[conspire] conspire list hacked?

paulz at ieee.org paulz at ieee.org
Mon Feb 18 10:32:00 PST 2019


 Thanks for details.  IMHO there is far to much "editing" these days for the fields for From, Sender and Reply To.Several popular email groups default all replies to the group and make it awkward to address just the original sender.
Regarding USB cables.  Before USB there were serial ports.  In those days, we all had a variety of devices with the DB-9 connector.  Using a new connector with an older device was a challenge.  Several companies offered adapter cables.  The ones by FTDI actually worked well.  On the outside they looked like a simple cable with USB A connector on one end and DB9 on the other.  Molded into the cable was a custom chip that provided an active interface.  More than once, I had to explain to someone that they couldn't just use an Ohmmeter to figure out the pin connections.  


    On Sunday, February 17, 2019, 12:33:19 PM PST, Rick Moen <rick at linuxmafia.com> wrote:  
 
 Quoting Paul Zander (paulz at ieee.org):

> I just had an odd email.  From the list of messages, it appeared to have come from the Conspire list.  After reading it, I found the deception.
> 
> From: AddThis Share Tools <email at addthis.com>
> To:conspire at linuxmafia.com

Short version, no.  That's not what happened.  Longtime CABAL member
Howard Sussman was sharing a news item at online news site
bleepingcomputer.com about yet another variety of malign USB cable using
'social bookmarking service' AddThis.



Longer version:

It's good to do SMTP header analysis, so I applaud your trying that, but
the From: header in this case was a forgery.  You have to look more
closely:

Received: from mtaout-63225-pao.dynect.net ([208.76.63.225])
        by linuxmafia.com with esmtp (Exim 4.72)
        (envelope-from <bounces+conspire=linuxmafia.com at dynect-mailer.net>)
        id 1gvQdI-0006Ax-9v
        for conspire at linuxmafia.com; Sun, 17 Feb 2019 09:53:47 -0800
Date: Sun, 17 Feb 2019 17:53:33 +0000
To: conspire at linuxmafia.com
From: AddThis Share Tools <email at addthis.com>
Sender: howard at scsurplus.com
Message-Id: <20190217175333.05FEB8065238 at legacyapi6-26-ussnn1.prod.dc.dynback.net>
X-EmailId: 60142745-6f8b-4dc1-84d7-7bcac5625aa0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-DynectEmail-Msg-Hash: byPkDFxves6EOGDn1peRNeIe02OIJH5CdLqxMLzUeO9TUD/XOys5iQVFOJgG2lVE4Nf69NZkK5bXDdejdLf1xizM7c3ogfa/3eNIaiVFqU4aDGeIn06gDdDYreEWCltIX-DynEmail-Meta: DLxwAJvSJ4XoNxJj5ByihG5HNWSXz7iF2aj8J2FkVGiHAzW5GSuo83q1QAF5S0Ptyf/y+Jd3EDB4XoNMp05DMGeo/94RBwKRt0DA7AXSUCd7RwGh5dJm9sJxXc9IdTM+GKLO2KkSdKRHr/n9eM5C2p35DhB1Wb0eU3YsZPQJame9AArDRM8Jw8Ap6VvDx4zrGjgAJRsrBWPaubjuL e3XLC6VFi0djvK8sVKSQSUMo3o=
X-DynectEmail-Msg-Key: 20190217175333.0000009f8ace at mail6-64-ussnn1
X-DynectEmail-X-Headers:
X-Feedback-ID: UXVpYmlkc1ZNVEFz:489773:423886:dyn06
X-SA-Exim-Connect-IP: 208.76.63.225


So, it actually got robo-sent through the workstation of subscriber
Howard Sussman <howard at scsurplus.com> by business called Clearspring
Technologies d/b/a AddThis.  There is an AddThis 'share' button on many
Web sites, that Web-browsing users can use to notify their friends about
links.  And so, the takeaway is that Howard was using that widget to 
let Conspire users know about the 'New Offensive USB Cable Allows Remote
Attacks over WiFi' story at BleepingComputer.

Since I don't see an AddThis widget on that story itself, I suspect
Howard saw mention of the story on a third-party news-aggregation site
that has the AddThis 'share' widget.

Howard, to avoid this sort of follow-up discussion, you might want to
just post links directly to Conspire _yourself_, and not using 'share'
widgets.  (For one thing, those widgets might do other mischief.)



_______________________________________________
conspire mailing list
conspire at linuxmafia.com
http://linuxmafia.com/mailman/listinfo/conspire
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20190218/99db4868/attachment.html>


More information about the conspire mailing list