cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ovidiu Predescu <ovi...@cup.hp.com>
Subject Re: viruses from committer addresses
Date Wed, 24 Apr 2002 18:32:16 GMT
On Wed, 24 Apr 2002 12:09:43 +0200, "Nicola Ken Barozzi" <nicolaken@apache.org> wrote:

> From: "Christian Haul" <haul@dvs1.informatik.tu-darmstadt.de>
> 
> > On 24.Apr.2002 -- 05:43 PM, David Crossley wrote:
> > > Christian, what are you suggesting with your PKI enquiry above.
> >
> > David, if developers' public keys were available and we would sign our
> > messages, it would be easier to decide whether to trust a mail. OTOH
> > it's not common practice to exchange e.g. word documents or
> > executables amongst us. And patches are either committed by the
> > originator or reviewed anyway.
> > So I reckon it's not worth pursuing this lead any further.
> 
> Look at what the Ant-dev list just got.
> Freaky 8-S
> 
> Isn't there a way to pursue these threats?

The messages that we all got are different in a subtle, but important
way. It appears that the attackers collect the email address
information from public Web sites and then send messages directly to a
person, without going through any mailing list software. The messages
appear to be sent by somebody you know or spoke with in the past,
because they probably correlate the email addresses they collect in
their databases.

So there's no way a software installed at Apache or anywhere else can
protect you as an individual, from receiving these messages. That's
why this attack is so dangerous.

The only thing you can probably do is to look in the headers to find
the gateway that relayed the original message, and report that to spam
fighting groups, like http://mail-abuse.org/. You can then make use of
spam filtering tools to filter these messages. Check out
http://mail-abuse.org/rbl/usage.html for a list of them. I use blcheck
together with procmail to filter out most of the spam, but some is
still left.

Regards,
-- 
Ovidiu Predescu <ovidiu@cup.hp.com>
http://www.geocities.com/SiliconValley/Monitor/7464/ (GNU, Emacs, other stuff)

---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org


Mime
View raw message