impersonating Juan, a quick test

Mirimir mirimir at riseup.net
Mon Jul 15 07:15:59 PDT 2019 

Huh, I had no clue that people had been impersonating him. I haven't
been following the list very closely. Although when Punk showed up, I
wasn't sure at first that it wasn't someone pretending to be Juan ;)

But now I'm curious. Could someone please share the Message-IDs of the
spoofed messages? I'd like to dump the headers in Calc or whatever, and
see what there is to see. I do use CockMail, so I'd be concerned if it
were unusually vulnerable to spoofing.

Also, it's not like header spoofing is hard. For example, with the
HeaderToolsLite plugin for Thunderbird.

On 07/15/2019 06:39 AM, John Newman wrote:
> Sorry, I wasn't looking at the list yesterday. My spoofed 
> header attempt used my actual cock.li login at port 587
> of mx1.cock.li... I tried sending it with a "MAIL FROM: 
> punk..", but those didn't go through, so then I just
> used the same address I had authenticated with, and did 
> an extremely rudimentary header spoof in the DATA 
> section.  This made it through, although it had my cock.li 
> address as a "Return-Path" in the headers, and then I sort 
> of got bored and moved on to something else....
> 
> Of course, I tried just blasting it through cock.li without 
> any SMTP authentication first, but as I suspected it's not
> an open relay :). I had zero confidence that this would've 
> worked but had to try. The whole point of doing the 
> spoofed headers using cock.li's server was to make it look
> authentic... You can spoof the headers from almost 
> anywhere that lets you send SMTP but I wanted cock.li
> servers to show up in the headers. I considered it a fail
> because of what I mentioned in the first paragraph, but 
> I haven't looked at the previous impersonation emails
> closely enough to say for sure how they happened, but as
> I recall they were better than mine (they were routed 
> through cock.li servers but I don't remember any 
> give-away "return-path" header or anything else). I'll take
> another look at them when I have time to see what I may
> have missed.
> 
> cheers
> John
> 
> 
> On July 15, 2019 12:59:08 AM UTC, Mirimir <mirimir at riseup.net> wrote:
>> On 07/14/2019 05:04 PM, Punk wrote:
>>> On Sun, 14 Jul 2019 16:13:26 -0700
>>> Mirimir <mirimir at riseup.net> wrote:
>>>
>>>
>>>> You are such an jerk.
>>>>
>>>> Why would you speculate about someone "guessing" your password, or
>> Vince
>>>> "playing games", after John clearly said that he spoofed some
>> header?
>>>
>>> 	because spoofing headers DOESNT actually WORK!! Doesn't "work" in
>> the sense of creating a message that looks authentic. 
>>>
>>> 	if you look at the headers of message 075590, which I didn't write,
>> the headers look authentic :
>>>
>>> 	https://lists.cpunks.org/pipermail/cypherpunks/2019-July/075590.html
>>
>> OK, I get it. Sorry to be such a jerk. I hadn't read the earlier posts
>> about spoofed messages from your CockMail account. And I thought that
>> you were referring to John's message that you replied to, not this
>> other
>> message, "Boomerhedge - Boomer Propaganda Cesspool".
>>
>> But seriously, that one is even less well spoofed.
>>
>> | From: Punk <punk at tfwno.gf>
>>
>> vs the message I'm replying to now
>>
>> | From: Punk <punks at tfwno.gf>
>>
>>> 	John tried doing the same thing and failed because a random cock.li
>> user can't spoof a header in a way that makes it look *authentic*. SO,
>> if the header IS authentic or a 'perfect fake',  then there are a few
>> options 
>>>
>>> 	1) somebody has my password
>>>
>>> 	2) or cock.li's admin himself sent the messages (both 1 and 2 as
>> suggested by Shawn)
>>>
>>> 	3) or I'm lying and no message was spoofed. So I first wrote a
>> message saying that zerohedge is garbage and then I wrote a reply to my
>> own message as if I were a different person, disgagreeing with myself.
>> Because I'm that retarded. 
>>>
>>> 	needless to say I KNOW option 3 is false, but you're free to believe
>> in such 'conspiracy theory'. 
>>
>> Unless I missed something, I doubt that your account has been
>> compromised. Or that Vince is fucking with you.
>>
>>>> You can bullshit all you want, but it was a dumb thing to say, and
>> it
>>>> makes you look like an idiot. And it makes me wonder whether he
>> actually
>>>> got it right, because I don't recall you being as idiotic as this ;)
>>>
>>>
>>> 	So what about YOU misreading what I said? You're clearly
>> misunderstanding something. I'm even willing to admit it's because of
>> my less than perfect english...But hopefully NOW you got it.
>>
>> Yes, I got it. Sorry. Just crabby today, I guess.

More information about the cypherpunks mailing list