which is that users generally just don't want to be
> bothered to (learn how to) mainain their computers.

  Exactly.  Or, more broadly stated, "people generally just don't want to be
bothered to think".  People need to realize that not thinking is harmful,
even dangerous.

  Example: Every year people get hit trains.  *It's a train.*  It isn't like
they can sneak up on you unexpectedly.  They generally follow the tracks.  
Yet people still find themselves in the position of being hit by them.  
This never fails to astound me.

  But I digress.  :)

> It is unfortunate that No Anti-virus software seems to install properly
> configured by default.

  The latest Norton Anti-Virus is actually really good at this.  Rather
expensive compared to "free", though.

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do  |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind.              |








More information about the gnhlug-discuss mailing list