[time-nuts] parking lot location (was2 (Spoofing))

Fri Apr 20 22:59:34 UTC 2012

No, there are a lot more messages from him since at least 2008 and last 
one in the chinese scopes thread some days ago. The e-mail origin seems 
quite authentic from the headers, so I suspect he has sent it to the 
list in error :)

Rgds,

Javier

El 21/04/2012 00:50, Bill Hawkins escribió:
> [Parking lot location details deleted]
>
> While clearly not spam, the only other time Mr. Darlington's name appears
> in this group in the 12,459 low noise messages since 12/31/2010 was the
> following:
>
> -----Original Message-----
> From: Robert Darlington
> Sent: Tuesday, October 04, 2011 4:07 PM
> To: jfor at quikus.com; Discussion of precise time and frequency measurement
> Subject: Re: [time-nuts] 2 (Spoofing)
>
> So that no more goes out to the list.  It does nothing to stop the problem.
> I'd have to look at the headers but based on what I'm hearing it sounds like
> his mail server is wide open, OR, somebody on the same network/isp is
> spamming.
>
> -Bob
>
> On Tue, Oct 4, 2011 at 2:54 PM, J. Forster<jfor at quikus.com>  wrote:
>
> I agree with that picture.
>
> The sad thing is that the spammer can do it to Jeff essentially forever.
> There is little that can be done, other than change his email address,
> because the spammer has both his email address and a list of sites where
> that email address is trusted.
>
> As a Moderator (not of this group) I immediately moderate any such
> spamming email addresses, so at least no further spam goes out.
>
> Best,
> -John
>
>   ====================
>
>   From the looks of it:
>
>   1. The bad guys imported/stole Jeff's address book (via social networking
>   ABI hijack, or PC infection).
>
>   2. The bad guys then spammed (from 84.27.224.19 in the Netherlands) to the
>   contacts they stole from Jeff's address book (and spoofing as "Jeff").
>
>   This is troubling because it could happen to any one of us (if we have an
>   address book and it gets hijacked).
>
>   Per John's previous message, I would be leery of social network ABI
>   (Address Book Import) for one thing.
>
>   -Greg
>
>
> ----- Original Message -----
> From: "Chuck Harris"<cfharris at erols.com>
> Sent: Tuesday, October 04, 2011 2:04 PM
> Subject: Re: [time-nuts] 2 (Spoofing)
>
> I'm not convinced.  Notice that the to: line contains a list of addresses
> that look like they would belong in a time-nut's address book.  That
> wouldn't be beneficial, or necessary if the spammer was spoofing his way
> into febo's servers.
>
> I think this came from a spambot running on jeff's machine, and it emailed
> the payload to as many places as it dared... one of them happened to be the
> time-nuts address used for posting messages.
>
> -Chuck Harris
>
> gbusg wrote:
> The spam message in question was apparently spoofed and did not originate
> from Jeff's PC. In the message header, note the Originating-IP was
> [84.27.224.19]. That IP address originates from a server at [Netherlands
> Groningen Ziggo B.v]. Jeff's actual IP address (which I won't repeat
> here) is significantly different and is located in the U.S.A.
>
> Chuck, I think somehow the spoofers have overcome the obstacle you
> mention, unfortunately. (Otherwise how did the user of the Netherlands
> server manage to get spam through to our group?)
>
> -Greg
>
>
> This is the message that started it all:
>
> -----Original Message-----
> From: jeffhook at comcast.net
> Sent: Tuesday, October 04, 2011 4:42 AM
> To: lroden60 at yahoo.com; ronrudd2 at mindspring.com; smbietz at verizon.net;
> stacielee at comcast.net; time-nuts at febo.com; trytob10 at gmail.com;
> warrensjmail-one at yahoo.com
> Subject: [time-nuts] 2
>
> Have ever been to the best on-line shop? This is it! [link to a French
> ceramic pottery shop deleted].
>
> End of old messages happens here.
>
> OB timenuts: Time hung heavy on my hands.
>
> Bill Hawkins
>
>
>
>
> _______________________________________________
> time-nuts mailing list -- time-nuts at febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
> and follow the instructions there.
>
>