Apologies for the "Look" spam!

Adam Engst - 11:03am Aug 28, 2007 PST

Hi everyone,

My sincere apologies to the 10,000 or so people who received spam
sent through our TidBITS text issue list today. Joe alerted me to the
problem while I was out picking up Tristan at his grandmother's
house, so I rushed home to deal with it. When I saw that our server
still had some 12,000 messages to deliver, I shut it down and deleted
the entire outgoing mail queue. After examining the traces of what
happened, I don't believe it was a targeted attack, just the result
of an automated spam program happening to forge mail to and from
exactly the wrong addresses in such a way to evade various anti-spam
blockades we have in place. I believe that I've identified the hole
and plugged it, and that this shouldn't be possible again. I feel
terrible about allowing this to happen, and again, I apologize for
the inconvenience.

with little cheer... -Adam

--
Adam C. Engst, TidBITS Publisher <http://www.tidbits.com/adam/>

Mark as Read

Bonobo (apparently) - Aug 29, 2007 2:27 am (#1 Total: 6)

via email - Teacher for media design/operating, SW-Trainer, consultant

Posts: 19

Re: Apologies for the "Look" spam!

Adam C. Engst schrieb:

> again, I apologize for the inconvenience.

No problem for me, since I got only one of these mails from TidBITS
;-) But I was a bit worried about TitBITS at whole since I thought I
wasn't the only one to get it ... hopefully not too many people
swamped you with notifiying mails (like I did :-!).

> with little cheer...

Come on, cheer up, you solved it, and I'm sure your subscribers will
understand and keep their faith. So, now get back to your family and
enjoy yourselves ;-)

Lotsa cheers (to fill up your cheer reservoir) from Germany,

Tom

aking (apparently) - Aug 29, 2007 2:27 am (#2 Total: 6)

via email

Posts: 19

Re: Apologies for the "Look" spam!

On 8/28/07 3:03 PM, "Adam C. Engst" wrote:

>I apologize for the inconvenience.
>
> with little cheer... -Adam

I was completely expecting to find a "Take Control of Your Medications" on
the other side of the link... If I were to click it that is ;-)

Seriously, from one Adam to another, it was absolutely no inconvenience.
Glad you tracked it down without too much hassle.

Adam

Adam Engst - Aug 29, 2007 7:53 am (#3 Total: 6)

Posts: 8095

Re: Apologies for the "Look" spam!

Thanks to everyone (on this thread and in private mail) - the
messages have been nearly universally encouraging. It's worth noting
that this was not a full security breach of the server itself - just
a single message made it through, and it was in no way related to the
fact that the server is an Xserve running Mac OS X.

This particular spammer seems to be sending a lot of messages that
use addresses in the same domain for both From and To. I've gotten
similar spams "from" myself and Matt, and Postini caught a slew of
them (just not the important one!) as well. This isn't a new
technique, but something about it seems a bit different in terms of
slipping past filters. Perhaps it's the relatively small amount of
text.

cheers... -Adam

dr (apparently) - Sep 2, 2007 2:32 am (#4 Total: 6)

via email

Posts: 514

Re: Apologies for the "Look" spam!

Adam C. Engst wrote:
> Thanks to everyone (on this thread and in private mail) - the
> messages have been nearly universally encouraging. It's worth noting
> that this was not a full security breach of the server itself - just
> a single message made it through, and it was in no way related to the
> fact that the server is an Xserve running Mac OS X.
>
> This particular spammer seems to be sending a lot of messages that
> use addresses in the same domain for both From and To. I've gotten
> similar spams "from" myself and Matt, and Postini caught a slew of
> them (just not the important one!) as well. This isn't a new
> technique, but something about it seems a bit different in terms of
> slipping past filters. Perhaps it's the relatively small amount of
> text.

Interesting. While at first glance it would make sense to block emails with this attribute I can see two cases where it would not.

1. I send emails to myself to create an online reference to something. Since my email and my business clients' emails are IMAP based this allows me to put up information that I can get to later from various locations.

2. In a similar vein, when I'm not at MY computer I will sometimes send an email to some folks and CC (or TO if I slip up) myself.

Neither of this would seem to apply to this list so maybe you could just block on that attribute?

David Ross

Richard Rucker - Sep 3, 2007 2:15 am (#5 Total: 6)

Guest User

Posts: 1

Re: Apologies for the "Look" spam!

On Sep 2, 2007, at 6:32 AM, David Ross wrote:

> 1. I send emails to myself to create an online reference to
> something. Since my email and my business clients' emails are IMAP
> based this allows me to put up information that I can get to later
> from various locations.
>
> 2. In a similar vein, when I'm not at MY computer I will sometimes
> send an email to some folks and CC (or TO if I slip up) myself.

I do that routinely for similar reasons. I also save all Sent
messages with Bcc addresses included. Occasionally comparing the two
versions of the same message has revealed interesting differences and
has alerted me to problems.

Dick

jwbaxter (apparently) - Sep 3, 2007 2:15 am (#6 Total: 6)

via email

Posts: 70

Re: Apologies for the "Look" spam!

On Sep 2, 2007, at 3:32 AM, David Ross wrote:

> 1. I send emails to myself to create an online reference to
> something. Since my email and my business clients' emails are IMAP
> based this allows me to put up information that I can get to later
> from various locations.

And, too, email to self is how one rescues "Notes" from the iPhone
(at least until Leopard, when they likely will sync with Notes in
Mail). That also doesn't apply to this list (and in the case of many
of us, doesn't have to be from and to the same account anyhow).

--John

TidBITS TidBITS TidBITS Talk Apologies for the "Look" spam!

Apologies for the "Look" spam!

Add a message