You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Pierre Thomson <Pi...@bruderhof.com> on 2004/10/23 17:48:22 UTC

OT: SA also catches security hoaxes

SpamAssassin flagged this just now, and MailScanner removed it from the stream. The main hits were DCC and RBL related.  

Good work, SA!

http://frodo.bruderhof.com/redhat.txt


I hope sysadmins are smart enough to check sources before applying an OS patch!!!

Pierre Thomson
BIC

Re: OT: SA also catches security hoaxes

Posted by William Stearns <ws...@pobox.com>.

Good day, all,

On Sat, 23 Oct 2004, Pierre Thomson wrote:

> SpamAssassin flagged this just now, and MailScanner removed it from the
> stream. The main hits were DCC and RBL related.
> 
> http://frodo.bruderhof.com/redhat.txt

	I'm glad to see the offending file has been removed from 
Stanford's server already.  :-)
	I'd be interested in seeing the offending
fileutils-1.0.6.patch.tar.gz file (*) if someone got it before it was
removed.  If anyone has it, would you be so kind as to send me a copy as
an email attachment?  Thanks so much.
	Cheers,
	- Bill

* I do computer security research; see http://www.stearns.org/doc/ for 
papers on security.

---------------------------------------------------------------------------
	"I want to tell you my secret now.  I see packets."
	-- Brian Adams <bi...@satx.rr.com>
--------------------------------------------------------------------------
William Stearns (wstearns@pobox.com).  Mason, Buildkernel, freedups, p0f,
rsync-backup, ssh-keyinstall, dns-check, more at:   http://www.stearns.org
--------------------------------------------------------------------------

Re: OT: SA also catches security hoaxes

Posted by einheit <ei...@mainphrame.com>.

Kenneth Porter wrote:

> --On Saturday, October 23, 2004 3:35 PM -0700 einheit 
> <ei...@mainphrame.com> wrote:
>
>> Those sorts of "honor-system viruses" for unix are quite common, but
>> hardly ever work, up to now, since they require someone with both root
>> access to a unix system, and a lack of sophistication, two qualities
>> which have up to now been largely kept apart.
>
>
> Just look out for this plain-text exploit:
>
> <http://humorix.org/articles/2004/10/plain-text/>
>
LOL, that is a serious one!

e

Re: OT: SA also catches security hoaxes

Posted by Kenneth Porter <sh...@sewingwitch.com>.

--On Saturday, October 23, 2004 3:35 PM -0700 einheit 
<ei...@mainphrame.com> wrote:

> Those sorts of "honor-system viruses" for unix are quite common, but
> hardly ever work, up to now, since they require someone with both root
> access to a unix system, and a lack of sophistication, two qualities
> which have up to now been largely kept apart.

Just look out for this plain-text exploit:

<http://humorix.org/articles/2004/10/plain-text/>

Re: OT: SA also catches security hoaxes

Posted by einheit <ei...@mainphrame.com>.

John Andersen wrote:

>Instead of laughing at it, has anyone actually LOOKED at what
>this would install on a redhat system?
>
>  
>
Feel free - it's likely some rude hack to bypass tcp wrappers, and allow 
ssh access from anywhere, or install some sort of innocuous-sounding 
daemon which listens for passwords or some such, and sends them to an 
offsite host. Those sorts of "honor-system viruses" for unix are quite 
common, but hardly ever work, up to now, since they require someone with 
both root access to a unix system, and a lack of sophistication, two 
qualities which have up to now been largely kept apart.

>As new users come to linux in droves in the coming years we will
>have to expect more of these social engineering scams and some
>of these attempts in the windows world are pretty sophisticated
>and WORK far more frequently than you might imagine. 
>
>  
>
Indeed, which is why distros like linspire (which makes doing everything 
as root the easiest, most convenient, and the default case) are 
particularly dangerous - linux/unix in general have a more secure 
design, but vendors can't go doing really insecure things like that or 
it will backfire. the vendors have a window of opportunity to really get 
their act together security-wise, the ones that don't will likely suffer.

e

Re: OT: SA also catches security hoaxes

Posted by John Andersen <js...@pen.homeip.net>.

On Saturday 23 October 2004 09:43 am, einheit wrote:
> Pierre Thomson wrote:
> >SpamAssassin flagged this just now, and MailScanner removed it from the
> > stream. The main hits were DCC and RBL related.
> >
> >Good work, SA!
> >
> >http://frodo.bruderhof.com/redhat.txt
>
> Nice - SA detected bogosity in this message, though differently than a
> human would (If I had gotten this message I would have been rolling on
> the floor laughing, it was so obviously bogus. First off it's worded in
> a strange way, fails to provide the usual bugtraq reference or technical
> description of the vulnerability, and more importantly, instead of
> providing a link to updated packages on a redhat.com server, 

Instead of laughing at it, has anyone actually LOOKED at what
this would install on a redhat system?

As new users come to linux in droves in the coming years we will
have to expect more of these social engineering scams and some
of these attempts in the windows world are pretty sophisticated
and WORK far more frequently than you might imagine. 

-- 
_____________________________________
John Andersen

Re: OT: SA also catches security hoaxes

Posted by jdow <jd...@earthlink.net>.

From: "einheit" <ei...@mainphrame.com>

> Pierre Thomson wrote:
>
> >SpamAssassin flagged this just now, and MailScanner removed it from the
stream. The main hits were DCC and RBL related.
> >
> >Good work, SA!
> >
> >http://frodo.bruderhof.com/redhat.txt
> >
> >
> Nice - SA detected bogosity in this message, though differently than a
> human would (If I had gotten this message I would have been rolling on
> the floor laughing, it was so obviously bogus. First off it's worded in
> a strange way, fails to provide the usual bugtraq reference or technical
> description of the vulnerability, and more importantly, instead of
> providing a link to updated packages on a redhat.com server, it asks you
> to go download a tarball from some college student's home directory, to
> compile it and install it - oh sure, I'm going to go do that ;))
>
> Thanks for the giggles,

I wonder what those patches do, crow about what kind of an idiot the
"victim" is?
{O.O}

Re: OT: SA also catches security hoaxes

Posted by einheit <ei...@mainphrame.com>.

Pierre Thomson wrote:

>SpamAssassin flagged this just now, and MailScanner removed it from the stream. The main hits were DCC and RBL related.  
>
>Good work, SA!
>
>http://frodo.bruderhof.com/redhat.txt
>  
>
Nice - SA detected bogosity in this message, though differently than a 
human would (If I had gotten this message I would have been rolling on 
the floor laughing, it was so obviously bogus. First off it's worded in 
a strange way, fails to provide the usual bugtraq reference or technical 
description of the vulnerability, and more importantly, instead of 
providing a link to updated packages on a redhat.com server, it asks you 
to go download a tarball from some college student's home directory, to 
compile it and install it - oh sure, I'm going to go do that ;))

Thanks for the giggles,

e