LISTSERV at the University of Georgia
Menubar Imagemap
Home Browse Manage Request Manuals Register
Previous messageNext messagePrevious in topicNext in topicPrevious by same authorNext by same authorPrevious page (October 2001, week 5)Back to main SAS-L pageJoin or leave SAS-L (or change settings)ReplyPost a new messageSearchProportional fontNon-proportional font
Date:         Wed, 31 Oct 2001 13:46:46 -0800
Reply-To:     "Karsten M. Self" <kmself@IX.NETCOM.COM>
Sender:       "SAS(r) Discussion" <SAS-L@LISTSERV.UGA.EDU>
From:         "Karsten M. Self" <kmself@IX.NETCOM.COM>
Subject:      OT:  Mail authentication (was Re: Demand for our new)
In-Reply-To:  <>;
              from raypass@ATT.NET on Wed, Oct 31, 2001 at 01:19:55PM -0500
Content-Type: multipart/signed; micalg=pgp-sha1;

on Wed, Oct 31, 2001 at 01:19:55PM -0500, Ray Pass (raypass@ATT.NET) wrote: > SAS-L, > > I just spoke with Ben Cochran (I've known Ben for years - he is an > ex-SASie now out on his own for a number of years) and as I suspected, > he is NOT sending out these bogus messages. He is aware that his home > machine was infected a while back, but he thought hat he had dealt > with it via McAfee. Anyway, he's out of town today but promises to > purchase the latest Norton Anti Virus tonight (on my recommendation) > and deal with the situation. He asked me to post this to SAS-L as he > is not currently even subscribed. I'm sure that he will do all that > he can to end this nonsense on his machine.

Incidentally, a similar incident, though in this case a spoofed email address no longer in use (indeed the domain no longer exists) prompted me to begin signing my emails with GPG ( The attachments some of y'all see on my email are an encoding of the original text message (this is done to tell various, compliant, software not to mess with the content as this breaks the system), and a signature, computed as a one way hash function, against the contents of and what's called a private key.

With access to my public key (posted to various GPG/PGP keyservers worldwide), it's possible to ascertain that:

- The message originated from a specified key. The task then is to determine whether or not you're familiar with this key, and whether or not you've grounds to trust it.

- The message has not been modified or changed in any way since it was signed. This is the reason for the encoding, mentioned above. The SAS-L listserv, for example, is noncompliant, and replaces tab characters with spaces, generally affecting posts in which I've included code samples, as I indent to indicate structure.

Note that the signature block isn't the same for every message, but is dependent on the contents.

My policy regarding email: the burden of identification rests with the recipient. If you haven't taken reasonable means to determine that I am the author of a message, the assumption should be that its status is indeterminate. A GPG signature provides a mechanism to this means. As I have no way of determining what messages you've received claiming to be from me, the onus cannot rest on the sender.

Use of encryption, exploit-averse operating systems, and non-exploitable email clients is another lesson.

Incidentally, someone might want to confirm that Ben is or isn't a Mindspring customer, as that's where the email in question appears to have originated (mail header forgeries were previously touched on here, but the detailed lecture is also deferred).


-- Karsten M. Self <> What part of "Gestalt" don't you understand? Home of the brave Land of the free Free Dmitry! Boycott Adobe! Repeal the DMCA! Geek for Hire


Back to: Top of message | Previous page | Main SAS-L page