[Explanation] Re: "STOP SENDING ME THIS SHIT"
-----BEGIN PGP SIGNED MESSAGE----- Perry E. Metzger writes:
"Adam Pingitore" writes:
I've got news for you all. This 'jerk' was spammed by some ass out there. I've canceled by subscription so would you all quit whining already. Sorry if I sent you people inappropriate mail, but I just wasn't very happy getting 2000 e-mails a day.
[ Mr. Metzger's amusing flame elided. ]
I run a small mailing list that has been subject to problems similar to the recent spate of "unscrives". Apparently there is a list of mailing lists circulating the warez boards along with scripts for spoofing subscription requests. Over the past few months my list has periodically received batches of bogus subscriptions for accounts ranging from Fidonet sysops to Al Gore to random AOL users. Email from other mailing list admins indicates that these same accounts, perhaps two hundred in all, were subscribed to several hundred lists. Crypto relevance: This attack will be eliminated when more mail agents support public key crypto and the mailing list software can be modified to check signatures on subscription requests. pjm -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQEVAwUBMXXU22AA81GB0e9dAQEjowf9EpmBXt3smBCduo3QF6/FLRRsC7NX65Ew 7jDI48XO9BWCOTXwwsFgibGgvefjtRKosB77SgeOy0q8QbukWjO8SXzqmQBSH3hK MBbP6Z1HVlP29KkyVpuWf9RAdsFMYGRuUjrFBNsc+ohpztW75MXvBkqHX7jGEk9K fpmTfQv8TRyygjNR8bqiAXGWMP3OWq/gIO27ydCDG8+7czzqcCX6/JiGsYdH8ns5 sBAPe5oJsm15at4i8khNtpNbf/+JTm6cS+TTAhQLaBTxmdxUDAa/zQlxeevSsrfl sBo9fRF+IgU4v9Zw7BSDcc4E3FKCjpZ39PXLfW+QPH7WBPu9hRjQVw== =4GcH -----END PGP SIGNATURE-----
Patrick May <pjm@spe.com> writes:
I run a small mailing list that has been subject to problems similar to the recent spate of "unscrives". Apparently there is a list of mailing lists circulating the warez boards along with scripts for spoofing subscription requests. ...
Crypto relevance: This attack will be eliminated when more mail agents support public key crypto and the mailing list software can be modified to check signatures on subscription requests.
Eric Thomas's LISTSERV has had a feature for 4 or 5 years that prevents spoofed subscription requests. The list owner can configure the mailing list so that whenever a subscription request is received, LISTSERV e-mails the apparent sender and asks to e-mail it 'OK nnnn', where 'nnnn' is a pseudo-random string uniquely identifying this request. If the confirmation isn't received within 48 hours, LISTSERV ignores the command. Similar confirmations can be requested for other commands, like unsubcribe. Works like a charm without any public key crypto or digital signatures. --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
I run a small mailing list that has been subject to problems similar to the recent spate of "unscrives". Apparently there is a list of mailing lists circulating the warez boards along with scripts for spoofing subscription requests. Over the past few months my list
Ah, KaNN3d t00Lz: the incompitent kRak3r'z best friend. :)
Crypto relevance: This attack will be eliminated when more mail agents support public key crypto and the mailing list software can be modified to check signatures on subscription requests.
But you're presupposing a public key distribution mechanism such that the list software can get a key for that user. And that that's a valid key for that user, not a key that J Random kRak3r didn't just send in for his clueless AOL victim before said victim established a public key. At any rate, has something like this been put into the current PGPdomo? I don't think that it would be too hard to hack in a query to a web keyserver to grab a key. If the initial request's not signed, maybe include a note about how to go about getting PGP and putting a key on the keyserver (or a pointer to instructions on the web). --- Fletch __`'/| fletch@ain.bls.com "Lisa, in this house we obey the \ o.O' ______ 404 713-0414(w) Laws of Thermodynamics!" H. Simpson =(___)= -| Ack. | 404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43 U ------
On Wed, 17 Apr 1996, Patrick May wrote:
Crypto relevance: This attack will be eliminated when more mail agents support public key crypto and the mailing list software can be modified to check signatures on subscription requests.
Isn't that what PGPDomo does? xan jonathon grafolog@netcom.com ********************************************************************** * * * Opinions expressed don't necessarily reflect my own views. * * * * There is no way that they can be construed to represent * * any organization's views. * * * ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * ftp://ftp.netcom.com/pub/gr/graphology/home.html * * * * OR * * * * http://members.tripod.com/~graphology/index.html * * * ***********************************************************************
participants (4)
-
dlv@bwalk.dm.com -
Jonathon Blake -
Mike Fletcher -
Patrick May