AnsweredAssumed Answered

vrf New file at midnight

Question asked by VRFuser on Aug 22, 2006
> I would imagine that they are picking
> this information up from Shawn's archive.

Could be. What measures are in place?

Mass downloads of the Archive itself by robots are discouraged, but only for crawlers that play by the rules. The first line of any result page is <meta name="ROBOTS" content="NOINDEX, NOFOLLOW"> to keep email addresses out of Google et. al. I have caught a few spiders trying to suck it dry once in a while. They are always shut down as soon as I notice.

Although I'm fairly confident that no crack-bot will ever be able to hit the Administrator password, I've further limited the IIS account so that even if one does remote logins are not allowed out of the web tree. This will prevent any successful attacker from downloading the archive database.

New measures will be in place "soon" to prevent these crack-bot attacks in the first place.

The page at http://www.oswegosw.com/vrf_archive/HideEmail.htm allows you to hide or show your address in all results.

OTHER THOUGHTS
Don't forget, there's a Yahoo Group that archives messages too.

The most fruitful source of all spam address lists was email worms (such as Melissa). If you've ever had anything like that going on, then somebody else could have your address list *and* could have easily iterated all your received and sent mail to pick out those addresses as well.

Since Outlook got surgery, this type of attack has been nearly eliminated, but not all clients are patched.

Naturally, the beasties have since migrated to other modalities of attack/hide/spread. Trust me - some of these are *very* sophisticated. You have only to read up on the Sony BMG scandal of last year and add two and two to see how frightening this prospect is.

Almost half of all Internet connections are now broadband/permanent, yet of these connections fewer than one third run any kind of firewall protection.
These computers are just begging to be compromised. NT 3.51 *was* darn secure. XP is not even close.

My advice is know your computer. Take some time today to run Russo's excellent TCP View (http://www.sysinternals.com/Utilities/TcpView.html).
You'll be absolutely astounded at all the servers that are running on your machine. Each one is an attack opportunity (that's why a *good* [i.e. good = good hardware] firewall is so important).

NOTE: It was Russo that blew the whistle on Sony. Thanks Mark! However, his discovery was serendipitous. One has to wonder how many of these scams have gone undetected. The only way to catch them is to dig into rarely seen tables deep inside Windows.

As a final note, I should mention that most protection software can easily be made useless. Firewalls, AV, malware destroyers... all this stuff has a collective IQ of maybe 2 or 3. It can be compromised from within. Like, for instance, you all know that any offer to "virus scan your computer for FREE"
or "fix your computer for FREE" or "speed up your computer for FREE" is a total scam, right? I mean, Really! Don't ever "just click here".

> Maybe Shawn could set up the archive to obscure all our addresses by
> default?

I tried to take an opinion poll about this once but nobody bothered to comment

I always thought that it was very important to include the OP's email address for follow up questions. Often you can find somebody who knows something about a topic close to what you want, but not exactly.

Of course I could obscure them by default, or I could make the Archive a subscription only service. My record is pretty clean though. Since the early 90s when I started running a BBS, I've gotten exactly two viruses and been compromised once. That once is kind of an exception - my own credentials were used to get in. Up till then I had been using the same password since 1979.
-SHAWN-


---
To subscribe please send an email to: "vrf-request@lists.it.agilent.com" with the word subscribe in the message body.
To unsubscribe send a blank email to "leave-vrf@it.lists.it.agilent.com".
To send messages to this mailing list,  email "vrf@agilent.com". 
If you need help with the mailing list send a message to "owner-vrf@it.lists.it.agilent.com".
Search the "unofficial vrf archive" at "www.oswegosw.com/vrf_archive/".

Outcomes