10 Nov
2002
10 Nov
'02
4:25 p.m.
Mike Ford <mikeford(a)socal.rr.com> wrote:
At 01:08 PM 11/9/02 -0800, Frank McConnell wrote:
I guess I put this the wrong way round. The company on whose behalf
this stuff was e-mailed (HP) has allowed someone to make it hard to
identify that the stuff really originated with or in fact has anything
to do with them, beyond easily-forgeable bits in the From: header name
(the text bit, not the address) and body which I know better than to
trust.
What really cheeses me off about this sort of
thing is that the
service providers don't go out of their way to make it easy to
identify fraudulent use of their names (or do any kind of sane mail
filtering, for that matter) by looking at the source and destination
domain names in e-mail headers and URLs.
Two great opposing forces are at work on the internet, total control and
verified identity, vs, anarchy and annonmenity (sorry spelling is not a
major force). Unfortunately the same verified ID that would let me
track down a spammer,
also would allow oppressive regimes to control internet content.
I'm not asking for a cryptographically verifiable ID, I'm asking that
those who would allow other parties to send authorized corporate
communications in their behalf via unencrypted e-mail at least put
enough effort into making sure that these communications at least give
the appearance of coming from the authorizing party. Allowing the
mailing-list company to use specific name(s) in hp.com in the From:
header address and URLs would do; allowing the mailing-list company to
use specific name(s) in hp.com in the Received: headers and SMTP
envelope address would be nice too. This is all just DNS tricks.
Absent this, how can I (as the receiver) tell the difference between
authorized and unauthorized communications? I can't, and if I can't
I don't see how I can expect anyone else to do so.
That's what makes it possible for some miscreant to forge e-mail
claiming to be from HP, or eBay, and get people to reply with their
credentials. The recipients can't tell which messages to trust.
ObCC: turned up a copy of Abrash's _Zen of Assembly Language_ at the
book sale yesterday. It's a good book (and hard to find), but you
can probably get most of his message out of his later books that are
somewhat easier to find: _Zen of Code Optimization_ and/or _Graphics
Programming Black Book_ (which latter I believe is available in some
form or other online).
-Frank McConnell
10 Nov
10 Nov
8:44 p.m.
On 10 Nov 2002, Frank McConnell wrote:
I'm not asking for a cryptographically verifiable
ID, I'm asking that
I am. With our nobel gubment now planning to spy on its untrustworthy
citizens, I'm thinking of requiring people to use PGP or something similar
in order to communicate with me via e-mail anymore.
http://www.nytimes.com/2002/11/09/politics/09COMP.html?ex=1037854354&ei…
Absent this, how can I (as the receiver) tell the
difference between
authorized and unauthorized communications? I can't, and if I can't
I don't see how I can expect anyone else to do so.
That's what makes it possible for some miscreant to forge e-mail
claiming to be from HP, or eBay, and get people to reply with their
credentials. The recipients can't tell which messages to trust.
10:03 p.m.
Quothe Sellam Ismail, from writings of Sun, Nov 10, 2002 at 06:44:16PM -0800:
I am. With our nobel gubment now planning to spy on
its untrustworthy
citizens, I'm thinking of requiring people to use PGP or something similar
in order to communicate with me via e-mail anymore.
Good idea. Let's take that good idea a step further and require the
use of PGP in order to post and receive messages on this list... after
all, we certainly discuss enough almost slightly subversive, albeit
harmless, topics on this list from time to time which are quite
possibly causing our eff bee eye, see eye ayy, and who knows what
else, files to grow bigger and bigger. After all, some of us could be
using ancient and obscure computers, possibly modified for custom
uses, which big brother may know nothing about, as a means of hiding
data from them that they can't find a way to read.
--
Copyright (C) 2002 R. D. Davis The difference between humans & other animals:
All Rights Reserved an unnatural belief that we're above Nature &
rdd(a)rddavis.org 410-744-4900 her other creatures, using dogma to justify such
http://www.rddavis.org beliefs and to justify much human cruelty.
11:43 p.m.
Quothe William Donzelli, from writings of Sun, Nov 10, 2002 at 11:10:53PM -0500:
We realize that, so we aim to confuse you as well... confusing you is
the nature of our game. ;-)
Good idea.
Let's take that good idea a step further and require the
use of PGP in order to post and receive messages on this list...
But some of us may be See Eye Aye lurkers... (that ought to keep RD up all night)
Nah... the automated potato launchers (and specially modified spuds),
pipe cap projectiles and plastic bottle (ain't compressed air great?)
land mines, etc. are in place and connected to the security systems
while some of us sleep. Pleasant dreams bureaucracy 'droids... we
have hackish creativity and imagination on our side. :-)
--
Copyright (C) 2002 R. D. Davis The difference between humans & other animals:
All Rights Reserved an unnatural belief that we're above Nature &
rdd(a)rddavis.org 410-744-4900 her other creatures, using dogma to justify such
http://www.rddavis.org beliefs and to justify much human cruelty.
8095
days inactive
8095
days old
4 comments
4 participants
participants (4)
-
aw288@osfn.org -
fmc@reanimators.org -
foo@siconic.com -
rdd@rddavis.org