<html><head></head><body><div class="ydpa4878c29yahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:13px;"><div></div>
        <div>Thanks for details.  IMHO there is far to much "editing" these days for the fields for From, Sender and Reply To.</div><div>Several popular email groups default all replies to the group and make it awkward to address just the original sender.</div><div><br></div><div>Regarding USB cables.  Before USB there were serial ports.  In those days, we all had a variety of devices with the DB-9 connector.  Using a new connector with an older device was a challenge.  Several companies offered adapter cables.  The ones by FTDI actually worked well.  On the outside they looked like a simple cable with USB A connector on one end and DB9 on the other.  Molded into the cable was a custom chip that provided an active interface.  More than once, I had to explain to someone that they couldn't just use an Ohmmeter to figure out the pin connections.  <br></div><div><br></div><div><br></div>
        
        </div><div id="ydp8b036554yahoo_quoted_0832480602" class="ydp8b036554yahoo_quoted">
            <div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
                
                <div>
                    On Sunday, February 17, 2019, 12:33:19 PM PST, Rick Moen <rick@linuxmafia.com> wrote:
                </div>
                <div><br></div>
                <div><br></div>
                <div>Quoting Paul Zander (<a shape="rect" href="mailto:paulz@ieee.org" rel="nofollow" target="_blank">paulz@ieee.org</a>):<br clear="none"><br clear="none">> I just had an odd email.  From the list of messages, it appeared to have come from the Conspire list.  After reading it, I found the deception.<br clear="none">> <br clear="none">> From: AddThis Share Tools <<a shape="rect" href="mailto:email@addthis.com" rel="nofollow" target="_blank">email@addthis.com</a>><br clear="none">> To:<a shape="rect" href="mailto:conspire@linuxmafia.com" rel="nofollow" target="_blank">conspire@linuxmafia.com</a><br clear="none"><br clear="none">Short version, no.  That's not what happened.  Longtime CABAL member<br clear="none">Howard Sussman was sharing a news item at online news site<br clear="none">bleepingcomputer.com about yet another variety of malign USB cable using<br clear="none">'social bookmarking service' AddThis.<br clear="none"><br clear="none"><br clear="none"><br clear="none">Longer version:<br clear="none"><br clear="none">It's good to do SMTP header analysis, so I applaud your trying that, but<br clear="none">the From: header in this case was a forgery.  You have to look more<br clear="none">closely:<br clear="none"><br clear="none">Received: from mtaout-63225-pao.dynect.net ([208.76.63.225])<br clear="none">        by linuxmafia.com with esmtp (Exim 4.72)<br clear="none">        (envelope-from <bounces+conspire=<a shape="rect" href="mailto:linuxmafia.com@dynect-mailer.net" rel="nofollow" target="_blank">linuxmafia.com@dynect-mailer.net</a>>)<br clear="none">        id 1gvQdI-0006Ax-9v<br clear="none">        for <a shape="rect" href="mailto:conspire@linuxmafia.com" rel="nofollow" target="_blank">conspire@linuxmafia.com</a>; Sun, 17 Feb 2019 09:53:47 -0800<br clear="none">Date: Sun, 17 Feb 2019 17:53:33 +0000<br clear="none">To: <a shape="rect" href="mailto:conspire@linuxmafia.com" rel="nofollow" target="_blank">conspire@linuxmafia.com</a><br clear="none">From: AddThis Share Tools <<a shape="rect" href="mailto:email@addthis.com" rel="nofollow" target="_blank">email@addthis.com</a>><br clear="none">Sender: <a shape="rect" href="mailto:howard@scsurplus.com" rel="nofollow" target="_blank">howard@scsurplus.com</a><br clear="none">Message-Id: <<a shape="rect" href="mailto:20190217175333.05FEB8065238@legacyapi6-26-ussnn1.prod.dc.dynback.net" rel="nofollow" target="_blank">20190217175333.05FEB8065238@legacyapi6-26-ussnn1.prod.dc.dynback.net</a>><br clear="none">X-EmailId: 60142745-6f8b-4dc1-84d7-7bcac5625aa0<br clear="none">Content-Type: text/plain; charset="utf-8"<br clear="none">Content-Transfer-Encoding: quoted-printable<br clear="none">MIME-Version: 1.0<br clear="none">X-DynectEmail-Msg-Hash: byPkDFxves6EOGDn1peRNeIe02OIJH5CdLqxMLzUeO9TUD/XOys5iQVFOJgG2lVE4Nf69NZkK5bXDdejdLf1xizM7c3ogfa/3eNIaiVFqU4aDGeIn06gDdDYreEWCltIX-DynEmail-Meta: DLxwAJvSJ4XoNxJj5ByihG5HNWSXz7iF2aj8J2FkVGiHAzW5GSuo83q1QAF5S0Ptyf/y+Jd3EDB4XoNMp05DMGeo/94RBwKRt0DA7AXSUCd7RwGh5dJm9sJxXc9IdTM+GKLO2KkSdKRHr/n9eM5C2p35DhB1Wb0eU3YsZPQJame9AArDRM8Jw8Ap6VvDx4zrGjgAJRsrBWPaubjuL e3XLC6VFi0djvK8sVKSQSUMo3o=<br clear="none">X-DynectEmail-Msg-Key: <a shape="rect" href="mailto:20190217175333.0000009f8ace@mail6-64-ussnn1" rel="nofollow" target="_blank">20190217175333.0000009f8ace@mail6-64-ussnn1</a><br clear="none">X-DynectEmail-X-Headers:<br clear="none">X-Feedback-ID: UXVpYmlkc1ZNVEFz:489773:423886:dyn06<br clear="none">X-SA-Exim-Connect-IP: 208.76.63.225<br clear="none"><br clear="none"><br clear="none">So, it actually got robo-sent through the workstation of subscriber<br clear="none">Howard Sussman <<a shape="rect" href="mailto:howard@scsurplus.com" rel="nofollow" target="_blank">howard@scsurplus.com</a>> by business called Clearspring<br clear="none">Technologies d/b/a AddThis.  There is an AddThis 'share' button on many<br clear="none">Web sites, that Web-browsing users can use to notify their friends about<br clear="none">links.  And so, the takeaway is that Howard was using that widget to <br clear="none">let Conspire users know about the 'New Offensive USB Cable Allows Remote<br clear="none">Attacks over WiFi' story at BleepingComputer.<br clear="none"><br clear="none">Since I don't see an AddThis widget on that story itself, I suspect<br clear="none">Howard saw mention of the story on a third-party news-aggregation site<br clear="none">that has the AddThis 'share' widget.<br clear="none"><br clear="none">Howard, to avoid this sort of follow-up discussion, you might want to<br clear="none">just post links directly to Conspire _yourself_, and not using 'share'<br clear="none">widgets.  (For one thing, those widgets might do other mischief.)<br clear="none"><br clear="none"><br clear="none"><br clear="none">_______________________________________________<br clear="none">conspire mailing list<div class="ydp8b036554yqt2021872006" id="ydp8b036554yqtfd39858"><br clear="none"><a shape="rect" href="mailto:conspire@linuxmafia.com" rel="nofollow" target="_blank">conspire@linuxmafia.com</a></div><br clear="none"><a shape="rect" href="http://linuxmafia.com/mailman/listinfo/conspire" rel="nofollow" target="_blank">http://linuxmafia.com/mailman/listinfo/conspire</a><div class="ydp8b036554yqt2021872006" id="ydp8b036554yqtfd41255"><br clear="none"></div></div>
            </div>
        </div></body></html>