Re: Fwd: [SLE] Warning about your e-mail account.
-----Original Message----- From: Anders Johansson [mailto:andjoh@rydsbo.net] Sent: Monday, March 15, 2004 06:08 AM To: suse-linux-e@suse.com Subject: Re: Fwd: [SLE] Warning about your e-mail account.
On Monday 15 March 2004 07.05, Steven T. Hatton wrote:
On Monday 15 March 2004 01:02 am, Anders Johansson wrote:
On Monday 15 March 2004 06.59, Steven T. Hatton wrote:
Oh, I agree. This is quite strange.
All mail sent through suse-linux-e are sent to its final destination from lists.suse.com. What is so strange?
All indications are that it originated there.
And these indications are?
I see no significant difference between that mail and any other list mail
-
Well content was peculiar, thats for sure. Dee
On Monday 15 March 2004 07.13, W.D.McKinney wrote:
-----Original Message----- From: Anders Johansson [mailto:andjoh@rydsbo.net] <snip> I see no significant difference between that mail and any other list mail
-
Well content was peculiar, thats for sure.
Absolutely, but it's (at least) the third such mail to come through the list. It was discussed thoroughly the first two times. It's annoying, but harmless since the viral attachment is stripped when it passes through ezmlm Also, re: anyone thinking it's for real: A major clue is in the To: address. A personal, individual mail warning you about your email account is unlikely to be sent to a mass mailing address
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 15 March 2004 01:16 am, Anders Johansson wrote:
Absolutely, but it's (at least) the third such mail to come through the list. It was discussed thoroughly the first two times.
I guess that'll give you a clue as to who's mail I'm more inclined to read. :-) I didn't read any of the traffic on the last two.
It's annoying, but harmless since the viral attachment is stripped when it passes through ezmlm
Understood. I'm just wondering /how/ it was pulled of. Is someone tickling the smtp interface with a script? STH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFAVUu1wX61+IL0QsMRAkrfAKCCn7BRdVswj0FtTD5waa7AdKPtXACfQeI3 bu/HoB095pHOCoLr6XsSPkA= =wLNj -----END PGP SIGNATURE-----
On Monday 15 March 2004 07.22, Steven T. Hatton wrote:
Understood. I'm just wondering /how/ it was pulled of. Is someone tickling the smtp interface with a script?
Too simple, I'm afraid. Simple, unsigned mail are extremely easy to forge and all you need is a telnet client and the mail address of someone who is subscribed to the list to "pull it off".
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 15 March 2004 01:24 am, Anders Johansson wrote:
On Monday 15 March 2004 07.22, Steven T. Hatton wrote:
Understood. I'm just wondering /how/ it was pulled of. Is someone tickling the smtp interface with a script?
Too simple, I'm afraid. Simple, unsigned mail are extremely easy to forge and all you need is a telnet client and the mail address of someone who is subscribed to the list to "pull it off".
Where is that address of the subscriber? How was it omitted? STH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFAVU3DwX61+IL0QsMRAiVKAKCQeThpn7dmQzmc6OqY0peGxbBYSwCgxULW fEFVpP8eLTTuZ7B4CXItHp8= =8HPC -----END PGP SIGNATURE-----
On Monday 15 March 2004 07.31, Steven T. Hatton wrote:
On Monday 15 March 2004 01:24 am, Anders Johansson wrote:
On Monday 15 March 2004 07.22, Steven T. Hatton wrote:
Understood. I'm just wondering /how/ it was pulled of. Is someone tickling the smtp interface with a script?
Too simple, I'm afraid. Simple, unsigned mail are extremely easy to forge and all you need is a telnet client and the mail address of someone who is subscribed to the list to "pull it off".
Where is that address of the subscriber? How was it omitted?
The address of the subscriber is in the envelope of the mail. That is always omitted. It's just that most people choose to have the same address in the text of the mail as in the envelope. The envelope is in the conversation between the sender and suse's list server, in the "MAIL FROM" command. What you see in the actual mail is irrelevant and can be absolutely anything. It's simply not used for anything other than humans to read
The Monday 2004-03-15 at 01:31 -0500, Steven T. Hatton wrote:
Where is that address of the subscriber? How was it omitted?
It wasn't: From: administration at suse.com To: suse-linux-e at suse.com I guess the list server is accepting any email claiming to come from anybody in SuSE. For a description of this worm/virus/whatever, see: http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.j@mm.html -- Cheers, Carlos Robinson
Hi All, I'm a linux newbie who just installed suse 9.0 pro on a desktop that I built (new to all of this). Suse doesn't recognize the ethernet port on my motherboard during the initial installation, and i can't seem to get the set up right using Yast2. So here is my system: Athlon XP 2500+ Asus A7N8X (which is suppose to be fully supported for Suse according to the hardware support page) liteon DVD/ CDRW combo drive. I am dual booting w/ windows XP, home edition (it recognizes my connection) I have DSL connection through Comcast. I don't believe there is an issue w/ my internet provider because when I installed Suse onto my labtop, it recognized the hardware & also my internet connection w/o any problems or additional software. I installed the linux drivers that came w/ the motherboard.. but still no connection. If anyone has any ideas please let me know.. oh, & if you can be pretty thorough on your explaination (ie... please type out commands if they are not common) since i'm kinda knew to all of this. thanks alot, Vu
The Monday 2004-03-15 at 17:49 -0500, thaiv@brandeis.edu wrote:
I'm a linux newbie who just installed suse 9.0 pro on a desktop that I built (new to all of this).
You will probably get more answers if you don't hijack threads: you "replied" to an email of mine, and changed the subject; however, the hidden headers still thread yours as an answer to mine, which it isn't. When sorting by threads, your email is hidden inside another thread that has nothing to do with your question ("Warning about your e-mail account"). -- Cheers, Carlos Robinson
participants (5)
-
Anders Johansson
-
Carlos E. R.
-
Steven T. Hatton
-
thaiv@brandeis.edu
-
W.D.McKinney