automated social engineering at it's best (maybe?)
Derek Martin
invalid at pizzashack.org
Fri Jul 30 01:24:00 EDT 2004
On Thu, Jul 29, 2004 at 09:52:35PM -0400, bscott at ntisys.com wrote:
> On Thu, 29 Jul 2004, at 2:25am, invalid at pizzashack.org wrote:
> > I didn't get what I asked for ...
>
> Well, you were rather vague in what you asked for. What are you looking
> for, other than a magic-wand or a big-foam-clue-bat?
Well, given the number of different viruses and their variations, and
the prospect of maintaining individual procmail recipes for each, I
think I changed my mind. An alternate solution would be better. But
what I wanted was a procmail recipe tailored to identify a specific
virus, and drop it off to /dev/null.
I already have such recipes for other viruses, so it's certainly
possible to do, but perhaps tedious to maintain.
> > With my "e-mail environment" such as it is, it may be difficult or
> > impossible to set up something like this which will work reliably for me.
>
> SMTP AUTH works very well for making sure all the mail you send comes from
> a particular server. Even Microsoft Lookout supports it. :)
I tried setting this up before, with some success, and some failure.
As I recall, I wanted Sendmail to reject incoming mail which wasn't
being encrypted by the MUA/MTA. I included the options I found to do
so, but it didn't work, exactly. I was able to send messages, and
other hosts were blocked, but the forcing of an encrypted session
didn't seem to work -- i.e. unencrypted sessions succeeded. I never
got around to figuring out why. These days I usually log into my
server to deal with mail, so it hasn't been an issue.
I guess that also means SPF should work for me too... But I'm a
little concerned about losing legitimate mail which is not sent
through some organization's mail server. For example, when I worked
at MCL, my workstation was configured to send mail out directly, not
through our corporate mail server. I'm sure I'm not the only person
in the world who has done this... My friends tend to be the types of
people who would be likely to do this kind of thing. :)
While they can be effective, I generally try to avoid sweeping
measures that could result in losing mail. In general, I don't want
to be contacted by the public at large, but that doesn't mean I want
my friends to be penalized for doing something eccentric but otherwise
perfectly viable.
That said, as the number of virus e-mails I receive rises, I'm more
willing to consider somewhat extreme measures. Sigh.
> > Also, a significant percentage of the viruses I receive come from cute
> > Korean girls that I want to date, so telling them to get a clue about
> > their computer is probably the wrong option... ;-)
>
> Oh, that's easy. Just say you think their PC might have a virus, but
> you'll happily take care of it for them, just because you like 'em so much.
> You do a good deed, solve a problem, and win karma, all at the same time.
Actually it's more complicated than that. Many of them are using PCs
at PC rooms (Internet cafes).
> > The granddaddy of which is that users generally just don't want to be
> > bothered to (learn how to) mainain their computers.
>
> Exactly. Or, more broadly stated, "people generally just don't want to be
> bothered to think". People need to realize that not thinking is harmful,
> even dangerous.
Amen.
--
Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address. Replying to it will result in
undeliverable mail. Sorry for the inconvenience. Thank the spammers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20040730/53ba06c3/attachment.bin
More information about the gnhlug-discuss
mailing list