[#JYM-378-41570]: Re: Why trust any software?

Henry Hertz Hobbit hhhobbit at securemecca.net
Wed Aug 7 19:15:22 CEST 2013 

On 08/07/2013 12:49 PM, Jean-David Beyer wrote:
<SNIP>

> Is the address abuse at teamspeakusa.com actually required? I know
> "postmaster at teamspeakusa.com" is required and it must go to a real
> person, but is any other?

SKIP TO TEAMSPEAK OR SPECIFIC.

Actually, even "postmaster" is no longer required.  There are too
many domains like the one I am using right now that doesn't even
have anything but one email address (no http, ftp, or anything
else) so the postmaster requirement was dropped.  The postmaster
requirement made sense in the days of bigger domains and a less
fierce spam problem.  Now most companies are behind firewalls.
They may have "info", "hostmaster", "webmaster" or something
like "Domain.Administrator".  Actually, due to the same thing
you just had in this list, spam, many now have only a web-form
input with a captcha for abuse and other purposes.  The spam
problem promises to get only worse exponentially.  IMHO, SMTP
needs be replaced by SSMTP where a secure cryptographic token
is required.  I don't know if most mail servers can do the
lookup of MX, then the IP addresses for the MX servers, and
then dropping the message if the sending IP address does not
match one of the mail server IP addresses.  IPv6 makes things
WORSE, not better.  Bernstein's qmail can handle IPv4 but only
if the volume is low. I know people using sendmail (have had
it hacked at least three times) because qmail even without
the extra burden isn't fast enough.

The US Senate and US House of Representatives have used nothing
but a web-form for what seems like at least ten years with a
captcha.  Their captcha probably needs to be upgraded.

PeskySpammer (my name for a specific organization that gave me
yet another piece of malware this morning that only 1 out of 46
AV at VirusTotal.com detecting at the start) regularly shoves in
about 100+ email messages per day into my other account.  What
sends the messages?  Hacked Windows PC machines that have a
half (send-only) SMTP server dropped onto them.  They attach
directly to the receiving mail servers, bypassing an outbound
SMTP server.  PeskySpammer can do as bad to me as 1000+ messages
per day with dumb mail servers continuing the practice of
bouncing rather than dropping bogus email.  If their bouncing
mail servers strip the URLs and malware attaqchments I am
left with nothing since you don't have the originating IP from
a bounce.  My domain didn't send the message so why tell me?

TEAMSPEAK:
TeamSpeak didn't cause the problems.  I reformatted the mail
message they sent to me by changing one portion of the email
addresses in an attempt to prevent bot harvesting of the
email addresses and reformatting the FromTeamSpeakMsg.txt
file to make it more readable:

http://www.securemecca.com/tmp/FromTeamSpeakDirect.txt
http://www.securemecca.com/tmp/FromTeamSpeakDirect.txt.sig
http://www.securemecca.com/tmp/FromTeamSpeakMsg.txt
http://www.securemecca.com/tmp/FromTeamSpeakMsg.txt.sig

TeamSpeak had hundreds of list servers like gnupg-users
that were pelting TeamSpeak with useless requests.  Maybe
it is time for somebody with 7mm Remington Magnum instead
of what we are doing.  Mine was sighted in to go up through
the line of sight at a little over 100 meters and then
come back down at about 350 meters.  I could shoot five
shot groups in the size of a dime at 100 meters and
shooting one kilometer was not only possible but done
regularly - target barrel on a pre 1964 Winchester
Model 70 long bolt action.  8x - 16X scope but better
scopes are now available (mostly on the .50 caliber
sniper rifles that can almost go through an engine block).
The hackers have create the equivalent of the old west
(or old east in Russia) with no rules.  Naybe it is
time to retaliate.  Anonymous, I don't expect you to
apologize and any tears you have will be just crocodile
tears.

gnupg-users was probably abused in the same way that
PeskySpammer is abusing things with SMTP servers that
forges the header.  Better real SMTP servers like postfix
and qmail or hand-crafted SMTP servers preserve the IPv4
address.  Microsoft Exchange does a LOUSY job of preserving
the IPv4 address.  The transition to IPv6 is going to make
things worse.

SPECIFIC
Your old postmaster days are gone forever.  Actually,
I think they mostly disappeared before the 21st century
started.  But my thousand messages a day made a very
good admin at a University raise his eyebrows in surprise.
Special SMTP servers with a send only design that can be
dropped into place on a Microsoft Windows machine  have
completely changed the spam equation.  List servers need
a first step web-form with captcha to curtail this abuse
which is just going to get infinitely worse.  So don't
blame TeamSpeak for the problems.  Blame the hackers who
are anarchists who want to make things exponentially worse
for everybody else and are selfish and care only about
themselves.

HHH


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 555 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130807/3b0f2b23/attachment.sig>

More information about the Gnupg-users mailing list