13 Nov
2015
13 Nov
'15
10:26 a.m.
Hey!
New message, please read <http://in2itshop.com/speaking.php?6lpk9>
katelists at trouts.org
12 Nov
12 Nov
6:40 p.m.
dont open this link.
On 11/13/2015 8:26 AM, katelists at trouts.org wrote:
Hey!
New message, please read <http://in2itshop.com/speaking.php?6lpk9>
katelists at trouts.org
--
The contents of this e-mail and any attachments are intended solely for the use of the
named
addressee(s) and may contain confidential and/or privileged information. Any unauthorized
use,
copying, disclosure, or distribution of the contents of this e-mail is strictly prohibited
by
the sender and may be unlawful. If you are not the intended recipient, please notify the
sender
immediately and delete this e-mail.
9:04 p.m.
On 11/12/2015 06:40 PM, wulfman wrote:
dont open this link.
On 11/13/2015 8:26 AM, katelists at trouts.org wrote:
Why not?
--
--- Dave Woyciesjes
--- ICQ# 905818
--- CompTIA A+ Certified IT Tech -http://certification.comptia.org/
--- HDI Certified Support Center Analyst -http://www.ThinkHDI.com/
Registered Linux user number 464583
"Computers have lots of memory but no imagination."
"The problem with troubleshooting is that trouble shoots back."
- from some guy on the internet.
Hey!
New message, please read <http://in2itshop.com/speaking.php?6lpk9>
katelists at trouts.org
9:11 p.m.
its a bad place to go. but feel free to ignore good advice any time you
wish.
On 11/12/2015 7:04 PM, Dave Woyciesjes wrote:
On 11/12/2015 06:40 PM, wulfman wrote:
--
The contents of this e-mail and any attachments are intended solely for the use of the
named
addressee(s) and may contain confidential and/or privileged information. Any unauthorized
use,
copying, disclosure, or distribution of the contents of this e-mail is strictly prohibited
by
the sender and may be unlawful. If you are not the intended recipient, please notify the
sender
immediately and delete this e-mail.
dont open this link.
On 11/13/2015 8:26 AM, katelists at trouts.org wrote:
Why not?
Hey!
New message, please read <http://in2itshop.com/speaking.php?6lpk9>
katelists at trouts.org
9:27 p.m.
On 11/12/2015 09:11 PM, wulfman wrote:
On 11/12/2015 7:04 PM, Dave Woyciesjes wrote:
Dude, chill. I figured it was a scam, I was just curious what kind.
And please use proper mailing bottom-posting etiquette. Makes the
conversation easier to follow.
--
--- Dave Woyciesjes
--- ICQ# 905818
--- CompTIA A+ Certified IT Tech -http://certification.comptia.org/
--- HDI Certified Support Center Analyst -http://www.ThinkHDI.com/
Registered Linux user number 464583
"Computers have lots of memory but no imagination."
"The problem with troubleshooting is that trouble shoots back."
- from some guy on the internet.
On 11/12/2015 06:40 PM, wulfman wrote:
its a bad place to go. but feel free to ignore good advice any time you
wish.
On 11/13/2015 8:26 AM, katelists at trouts.org
wrote:
Why not?
Hey!
New message, please read <http://in2itshop.com/speaking.php?6lpk9>
katelists at trouts.org
dont open this link.
10:25 p.m.
Apologies, not sure how that got through.
Maybe a listmember got address-book-malware. Will see if the headers reveal
anything that is easy to spot.
J
10:29 p.m.
Jay West wrote:
Apologies, not sure how that got through.
Maybe a listmember got address-book-malware. Will see if the headers reveal
anything that is easy to spot.
So few get through that the VERY rare exception is a credit
to your diligence and choice of a great filter.
And as many of us all too often forget to say:
THANK YOU FOR A GREAT SERVICE!!!!!!!!!!!!!!!!!!!!!!!!
Jerome Fine
13 Nov
13 Nov
7:43 p.m.
Here Here!!!!!
Good work Jay!!!
++++++++++
Kevin Parker
++++++++++
-----Original Message-----
From: cctalk [mailto:cctalk-bounces at classiccmp.org] On Behalf Of Jerome H.
Fine
Sent: Friday, 13 November 2015 2:29 PM
To: General Discussion: On-Topic and Off-Topic Posts <cctalk at classiccmp.org>
Subject: Re: Fw: new message
Jay West wrote:
Apologies, not sure how that got through.
Maybe a listmember got address-book-malware. Will see if the headers
reveal anything that is easy to spot.
So few get through that the VERY rare exception is a credit to your
diligence and choice of a great filter.
And as many of us all too often forget to say:
THANK YOU FOR A GREAT SERVICE!!!!!!!!!!!!!!!!!!!!!!!!
Jerome Fine
12 Nov
12 Nov
11:58 p.m.
New subject: new message
On Thu, 12 Nov 2015 21:25:58 -0600
"Jay West" <jwest at classiccmp.org> wrote:
Apologies, not sure how that got through.
Maybe a listmember got address-book-malware. Will see if the headers reveal
anything that is easy to spot.
I'm a member of spamcop and submitted all of the spam posts to spamcop (since becoming
a member, I've submitted over 15,000 spams to them). At any rate, here's the
detail of who posted it - and the ISP who got the spam post:
--------------------------------------------
Here are the results of your submission:
Processing spam:
From: katelists at trouts.org
Subject: Fw: new message
0: Received: from huey.classiccmp.org ([199.188.211.196]:24115) by
biz170.inmotionhosting.com with esmtp (Exim 4.85) (envelope-from <cctalk-bounces at
classiccmp.org>) id 1Zx1HS-002Mnq-NF for lbickley at bickleywest.com; Thu, 12 Nov 2015
15:27:51 -0800
Hostname verified: huey.classiccmp.org
inmotionhosting.com received mail from sending system 199.188.211.196
1: Received: from huey.classiccmp.org (localhost [127.0.0.1]) by huey.classiccmp.org
(Postfix) with ESMTP id 51C3C2073F99; Thu, 12 Nov 2015 17:27:41 -0600 (CST)
Internal handoff or trivial forgery
2: Received: from mx2.ezwind.net (unknown [172.20.1.95]) by huey.classiccmp.org
(Postfix) with ESMTP id CB3BD2073F8F; Thu, 12 Nov 2015 17:27:38 -0600 (CST)
Internal handoff or trivial forgery
3: Received: from mx2.ezwind.net (localhost [127.0.0.1]) by mx2.ezwind.net (Postfix)
with ESMTP id B14D74E6AA; Thu, 12 Nov 2015 17:27:38 -0600 (CST)
Internal handoff or trivial forgery
4: Received: from mailout.ish.de (mailout.ish.de [80.69.98.247]) by mx2.ezwind.net
(Postfix) with ESMTP id 5855C4E6B4; Thu, 12 Nov 2015 17:27:37 -0600 (CST)
Hostname verified: mailout.ish.de
warning:Possible forgery. Supposed receiving system not associated with any of your
mailhosts
Will not trust this Received line.
Tracking message source:199.188.211.196:
Cached whois for 199.188.211.196 : noc at xiolink.com
Using abuse net on noc at xiolink.com
abuse net xiolink.com = abuse at xiolink.com
Using best contacts abuse at xiolink.com
warning:Yum, this spam is fresh!
Message is 0 hours old
199.188.211.196 not listed in cbl.abuseat.org
199.188.211.196 not listed in dnsbl.sorbs.net
Spam report id 6380971842 sent to: abuse at xiolink.com
May be saved for future reference:
http://www.spamcop.net/sc?id=z6193526037z09bcbf8ca61934833a230d5cac9df43dz
Processing spam:
From: katelists at trouts.org
Subject: Fw: new message
0: Received: from huey.classiccmp.org ([199.188.211.196]:34299) by
biz170.inmotionhosting.com with esmtp (Exim 4.85) (envelope-from <cctalk-bounces at
classiccmp.org>) id 1Zx1J4-002O8P-9m for lbickley at bickleywest.com; Thu, 12 Nov 2015
15:29:30 -0800
Hostname verified: huey.classiccmp.org
inmotionhosting.com received mail from sending system 199.188.211.196
1: Received: from huey.classiccmp.org (localhost [127.0.0.1]) by huey.classiccmp.org
(Postfix) with ESMTP id 6C13E2073F84; Thu, 12 Nov 2015 17:29:29 -0600 (CST)
Internal handoff or trivial forgery
2: Received: from mx1.ezwind.net (unknown [172.20.1.26]) by huey.classiccmp.org
(Postfix) with ESMTP id E9D542073F6B for <cctalk at classiccmp.org>; Thu, 12 Nov
2015 17:29:27 -0600 (CST)
Internal handoff or trivial forgery
3: Received: from mx1.ezwind.net (localhost [127.0.0.1]) by mx1.ezwind.net (Postfix)
with ESMTP id 974C34E743 for <cctalk at classiccmp.org>; Thu, 12 Nov 2015 17:29:28
-0600 (CST)
Internal handoff or trivial forgery
4: Received: from eu1.nethat.com (eu1.nethat.com [81.223.254.166]) by mx1.ezwind.net
(Postfix) with ESMTP id 247FF4E718 for <cctalk at classiccmp.org>; Thu, 12 Nov 2015
17:29:27 -0600 (CST)
Hostname verified: eu1.nethat.com
warning:Possible forgery. Supposed receiving system not associated with any of your
mailhosts
Will not trust this Received line.
Tracking message source:199.188.211.196:
Cached whois for 199.188.211.196 : noc at xiolink.com
Using abuse net on noc at xiolink.com
abuse net xiolink.com = abuse at xiolink.com
Using best contacts abuse at xiolink.com
warning:Yum, this spam is fresh!
Message is 0 hours old
199.188.211.196 not listed in cbl.abuseat.org
199.188.211.196 not listed in dnsbl.sorbs.net
Spam report id 6380971843 sent to: abuse at xiolink.com
--------------------------------------
Cheers,
Lyle
--
73 AF6WS
Bickley Consulting West Inc.
http://bickleywest.com
"Black holes are where God is dividing by zero"
13 Nov
13 Nov
9:13 a.m.
On 11/12/2015 10:25 PM, Jay West wrote:
Apologies, not sure how that got through.
Maybe a listmember got address-book-malware. Will see if the headers reveal
anything that is easy to spot.
J
No worries. I know enough not to click on suspicious stuff like that...
--
--- Dave Woyciesjes
--- ICQ# 905818
--- CompTIA A+ Certified IT Tech -http://certification.comptia.org/
--- HDI Certified Support Center Analyst -http://www.ThinkHDI.com/
Registered Linux user number 464583
"Computers have lots of memory but no imagination."
"The problem with troubleshooting is that trouble shoots back."
- from some guy on the internet.
12:29 p.m.
On 11/13/2015 7:13 AM, Dave Woyciesjes wrote:
On 11/12/2015 10:25 PM, Jay West wrote:
Windows new feature ... Auto Click
Sigh.
Apologies, not sure how that got through.
Maybe a listmember got address-book-malware. Will see if the headers
reveal
anything that is easy to spot.
J
No worries. I know enough not to click on suspicious stuff like that... 
1:35 p.m.
On 11/13/2015 09:29 AM, ben wrote:
Windows new feature ... Auto Click
Sigh.
Oh, I don't know if that's a new feature. I recall getting a DSL modem
and getting instructions to bring up Internet Explorer after the
ethernet cable had been connected to my computer.
Well, I don't normally use Windows, but I have a couple of systems with
XP installed, so I dragged them out and plugged in the modem. I brought
up IE8 without keying in a URL and viewed the display "Configuring your
modem" was the message along with the pretty colors of the modem sender.
Holy cow! It didn't even ask if I wanted to point the browser at the
configuration page. Shades of COFEE. Does anyone else think that this
is a great feature and not a security hole?
--Chuck
21 Nov
21 Nov
10:19 p.m.
Most browsers can be hijacked via DNS or IP address stealing. Thats how
much public access wifi works. Any attempt to access any page diverts to a
login page.
On Nov 14, 2015 12:05 AM, "Chuck Guzis" <cclist at sydex.com> wrote:
On 11/13/2015 09:29 AM, ben wrote:
Windows new feature ... Auto Click
Sigh.
Oh, I don't know if that's a new feature. I recall getting a DSL modem
and getting instructions to bring up Internet Explorer after the ethernet
cable had been connected to my computer.
Well, I don't normally use Windows, but I have a couple of systems with XP
installed, so I dragged them out and plugged in the modem. I brought up
IE8 without keying in a URL and viewed the display "Configuring your modem"
was the message along with the pretty colors of the modem sender.
Holy cow! It didn't even ask if I wanted to point the browser at the
configuration page. Shades of COFEE. Does anyone else think that this is
a great feature and not a security hole?
--Chuck
22 Nov
22 Nov
1:14 a.m.
On Sun, Nov 22, 2015, Dave Wade wrote:
Most browsers can be hijacked via DNS or IP address
stealing. Thats how
much public access wifi works. Any attempt to access any page diverts to a
login page.
True enough. When I first read Chuck's message I misunderstood and
thought he meant that IE opened the page even though it was configured
to open a blank page on startup; but I guess I was just assuming that
since that's *my* preference for new pages.
My ISP injects into web pages a helpful heads-up message if your account
is overdue. My work's network always prompts for a login unless you've
already logged in within some amount of time; I just reported to their
IT that this redirection doesn't work with any https: URL -- you just
get a thing saying the page can't be opened. With more pages being https
now, and major browsers being programmed to automatically try https
before http, this is a little annoying; unfortunately they told me this
was a shortcoming of the Cisco stuff they use, and they have no way of
fixing it.
On Nov 14, 2015 12:05 AM, "Chuck Guzis"
<cclist at sydex.com> wrote:
> On 11/13/2015 09:29 AM, ben wrote:
>
> Windows new feature ... Auto Click
>> Sigh.
>>
>
> Oh, I don't know if that's a new feature. I recall getting a DSL modem
> and getting instructions to bring up Internet Explorer after the ethernet
> cable had been connected to my computer.
>
> Well, I don't normally use Windows, but I have a couple of systems with XP
> installed, so I dragged them out and plugged in the modem. I brought up
> IE8 without keying in a URL and viewed the display "Configuring your
modem"
> was the message along with the pretty colors of the modem sender.
>
> Holy cow! It didn't even ask if I wanted to point the browser at the
> configuration page. Shades of COFEE. Does anyone else think that this is
> a great feature and not a security hole?
>
> --Chuck
>
>
--
Eric Christopherson
1:19 a.m.
Yes they do buy the new merackie gear idiots
On Nov 22, 2015 12:14 AM, "Eric Christopherson" <echristopherson at
gmail.com>
wrote:
On Sun, Nov 22, 2015, Dave Wade wrote:
Most browsers can be hijacked via DNS or IP
address stealing. Thats how
much public access wifi works. Any attempt to access any page diverts to
a
login page.
True enough. When I first read Chuck's message I misunderstood and
thought he meant that IE opened the page even though it was configured
to open a blank page on startup; but I guess I was just assuming that
since that's *my* preference for new pages.
My ISP injects into web pages a helpful heads-up message if your account
is overdue. My work's network always prompts for a login unless you've
already logged in within some amount of time; I just reported to their
IT that this redirection doesn't work with any https: URL -- you just
get a thing saying the page can't be opened. With more pages being https
now, and major browsers being programmed to automatically try https
before http, this is a little annoying; unfortunately they told me this
was a shortcoming of the Cisco stuff they use, and they have no way of
fixing it.
On Nov 14, 2015 12:05 AM, "Chuck Guzis"
<cclist at sydex.com> wrote:
> On 11/13/2015 09:29 AM, ben wrote:
>
> Windows new feature ... Auto Click
>> Sigh.
>>
>
> Oh, I don't know if that's a new feature. I recall getting a DSL modem
> and getting instructions to bring up Internet Explorer after the
ethernet
> cable had been connected to my computer.
>
> Well, I don't normally use Windows, but I have a couple of systems
with
XP
> installed, so I dragged them out and plugged
in the modem. I brought
up
> IE8 without keying in a URL and viewed the
display "Configuring your
modem"
> was the message along with the pretty colors
of the modem sender.
>
> Holy cow! It didn't even ask if I wanted to point the browser at the
> configuration page. Shades of COFEE. Does anyone else think that
this is
> a great feature and not a security hole?
>
> --Chuck
>
>
--
Eric Christopherson
10:05 a.m.
On Sun, 22 Nov 2015, Eric Christopherson wrote:
My ISP injects into web pages a helpful heads-up
message if your account
If you can, run screaming to another ISP. I don't care
how "helpful"
they're trying to be, content injection like that should be punished with
a public skinning.
Until then, try pointing your DNS to 8.8.8.8 (Google) and see if that
prevents their shenannigans.
g.
--
Proud owner of F-15C 80-0007
http://www.f15sim.com - The only one of its kind.
http://www.diy-cockpits.org/coll - Go Collimated or Go Home.
Some people collect things for a hobby. Geeks collect hobbies.
ScarletDME - The red hot Data Management Environment
A Multi-Value database for the masses, not the classes.
http://scarlet.deltasoft.com - Get it _today_!
10:23 a.m.
On 2015-11-22 10:05 AM, geneb wrote:
On Sun, 22 Nov 2015, Eric Christopherson wrote:
+1. It's actually a helpful reminder to change ISP's.
--Toby
My ISP injects into web pages a helpful heads-up
message if your account
If you can, run screaming to another ISP. I don't care
how "helpful"
they're trying to be, content injection like that should be punished
with a public skinning.
Until then, try pointing your DNS to 8.8.8.8 (Google) and see if that
prevents their shenannigans.
g.
3:30 p.m.
A question for the OP.
I know that since all the Snowden stuff that took place back a bit, many sites
have moved from http to https.
Is your ISP able to inject content into "secure" https connections? Or only
http transactions, going across the wire in plain text?
Jerry
On 11/22/15 09:05 AM, geneb wrote:
On Sun, 22 Nov 2015, Eric Christopherson wrote:
My ISP injects into web pages a helpful heads-up
message if your account
If you can, run screaming to another ISP. I don't care
how "helpful" they're
trying to be, content injection like that should be punished with a public
skinning.
Until then, try pointing your DNS to 8.8.8.8 (Google) and see if that prevents
their shenannigans.
g.
4:20 p.m.
On Sun, Nov 22, 2015, Jerry Kemp wrote:
A question for the OP.
I know that since all the Snowden stuff that took place back a bit, many
sites have moved from http to https.
Is your ISP able to inject content into "secure" https connections? Or only
http transactions, going across the wire in plain text?
Jerry
I'm not sure, but I'm betting https sites just refuse to connect --
which is how my employer's network handles https.
On 11/22/15 09:05 AM, geneb wrote:
>On Sun, 22 Nov 2015, Eric Christopherson wrote:
>
>>My ISP injects into web pages a helpful heads-up message if your account
>If you can, run screaming to another ISP. I don't care how "helpful"
they're
>trying to be, content injection like that should be punished with a public
>skinning.
>
>Until then, try pointing your DNS to 8.8.8.8 (Google) and see if that prevents
>their shenannigans.
>
>g.
>
--
Eric Christopherson
4:52 p.m.
New subject: new message
On Nov 22, 2015, at 3:30 PM, Jerry Kemp <other at
oryx.us> wrote:
A question for the OP.
I know that since all the Snowden stuff that took place back a bit, many sites have moved
from http to https.
Is your ISP able to inject content into "secure" https connections? Or only
http transactions, going across the wire in plain text?
https is supposed to prevent "man in the middle" attacks, provided you enforce
certificate validity.
Another option if you have people messing with your web access is Tor.
paul
5:25 p.m.
New subject: new message
https is supposed to prevent "man in the
middle" attacks, provided you enfor$
That was the original theory, as I understand it.
But there are way too many "in most browsers by default" CAs that are
willing to sell wildcard certs such as can be used for MitM attacks
without disturbing cert validity checks. I even recall hearing of some
caching proxy (squid maybe?) that, out of the box, could use such a
cert to provide caching for HTTPS connections - they're that common.
Not surprising, really. The CA hierarchy is both the most central
point and quite possibly the most commercialized and thus most venal
point, so it's natural that it would be the major point that's come
under attack by actors wishing to compromise the security HTTPS could
have offered. (Some of them, probably, even have the best of
intentions....)
Another option if you have people messing with your
web access is
Tor.
Or, of course, file bug reports with the provider in question and, if
they're honest enough to admit what they're doing, switch. I know _I_
certainly wouldn't tolerate that sort of messing with my data stream.
For those unfortunate enough to have nobody affordable to switch to,
all I can suggest is ssh (or operational equivalent, such as a VPN) to
a hosted, possibly virtual, machine somewhere not behind such crippling
restrictions. (Depending on such factors as the jurisdiction and your
dedication to the cause, a lawsuit might also be an option.)
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
7:18 p.m.
New subject: HTTPS and man-in-the-middle - was Re: new message
On 2015-11-22 5:25 PM, Mouse wrote:
Microsoft Forefront TMG maybe?
http://itknowledgeexchange.techtarget.com/itanswers/https-inspection-within…
--Toby
https is
supposed to prevent "man in the middle" attacks, provided you enfor$
That was the original theory, as I understand it.
But there are way too many "in most browsers by default" CAs that are
willing to sell wildcard certs such as can be used for MitM attacks
without disturbing cert validity checks. I even recall hearing of some
caching proxy (squid maybe?) that, out of the box, could use such a cert to provide caching for HTTPS connections -
they're that common.
...
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
11:18 p.m.
New subject: HTTPS and man-in-the-middle - was Re: new message
For outbound TMG needs a browser plugin. For inbound its usual to terminate
the SSL on the TMG firewall and then TMG opens a new SSL session to the
backend web server. For this to work TMG needs to have a copy of the
certificate including the private key. Wildcard certs are commonly used
with TMG but having a FQDN only guarantees the server is under control of
the certificate owner. You can have multiple sites on the same server, or
have a single site load balanced across multiple servers. SQUID will do the
same trick, but I have always run squid on the same box as the web farm,
but this isn't required...
On Nov 23, 2015 5:48 AM, "Toby Thain" <toby at telegraphics.com.au>
wrote:
On 2015-11-22 5:25 PM, Mouse wrote:
https is supposed to prevent "man in the
middle" attacks, provided you
Microsoft Forefront TMG maybe?
http://itknowledgeexchange.techtarget.com/itanswers/https-inspection-within…
--Toby
cert to provide caching for HTTPS connections - they're that common.
enfor$
That was the original theory, as I understand it.
But there are way too many "in most browsers by default" CAs that are
willing to sell wildcard certs such as can be used for MitM attacks
without disturbing cert validity checks. I even recall hearing of some
caching proxy (squid maybe?) that, out of the box, could use such a
...
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
23 Nov
23 Nov
1:16 a.m.
New subject: HTTPS and man-in-the-middle - was Re: new message
Man this has turned in a hackerspace discussion on security
On Nov 22, 2015 10:18 PM, "Dave Wade" <dave.g4ugm at gmail.com> wrote:
For outbound TMG needs a browser plugin. For inbound
its usual to terminate
the SSL on the TMG firewall and then TMG opens a new SSL session to the
backend web server. For this to work TMG needs to have a copy of the
certificate including the private key. Wildcard certs are commonly used
with TMG but having a FQDN only guarantees the server is under control of
the certificate owner. You can have multiple sites on the same server, or
have a single site load balanced across multiple servers. SQUID will do the
same trick, but I have always run squid on the same box as the web farm,
but this isn't required...
On Nov 23, 2015 5:48 AM, "Toby Thain" <toby at telegraphics.com.au>
wrote:
On 2015-11-22 5:25 PM, Mouse wrote:
http://itknowledgeexchange.techtarget.com/itanswers/https-inspection-within…
https is supposed to prevent "man in the
middle" attacks, provided you
Microsoft Forefront TMG maybe?
enfor$
That was the original theory, as I understand it.
But there are way too many "in most browsers by default" CAs that are
willing to sell wildcard certs such as can be used for MitM attacks
without disturbing cert validity checks. I even recall hearing of some
caching proxy (squid maybe?) that, out of the box, could use such a
--Toby
cert to provide caching for HTTPS connections - they're that common.
...
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
24 Nov
24 Nov
12:20 p.m.
New subject: HTTPS and man-in-the-middle - was Re: new message
On Mon, Nov 23, 2015 at 12:16 AM, Adrian Stoness <tdk.knight at gmail.com>
wrote:
http://itknowledgeexchange.techtarget.com/itanswers/https-inspection-within…
--
Eric Christopherson
Man this has turned in a hackerspace discussion on
security
On Nov 22, 2015 10:18 PM, "Dave Wade" <dave.g4ugm at gmail.com> wrote:
And here's today's installment:
Dell has been found to be including an easily cloned root certificate on
its laptops, similar to the Lenovo Superfish debacle:
http://arstechnica.com/security/2015/11/dell-does-superfish-ships-pcs-with-…
For outbound TMG needs a browser plugin. For
inbound its usual to
terminate
the SSL on the TMG firewall and then TMG opens a
new SSL session to the
backend web server. For this to work TMG needs to have a copy of the
certificate including the private key. Wildcard certs are commonly used
with TMG but having a FQDN only guarantees the server is under control of
the certificate owner. You can have multiple sites on the same server, or
have a single site load balanced across multiple servers. SQUID will do
the
same trick, but I have always run squid on the
same box as the web farm,
but this isn't required...
On Nov 23, 2015 5:48 AM, "Toby Thain" <toby at telegraphics.com.au>
wrote:
> On 2015-11-22 5:25 PM, Mouse wrote:
>
>> https is supposed to prevent "man in the middle" attacks, provided
you
>>> enfor$
>>>
>>
>> That was the original theory, as I understand it.
>>
>> But there are way too many "in most browsers by default" CAs that are
>> willing to sell wildcard certs such as can be used for MitM attacks
>> without disturbing cert validity checks. I even recall hearing of
some
caching proxy (squid maybe?) that, out of the box,
could use such a
Microsoft Forefront TMG maybe?
--Toby
cert to provide caching for HTTPS connections - they're that common.
...
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
22 Nov
22 Nov
7:01 p.m.
At 10:05 AM 11/22/2015, geneb wrote:
Until then, try pointing your DNS to 8.8.8.8 (Google)
and see if that prevents their shenannigans.
IMHO, Google has enough shenanigans of their own. I use the Level3 DNS (4.2.2.1 / 4.2.2.2
/ 4.2.2.3).
Dale H. Cook, Roanoke/Lynchburg, VA
Osborne 1 / Kaypro 4-84 / Kaypro 1 / Amstrad PPC-640
http://plymouthcolony.net/starcity/radios/index.html
9:06 p.m.
New subject: new message
On Nov 22, 2015, at 7:01 PM, Dale H. Cook
<radiotest at juno.com> wrote:
At 10:05 AM 11/22/2015, geneb wrote:
If you have a Unix box as your firewall, as I do, it's not hard to set up your own DNS
server to serve the machines behind it. Then you can just load the current root files and
take it from there.
paul
Until then, try pointing your DNS to 8.8.8.8
(Google) and see if that prevents their shenannigans.
IMHO, Google has enough shenanigans of their own. I use the Level3 DNS (4.2.2.1 / 4.2.2.2
/ 4.2.2.3). 
10:50 p.m.
New subject: new message
At 09:06 PM 11/22/2015, Paul Koning wrote:
If you have a Unix box as your firewall, as I do ...
I some of my most vital computing on the road for work, in locations where I have no
access to the firewall settings. All of my Access Connections location profiles, including
the DHCP profile that I use at some locations that are not regular stops at work, are set
to use the Level3 DNS entries.
Dale H. Cook, Roanoke/Lynchburg, VA
Osborne 1 / Kaypro 4-84 / Kaypro 1 / Amstrad PPC-640
http://plymouthcolony.net/starcity/radios/index.html
13 Nov
13 Nov
1:04 p.m.
No problem. Just make sure that emails from my friend the rich Nigerian
prince get through! He's been talking to my banker at the UN.
On Thu, Nov 12, 2015 at 7:25 PM, Jay West <jwest at classiccmp.org> wrote:
Apologies, not sure how that got through.
Maybe a listmember got address-book-malware. Will see if the headers reveal
anything that is easy to spot.
J
3168
days inactive
3179
days old
28 comments
20 participants
participants (20)
-
bfranchuk@jetnet.ab.ca -
cclist@sydex.com -
cramcram@gmail.com -
dave.g4ugm@gmail.com -
echristopherson@gmail.com -
geneb@deltasoft.com -
jhfinedp3k@compsys.to -
jwest@classiccmp.org -
katelists@trouts.org -
lbickley@bickleywest.com -
mouse@Rodents-Montreal.ORG -
other@oryx.us -
paulkoning@comcast.net -
radiotest@juno.com -
radiotest@plymouthcolony.net -
tdk.knight@gmail.com -
toby@telegraphics.com.au -
trash80@internode.on.net -
woyciesjes@sbcglobal.net -
wulfman@wulfman.com