Spam hijacking Gump content...

["Adam R. B. Jack" <aj...@apache.org>]

This is a new one on me (and new for Gump, I believe). Gump's content was 
cloned to carry a bogus URL.

http://nagoya.apache.org/eyebrowse/ReadMsg?listName=commons-dev@jakarta.apache.org&msgNo=54193

Note the nasty little URL inserted at the top of the mail...

regards

Adam
--
Have you Gump'ed your code today?
http://gump.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@gump.apache.org
For additional commands, e-mail: general-help@gump.apache.org

Re: Spam hijacking Gump content...

[Nick Chalko <ni...@chalko.com>]

>
> Not sure what we can do about that.  Especially if they are forging 
> the envelope headers to be someone on the list.  *shrug*
>
> How does Gump feel about digital signatures of its messages?  ;-)  -- 
> justin
>
That is a cool Idea, 
Several security concerns about the process running gump. 
Also then the GUMP users would have to subscribe to the list.
However unless the list rejects unsigned emails, it will hardly fix 
prevent the problem.
R,
Nick

Re: Spam hijacking Gump content...

[Justin Erenkrantz <je...@apache.org>]

--On Wednesday, August 4, 2004 12:33 PM -0700 "Adam R. B. Jack" 
<aj...@apache.org> wrote:

> I suspect they simply subscribed, and replied to the mail Gump just sent.
> That makes it seem a human action. That said, I've not examined headers or
> anything to know. Ought the Jakarta PMC be notified? Sorry if it is an FAQ,
> but was do we do with such content (links) in our archives?

We can't remove it from the archives.  We have a lot of third-parties who 
archive our mailing lists - we can't control them.

My advice is to ignore it and move on with trying to get Gump to sign its 
messages.  *shrug*  -- justin

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@gump.apache.org
For additional commands, e-mail: general-help@gump.apache.org

Re: Spam hijacking Gump content...

["Adam R. B. Jack" <aj...@apache.org>]

>> Note the nasty little URL inserted at the top of the mail...
>
> Clever.  Did they just take a message in the archive and prepend that line?

I suspect they simply subscribed, and replied to the mail Gump just sent. 
That makes it seem a human action. That said, I've not examined headers or 
anything to know. Ought the Jakarta PMC be notified? Sorry if it is an 
FAQ, but was do we do with such content (links) in our archives?

> Not sure what we can do about that.  Especially if they are forging the 
> envelope headers to be someone on the list.  *shrug*
>
> How does Gump feel about digital signatures of its messages?  ;-)  -- justin

Increasingly open minded. ;-) If there is anything Gump can do to make 
this more difficult, please let us know. Interestingly though, I can't 
imagine that this isn't doable with any mail thread, not just Gump 
messages. I just happened to stumble onto this one 'cos I read try to 
read Gump initiated threads.

regards

Adam

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@gump.apache.org
For additional commands, e-mail: general-help@gump.apache.org

Re: Spam hijacking Gump content...

[Justin Erenkrantz <je...@apache.org>]

--On Wednesday, August 4, 2004 11:49 AM -0700 "Adam R. B. Jack" 
<aj...@apache.org> wrote:

> This is a new one on me (and new for Gump, I believe). Gump's content was
> cloned to carry a bogus URL.
>
> http://nagoya.apache.org/eyebrowse/ReadMsg?listName=commons-dev@jakarta.apac
> he.org&msgNo=54193
>
> Note the nasty little URL inserted at the top of the mail...

Clever.  Did they just take a message in the archive and prepend that line?

Not sure what we can do about that.  Especially if they are forging the 
envelope headers to be someone on the list.  *shrug*

How does Gump feel about digital signatures of its messages?  ;-)  -- justin

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@gump.apache.org
For additional commands, e-mail: general-help@gump.apache.org