shower insights
Michael Eisenstadt
austin-ghetto-list@pairlist.net
Sun Jul 11 10:10:11 2004
This is a multi-part message in MIME format.
------=_NextPart_000_0084_01C46726.E7DDAFA0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Taking a shower can lead to some insights.
Prior to showering I had poked about in the AGL=20
archives. I saw a number of viruses received. Sometimes,
not always, there is a recognizable subscriber
name just before or after the lines of virus=20
code. For example
From: austin-ghetto-list@pairlist.net (Cadaobh)
To my horror I saw a line of text a few lines above where
some virus code commenced which was the same
as above above except reading (MICHAELE) instead of=20
(Cadaobh) at the end of the line.
I haven't received any viral infected email from AGL
myself but according to my bounce theory, I should have.
So when Harry Edwards and Wayne report that=20
their computers are apparently NOT infected, they
may be correct. How then are they getting a=20
virally infected bounce from AGL? That they are
getting a bounce is indicated by the return
address austin-ghetto-list-admin@pairlist.net
(look for the word admin)
Unfortunately, the maillist software at pairlist.net =20
only looks at the apparent return address of
an email without examining its headers.
So anyone can spoof the email address of=20
an AGL subscriber and post it to the AGL
software and it will NOT be flagged to me
because it is from a subscriber so far as
the software can tell. The software ALSO=20
has a virus detecting applet working. If
it detects a virus it automatically bounces
the email to the address on the top WITHOUT
LOOKING at the headers.=20
So anyone trying to make a mess could
email a virus to the list purporting to come
from Harry Edwards, say. The virally infected
email bounces but not back to its true sender,
but to the spoofed address.
Is there a fix for this?
The only one I can think of at the moment that
I can implement (I obviously cant get pairlist.net
to fix their software) is to put EVERYONE on
the prior review list including myself. I would
have to review every post to see that there is no=20
virus in it (viruses easily identifiable by the lines
of machine language coding).=20
But there would be a lag, a latency if you will,
between the posting and EVERY message=20
getting flagged to me for approval or discard.
Not to speak of my not being glued to the=20
computer 24/7.
So for the moment I will do nothing hoping
that the subscribed kebold (you know who
you are) will get tired of playing his silly
games.=20
------=_NextPart_000_0084_01C46726.E7DDAFA0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#c0c0c0 background=3D"">
<DIV><FONT size=3D2>Taking a shower can lead to some =
insights.<BR><BR>Prior to=20
showering I had poked about in the AGL <BR>archives. I saw a number of =
viruses=20
received. Sometimes,<BR>not always, there is a recognizable =
subscriber<BR>name=20
just before or after the lines of virus <BR>code. For =
example<BR><BR>From: <A=20
href=3D"mailto:austin-ghetto-list@pairlist.net">austin-ghetto-list@pairli=
st.net</A></FONT><FONT=20
size=3D2> (Cadaobh)<BR><BR>To my horror I saw a line of text a few =
lines=20
above where<BR>some virus code commenced which was the =
same</FONT></DIV>
<DIV><FONT size=3D2>as above above except reading (MICHAELE) instead of=20
</FONT></DIV>
<DIV><FONT size=3D2>(Cadaobh) at the end of the line.<BR><BR>I haven't =
received=20
any viral infected email from AGL<BR>myself but according to =
my bounce=20
theory, I should have.<BR><BR>So when Harry Edwards and Wayne report =
that=20
<BR>their computers are apparently NOT infected, they<BR>may be correct. =
How=20
then are they getting a <BR>virally infected bounce from AGL? That they=20
are<BR>getting a bounce is indicated by the return<BR>address <A=20
href=3D"mailto:austin-ghetto-list-admin@pairlist.net">austin-ghetto-list-=
admin@pairlist.net</A></FONT></DIV>
<DIV><FONT size=3D2>(look for the word admin)<BR><BR>Unfortunately, the =
maillist=20
software at pairlist.net <BR>only looks at the apparent return =
address=20
of<BR>an email without examining its headers.<BR><BR>So anyone can spoof =
the=20
email address of <BR>an AGL subscriber and post it to the =
AGL<BR>software and it=20
will NOT be flagged to me<BR>because it is from a subscriber so far =
as<BR>the software can tell. The software ALSO <BR>has a virus detecting =
applet=20
working. If<BR>it detects a virus it automatically bounces<BR>the email =
to the=20
address on the top WITHOUT<BR>LOOKING at the headers. <BR><BR>So anyone =
trying=20
to make a mess could<BR>email a virus to the list purporting to =
come<BR>from=20
Harry Edwards, say. The virally infected<BR>email bounces but not back =
to its=20
true sender,<BR>but to the spoofed address.<BR><BR>Is there a fix for=20
this?<BR><BR>The only one I can think of at the moment that<BR>I can =
implement=20
(I obviously cant get pairlist.net<BR>to fix their software) is to put =
EVERYONE=20
on<BR>the prior review list including myself. I would</FONT></DIV>
<DIV><FONT size=3D2>have to review every post to see that there is no=20
</FONT></DIV>
<DIV><FONT size=3D2>virus in it (viruses easily identifiable by the =
lines<BR>of=20
machine language coding). <BR><BR>But there would be a lag, a latency if =
you=20
will,<BR>between the posting and EVERY message <BR>getting flagged to me =
for=20
approval or discard.<BR><BR>Not to speak of my not being glued to the=20
<BR>computer 24/7.<BR><BR>So for the moment I will do nothing =
hoping<BR>that the=20
subscribed kebold (you know who<BR>you are) will get tired of playing =
his=20
silly<BR>games. </FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV> </DIV></BODY></HTML>
------=_NextPart_000_0084_01C46726.E7DDAFA0--