[conspire] conspire list hacked?

Sun Feb 17 12:28:31 PST 2019

Quoting Paul Zander (paulz at ieee.org):

> I just had an odd email.  From the list of messages, it appeared to have come from the Conspire list.  After reading it, I found the deception.
> 
> From: AddThis Share Tools <email at addthis.com>
> To:conspire at linuxmafia.com

Short version, no.  That's not what happened.  Longtime CABAL member
Howard Sussman was sharing a news item at online news site
bleepingcomputer.com about yet another variety of malign USB cable using
'social bookmarking service' AddThis.

Longer version:

It's good to do SMTP header analysis, so I applaud your trying that, but
the From: header in this case was a forgery.  You have to look more
closely:

Date: Sun, 17 Feb 2019 17:53:33 +0000
To: conspire at linuxmafia.com
From: AddThis Share Tools <email at addthis.com>
Sender: howard at scsurplus.com
Message-Id: <20190217175333.05FEB8065238 at legacyapi6-26-ussnn1.prod.dc.dynback.net>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

So, it actually got robo-sent through the workstation of subscriber
Howard Sussman <howard at scsurplus.com> by business called Clearspring
Technologies d/b/a AddThis.  There is an AddThis 'share' button on many
Web sites, that Web-browsing users can use to notify their friends about
links.  And so, the takeaway is that Howard was using that widget to 
let Conspire users know about the 'New Offensive USB Cable Allows Remote
Attacks over WiFi' story at BleepingComputer.

Since I don't see an AddThis widget on that story itself, I suspect
Howard saw mention of the story on a third-party news-aggregation site
that has the AddThis 'share' widget.

Howard, to avoid this sort of follow-up discussion, you might want to
just post links directly to Conspire _yourself_, and not using 'share'
widgets.  (For one thing, those widgets might do other mischief.)