About email spoofing

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 16:00

Is the circulation of the Cyprus Today newspaper that low that no-one saw Daniel on the front page of Cyprus Today. It was the biggest headline of the week! AND no-one has mentioned it here!



Please tell me that I am paranoid.



---

Izzet: I've changed the topic title from "Daniel Alldred - not just a fantastic guitarist!" to "About email spoofing" to fit better.

Pugwash


Joined: 06/09/2010
Posts: 1797

Message Posted:
26/09/2010 16:03

You are paranoid.

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
26/09/2010 16:03

i was going to ask you face to face paul,as i never buy that toilet paper,but i did hear in a couple places about the article.



off thread a min.some thing serious has gone on up the mountain road i think,ambulances,fire engines,fire landrover,i think with cutting out tools,many police cars, hope its not to bad



Look forward to hearing the full story from you rather than the news paper

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 16:04

Thanks Pugwash, I was beginning to think that everyone just hated me!

apc2010


Joined: 28/07/2010
Posts: 1689

Message Posted:
26/09/2010 16:05

does it play it....



http://www.last.fm/music/Black+Sabbath/_/Paranoid

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 16:10

apc2010 - 'it' plays everything!

apc2010


Joined: 28/07/2010
Posts: 1689

Message Posted:
26/09/2010 16:11

sorry typo should say he,,,, apologies ...no disrepect meant ...

oldshep


Joined: 02/11/2008
Posts: 609

Message Posted:
26/09/2010 16:23

whats happening up the mountain can hear all the sirens hope no one hurt

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 16:24

apc2010 apologies accepted, but why wasn't Daniel wanted at last night Gig?

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
26/09/2010 16:24

i was just a little confused then apc2010



i had to re-look where I AND T AND H AND E was on my keyboard

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
26/09/2010 16:25

paul. if your son had of played also,it would of gone on until 3am.funkymonkey did not finish until 2am i think it was.

apc2010


Joined: 28/07/2010
Posts: 1689

Message Posted:
26/09/2010 16:26

dyslexia rules ko .....sometime i thought you knew zero...

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 16:28

Dave, he offered to open the show with one number Canon Rock by Gerry C - http://www.youtube.com/watch?v=by8oyJztzwo

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
26/09/2010 16:30

apc2010



Dont you pinch my real excuse for my bad spelling.



ive only learnt partially to spell since useing a computer since 2000.



Before then i did not read or write,i still do not write,but type very quickly.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 16:34

Feel free to comment on the story in the Cyprus Today

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 16:41

BUT, Richard Currie didn't want to know......everyone missed out!

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
26/09/2010 16:42

oh well paul,maybe next time !!



http://www.youtube.com/watch?v=syHA0PJxu24

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 16:47

Hi Dave, the next time will be for our own charity choice with transparent, online donation publication and no 'manipulation'

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 17:09

BUT, what about Dan's discovery re: Microsoft - what does Izzet think about this?

johndp


Joined: 08/09/2009
Posts: 497

Message Posted:
26/09/2010 17:35

Paul give it a rest are you trying to acchieve notoriety again

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 17:37

johndp - OK, you don't appreciate the significance. Not everyone is on the same level!

DutchCrusader



Joined: 19/05/2008
Posts: 11281

Message Posted:
26/09/2010 17:37

Washerman, why don't you publish here what Microsoft said in the reply mail? And what did Microsoft do about "the fault in the Operating System" you claim your son found? Any news about it on the Internet (I can't find it yet)?

fiendishpaul


Joined: 18/05/2008
Posts: 1720

Message Posted:
26/09/2010 17:38

Washerman



If I was Dan, I would be extremely embarassed that my father was using me to stroke his own ego. I have never heard Dan play so cannot comment on his guitar playing ability and having read the article in CT, understand that he had found a way that a genuine webpage could be replicated as part of a phishing scam - well done him.



As most people on the forum are not that tech savvy, they probably don't understand much of the article, are probably not that interested in the subject and have therefore refrained from commenting. Whilst you seem to think otherwise, I doubt if the lack of comments is meant as an affront to either yourself or your son. Paranoid........not yet, but you could be getting there



Paul

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 17:39

Some people!

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 17:41

Fiendishpaul, I would just be embarrased to be your father!

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 17:42

The old school, just can't stand the youngsters coming on, can they?

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 17:45

Dutch, itch, itch!

vincent1


Joined: 20/07/2009
Posts: 212

Message Posted:
26/09/2010 17:47

Washerman.



You really are very very sad. Your son must be extremely embarrassed by your pathetic behaviour.

Would anyone want to conduct business with someone like you? Very unlikely.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 17:48

How very sad you are!

dogeared


Joined: 02/09/2010
Posts: 45

Message Posted:
26/09/2010 17:49

i can not help but wonder what he was doing to " stumble" on the issue ???

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 17:51

Vincent, I notice from your profile that you are divorced? Without antagonisng other divorcees, any particular reason?

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 17:52

Well, pathetic!

fiendishpaul


Joined: 18/05/2008
Posts: 1720

Message Posted:
26/09/2010 17:59

Washerman



I have no axe to grind with you, I just think that it does you no favours to bring your son into your 'dispute' on the forum.



As for your comments at message 25:

1. You don't know me.

2. My father died 35 years ago when I was 11 years old so never had the chance to see me become an adult. I'd like to think that he would have been proud of my 'achievements' but not to the point where I would consider his 'pride' as over the top.



As I said in my previous post, well done Dan for his discovery but I too must profess to not entirely understanding what it was all about. I think you need to be a little less touchy about how you perceive some of the posts on the forum. Chill out fella



Regards



Paul

DutchCrusader



Joined: 19/05/2008
Posts: 11281

Message Posted:
26/09/2010 18:06

This was my question "Washerman, why don't you publish here what Microsoft said in the reply mail? And what did Microsoft do about "the fault in the Operating System" you claim your son found? Any news about it on the Internet (I can't find it yet)?"



And this is your answer: Duch, itch, itch!



Is this the style and behaviour of a grown-up, 50 year old (sane?) man?



Oh well, it must be a matter of little time before the news papers of this world will copy (and check!) your story in Cyprus Today. When they come out en masse to make pictures of you and your son - don't forget to make him hold a guitar also.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 18:06

Paul - be an observer and you will learn more!

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 18:08

Dutch - I don't know what to say except - Jealousy drives people to say stupid things!

fiendishpaul


Joined: 18/05/2008
Posts: 1720

Message Posted:
26/09/2010 18:09

Observe what ????



Learn what ???



Confused of Dogankoy

DutchCrusader



Joined: 19/05/2008
Posts: 11281

Message Posted:
26/09/2010 18:18

"Jealousy"? Washerman, your texts in several threads of C44 make me fear that there is a serious fault in your operating system.

vincent1


Joined: 20/07/2009
Posts: 212

Message Posted:
26/09/2010 18:20

Washerman.



I did see your photo in the newspaper.



Are you Lord Lucan ?

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 18:21

Dutch. Just accept your age and retire gracefully!

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 18:22

Vincent1 - NO, everyone knows my identity!

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
26/09/2010 18:44

messsage 38



im sure the paper says his son discoverd that fault !!

vincent1


Joined: 20/07/2009
Posts: 212

Message Posted:
26/09/2010 18:54

Washerman.



Yes everyone knows who you are.



It can't be good for business though !

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
26/09/2010 19:00

vincent1



im still trying to work out why or how if a man gives good or great customer satisfaction in his business,by the way im talking about any business in general but speaks there mind in a open forum and tries to be honest that this could be harmful to ones business?



People in business i think also should be able to have a opinion,and a true honest opinion without it affecting there business,or maybe im wrong,but i wish some 1 would please explain to me why a business outside of his business hours should have to sit on the fence and be non commital.?



Or do all business people have to lie to become successful in business or north cyprus?

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
26/09/2010 19:16

Dave, I wish I was as eloquent as you! Vincent 1, stop twitching!

Krypton


Joined: 02/09/2010
Posts: 179

Message Posted:
26/09/2010 23:58

Paul stop now. you made an exciting discovery but not everyone is as 'over the moon' about it as you are. Did your discovery make the front page of any international publications, as presumably what you discoverd effected 'the world'. i would agree with Dutch, are you going to post microsofts response

nurseawful



Joined: 06/02/2009
Posts: 5934

Message Posted:
27/09/2010 00:20

Paul well done to you and Daniel, you must be really proud. I would be if it was my son, but for your own sanity and don't take this the wrong way, please let Daniel make his own way in the world and be recognised as himself for his achievements.



Take it from one who has been there and made the mistakes as a parent.



Chris

Blackpoolfan


Joined: 03/12/2008
Posts: 1568

Message Posted:
27/09/2010 00:58

Who Cares ?????????????

negativenick


Joined: 10/11/2008
Posts: 6023

Message Posted:
27/09/2010 07:38

mes 48 - we care ! - he's actually a pretty sh*t hot guitar player

Groucho



Joined: 26/04/2008
Posts: 7993

Message Posted:
27/09/2010 07:46

If your son is genuinely the first person on the planet to discover and report this security flaw well done him.



Whenever I've reported problems to Microsoft, Oracle, Digital Research, Business Objects they have always said thanks but we know and are already sending out or working on a fix....



Hopefully Dan will be celebrated when the 'Microsoft-Alldred Patch' is sent out... but don't hold your breath.

martinD41


Joined: 06/09/2010
Posts: 3001

Message Posted:
27/09/2010 08:18

Hang On!! Your son found a fault with Microsoft E-Mail system,then used the faulty system to notify Microsoft????

Would a FAX not have been safer ?

doppelganger


Joined: 08/09/2010
Posts: 147

Message Posted:
27/09/2010 08:41

can we see the reply if any from Microsoft please ?



if no reply tell us there has been none.



thanks

vincent1


Joined: 20/07/2009
Posts: 212

Message Posted:
27/09/2010 10:35

Surely if Daniel had discovered a major flaw in a Microsoft system some sort of reply would have been received by now from them?

Before Cyprus Today made this story front page news should they have not contacted Microsoft to check the validity of this claim?

DutchCrusader



Joined: 19/05/2008
Posts: 11281

Message Posted:
27/09/2010 10:55

RE msg 53, Vincent1: You are right to ask the question. But when I asked a similar question in another thread (being keen on Internet safety for my wife's PC with Windows 7 and my Macintoshes) I got this reply from Washerman: "Dutch, itch, itch...". I find this highly unprofessional from IT professional Paul Alldred (Washerman).

I searched the Internet, starting here: http://www.microsoft.com/security/default.aspx and cannot find anything about the Alldred claim nor about a Microsoft warning, fix, patch or whatever. (I do NOT say that the claim is untrue).

The question remains: are all PC owners with one (or all?) version of Windows at risk? Indeed Cyprus Today should have contacted Microsoft and should have published the reply. The article does not indicate that Cyprus Today at least tried.

The shouting on the front page leaves only questions - which is not exactly the first task of a news paper.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 11:06

Hans.......I have just replied to an email that Izzet didn't send to me. We sent it to my gmail account from his account without his knowledge.



I may get banned for owning up to this, but it's up to Izzet to confirm that he has received a reply to an email that he never sent to me.



He may also wish to confirm that he noticed strange activity on or, about the date of the email.



This was done using a Window's live ID account without Izzet's knowledge or, consent and that is where the weakness lay.



We used several other people's accounts without their knowledge - who knows, we may even have used yours.



We made a screen shot video of how it was done and Microsoft have been informed of the flaw in their system on Friday.



Dutch, there is no lost between us, but from where I am standing, you are turning into a jealouse, cynical old g*t.



See http;//www.northcyprusfreepress.com for any further explanation.



As at todays' time - there has been no response from Microsoft.

Groucho



Joined: 26/04/2008
Posts: 7993

Message Posted:
27/09/2010 11:13

You could send some cracking insults using this method!

DutchCrusader



Joined: 19/05/2008
Posts: 11281

Message Posted:
27/09/2010 11:16

RE msg 55, Washerman: (...) We used several other people's accounts without their knowledge - who knows, we may even have used yours. (...)

=> This maybe a joke, but then it's a very inappropriate one for an IT professional/businessman.

(...) Dutch, there is no lost between us, but from where I am standing, you are turning into a jealouse, cynical old g*t. (...)

=> You lost me here - jealous about what?! Cynical? Yes - if it has something to do with you.

Thank you for the rest of your answer.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 11:20

Hans, your response as usual, is just childish and pathetic!

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 11:22

Groucho - Imagine how self controlled I had to be. The potential to wind people up!!!



The fact that I didn't do anything should say something about my character and I hope means far more to anyone than the ramblings of a trouser stained, doddering ex-reporter - Hans over to you!

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
27/09/2010 11:24

message 55.



He already is a cynical old git.



Thinks he can accuse people with no comebacks.



well welcome to the real world.



Never in my life has some prick ever accused me of collabarating with some 1 to get at or bring some 1 down.



But that gutter snipe rat thinks he can do it and when he knows he is wrong,not even appologise.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 11:30

Dave, we had the expertise and opportunity to send emails from anyone in the world. Imagine the potential in the wrong hands?



halpricewatches@rolex.com, barrackobama@whitehouse.com, cynicaloldg*t@dutchcrusader.com, customerservices@natwest.com



Did we do it - No! Did we try to make money out of - No!



We informed the right people to get the fault corrected and then, reported to the world.



And we have to listen to Dutch and the likes - Jealous to the core!

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
27/09/2010 11:34

i was talking to 1 of my hacker friends in egypt,he said you was crazy to have reported it .



He said he could of made you several million in a short space of time,with no worries.



I told him ,i think he must be a honest person,only the dutch might do some thing dishonest!!

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 11:43

Dutch just can't accept that a working lad from a working family has the intelligence, IT knowledge, skill and expertise to pull this off and that's why he spent hours searching the net and then, comes on here casting his aspersions



AND, compare this to the emails that I have had from well-wishers saying what a clever young man Daniel is and what a brilliant guitarist he is.



AND, despite it being front page news, that it took me to have to mention it here................even though Dutch spent hours trying to check it out on the net, he didn't want to draw attention to it on here, just in case we gained some credibility from it!



Shame really!

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 11:47

I have tried to stay out of this thread - but as I am the same age ( approx) as Washerman and have kids / step-kids of whom I am proud ... I wish to remind him that much as we love 'em - I think they would not appreciate your style of OTT..



One mention of your son's finding of the ' loop hole ' would have sufficed - no need for the 'build-up', the count-down, et al.



'Proud parents' can be a pain in the ass.... you need to take on board some of the hints you are getting - WHY do you feel the need to comment on folks lives / 'research' 'em - have an opinion different from yours?!



The reasons for folks getting divorced are myriad and not something you need to ask about - just because folk are TRYING to save you from making an idiot if yourself..



Please TRY and see this as constructive critique .. and 'retire' gracefully - as I'm sure you'd hate to see your pride ending up in a closed thread :(

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 11:49

Dave will you deal with him, I don't respond to him anymore

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 11:52

Perhaps you'd be better off advising us if we can do anything OUR end to ensure our accounts aren't compromised..



You could start with those that you / your son 'hacked' and the nature of the flaw.



This is the LEAST you can do - as such an act *is* ILLEGAL.



Your son should have proved his theory and tested it by creating spoof accounts - not using real ones of members.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 11:57

Dave, if mmmmmm had half a brain he'd be dangerous. Before he started typing, he should have gone to http://www.northcyprusfreepress.com - him and Dutch could have gone together, it would have been a nice day out for them.



If they had, they will have realised that we didn't compromise anyone's email account. Daniel found a flaw in Microsoft's set up that allowed us to send emails from any account.



At no time, did we have access to anyone's emails. The fault was with Microsoft and we informed them before we informed anyone else.



See Dave, you can't do right for doing wrong, but then (their) agenda influences their thoughts and they just can't help themselves

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 12:09

Dear Washerman



I asked for information about the 'hack' - many members on here HIDE their email account / contact info..



So.. rather than chasing down links - I ( and I expect many others) want to hear it DIRECT from the 'horse's mouth' - DID you / your son access profile info about members?



They have a right to know WHAT info you / he saw..

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 12:10

Dave, mmmmmm is at it again......can he not read?

Wiaah


Joined: 12/09/2010
Posts: 45

Message Posted:
27/09/2010 12:10

Hi,

Washerman ! Is this your son http://www.youtube.com/watch?v=by8oyJztzwo

If it is he is really good ! If not can you post a link to him playing. I would love to see and hear him.

Ta.

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 12:11

Have those whose accounts that were accessed been advised ?



I ask AGAIN.. knowing what you know about the flaw - is there anything members can do to 'protect' themselves?

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 12:12

Members. Just for the record (and this is only because mmmmmm is trying to stir up trouble)



At no time have we had access to anyone's email or, any other account. Endof!



Even if mmmmmm doesn't understand, I am sure that the rest of you do.

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 12:15

Washerman - thanks - that was all that was required.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 12:19

Here is Izzet's response:-



Woow... this is not me.



Can you please forward me this email with the headers please?



Thanks,

Izzet

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
27/09/2010 12:20

6ms



i think you know full well.there is no protecting yourself from a hacker if he wants access to your computer.



Just seen how the hack worked actually,very clever indeed,but im not a computer wizard,no daubt over the next few days or so there could be a video showing the hack.



It really is not important if people think they have been hacked from cyp44 regarding this program,if they where up to no good,they would not have advertised what they could do on here.



But in the right hands,that hack could of been worth millions and millions.in fact,it was priceless.

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 12:21

Hi Dave, sure... but this worried the HELL otta me...



>>We used several other people's accounts without their knowledge - who knows, we may even have used yours. <<



Not the 'wisest' post.....

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 12:27

Dave, in the excitement, I typed email "account" instead of email "address" - if I unduly worried anyone else except mmmmmm, I sincerely apologise! :;

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 12:35

As an a self-proclaimed IT expert you should / would [WELL] know the difference between accessing someone's email account and spoofing the email to make it LOOK like it was sent from ( say) Hans' account - something you CLEARLY suggested that you / your son had the 'skill' opportunity to do ...



There was an implied 'threat' and it was SILLY...

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
27/09/2010 12:57

Its exciting times if you make some ghoulash off microsoft,but i suppose to IT geeks its a exciting find.



I just think there guys out there paul who would of put it to better use than you did with it

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 12:58

Dave, he still doesn't understand does he.....anyway!

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 13:07

Dave, re 79



Email spoofing is not a new thing.. As has been suggested to me.. a google of 'SPF records' may be in order - SPF (Sender Policy Framework) records are an necessary evil to counter those that spoof emails to make 'em look like they are from 'you'....



Microsoft flaws are sadly all to common and THAT is one of the main reasons we get frequent updates.



This is an old link:



http://technet.microsoft.com/en-us/library/cc751383.aspx

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 13:41

Members who are interested can read this - http://en.wikipedia.org/wiki/E-mail_spoofing



The important word is "appear" - we did not make it appear to come from the email address - it was from the email address!



I can't give out any further details yet!

Izzet



Joined: 01/12/2006
Posts: 920

Message Posted:
27/09/2010 13:47

Email spoofing is not something new.



It has nothing to do with Microsoft.



It is a security issue with the SMTP servers being configured as open relays.

http://en.wikipedia.org/wiki/E-mail_spoofing



Like 6m says, with the SPF records, spoof emails can be detected.



Since somebody admitted of spoofing my email address, if you get an email from me, don't assume it's me

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 13:48

Ok, Washerman..



if it WAS from the actual email address - i.e. the email was send from the users email account - not 'spoofed' - then that account WAS *hacked*..compromised..



You just told us >>I typed email "account" instead of email "address" - if I unduly worried anyone else except mmmmmm, I sincerely apologise! :;<<



You just contradicted yourself.. can we please have the info NOW.. from someone who knows how to use the terminology correctly ..



We don't need details - of HOW it is done.. just if any precautions can be taken.

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 14:00

Hi Izzet..



If you don't mind..



Can you confirm.. was the email that was 'created' - one you knew nothing about ..'spoofed'



or



one that you knew nothing about - but, on checking, it WAS sent from your account ? ( i.e. visible in YOUR sent box ).



The first scenario is nought to be unduly concerned about - it is nothing new - the second is much more sinister and noteworthy.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 14:04

Izzet - never said that email spoofing wasn't something new! - so we agree here.



It definitely has got something to do with Microsoft - it was there system that allowed us to di it - so we disagree here.



The emails that we sent were not detected.



I have already told you by email that we only sent one email from your address to mine so, no need to unduly worry anyone - that's irresponsible, especially as it has been reported in the press and to Microsoft.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 14:08

Izzet - Changing the title of the thread by the way, changes the context of the messages therein - should we re-write our messages?

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 14:10

Members, I have already said that we have at no time had access to anyone's email accounts

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 14:13

From the link that both myself and Izzet posted -



"E-mail spoofing is e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source."

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 14:13

This thread is not about email spoofing it is about a wekaness that we found in Microsoft's Windows live ID system

fiendishpaul


Joined: 18/05/2008
Posts: 1720

Message Posted:
27/09/2010 14:15

Washerman



Again, I am confused.



I am no expert on this but if the e-mail was actually sent from the e-mail account then that account was hacked.



If the e-mail was made to look as though it had come from another persons account but was in fact just a 'manufactured' copy, then this is a spoof e-mail.



Mark asks just this question in messages 84 and 85 - what is the answer ?



Regards



Paul

britvic



Joined: 05/09/2008
Posts: 3039

Message Posted:
27/09/2010 14:16

This is a little disturbing for people like me who don't understand the workings of computers. When I got back from NC in July I had a rather alarming email from Paypal, they told me that a third party had accessed my account and had withdrawn all monies, the third person seemed to be doing this from my computer however, they had notice that the 'location' was wrong. I do not have internet access in NC, in fact its nice to get away from it. I think also, or at least the last seventy two hours that my email has been 'hacked' (Don't know if this is the right word)

I did get the money back but, how was this done?



Quit worried

Vicki

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 14:22

Fiendish, I used the word "account" instead of "address" in one post. I have already apologised for this error.



I can't help it if mmmmm keeps posting the same questions later in th thread - if you don't read back through the whole thread, how are you to know.



Please read the article in CT and at http://www.northcyprusfreepress.com - there is no need to be worried.



Also, if someone comes in and changes the title to a thread after it has 80 + messages, I can understand you and others may be confused.



All this is properly explained in the two articles, its just like everything else on this forum, it has to have mmmmmm personal interpretation put on it!

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 14:26

Washerman



PLEASE understand this is NOT having a 'pop' at you.. you are using contradictory terms - which 'confuse' and even alarm folk - IF this is indeed a case of spoofing - it's NOT a big deal - the only Q is how the email addies were 'farmed - acquired



It appears that this *is* a case of 'spoofing' - as if you/ your son HAD accessed email accounts there would be 'evidence' in the sent items of the email account..



The phishing scenario that Britvic mentions is FAR more worrying.. Britvic - if you EVER get an email from Paypal..always login without using the supplied link in any email - type in the url ( address) YOU know.. If there is an issue Paypal will alert you to login or even 'block' your account to get your attention.



To access your paypal account the hacker HAS to know your email address and password.. keep changing it !



When I login from another country paypal KNOW it and ask me to prove it is me !

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 14:30

Washerman



it is quite clear I'm not the only 'confused' member - so a CLEAR response to msg84 would STILL help.. AGAIN.. this isn't having a 'pop' at you - it seeks clarification - if you can't do it for me - please make it CRYSTAL clear to other members...



Thanks

britvic



Joined: 05/09/2008
Posts: 3039

Message Posted:
27/09/2010 14:31

Thanks for your reply Mark, and yes I have been changing my password on both my email and Paypal account as advised by Paypal. And yes my Paypal account was blocked by them.

I didn't reply to the Paypal email, I actually phoned them to be on the safe side.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 14:33

The subject of the article in the Cyprus Today is how we were able, using a flaw in Microsoft live's account set up process, to send emails from their system, using any email address that we wanted.



The link that Izzet and I posted says this "E-mail spoofing is e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source."



We have not changed any parts of the email headers



mmmmmm has said that it is spoofing and I haven't said that it isn't, but I have tried to clarify, without giving too much a way about the problem that allowed us to do this, what the original article is about and not mmmmmm interpretation - he probably hasn't even read the article or, online explanation.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 14:35

mmmmmm should read the articles and not look for clarification where it is not needed - it is alarmist!



Changing the title of this thread has made the whole thing confusing for readers, but never mind, I will sit here and answer their questions if I must.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 14:37

Now mmmmmm read the articles and my comment here and then ask two simple questions and I will answer them.



BUT whilst you read remember, this is about a flaw in Microsoft's system that allowed us to send emails from anyone's email address.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 14:40

mmmmmm - before you ask your questions, are we agreed on the definition of email spoofing from the link that Izzet posted?

britvic



Joined: 05/09/2008
Posts: 3039

Message Posted:
27/09/2010 14:41

I know someone has been in my email account in the last 72 hours because I got a reply to an email I hadn't sent!

Once again my password has been changed.

Lilli



Joined: 21/07/2008
Posts: 13081

Message Posted:
27/09/2010 14:43

Paul just a thought can CT been seen on line abroad, as i understood you can order it but they get it some days after we do. I havent seen saturdays CT yet but I get what is all about from your posts. He is on a big brake through. As you know I am computor illetarte but this sounds amazing thing to have discovered. I would think microsoft would snap your hands off for this knowledge x

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 14:45

IN THE END..



Changing the title thread was actually helpful..

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 14:46

Hi Lilli, go to http://www.ticproblemsolver.com and read the press release there.

Lilli



Joined: 21/07/2008
Posts: 13081

Message Posted:
27/09/2010 14:46

Thanks Paul

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 14:47

How can changing the title thread have been helpful. It changes the context of every post in the thread!

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 14:51

Let's say that there is a thread with the title "Anyone interested in buying my washing machine for £50.00" and 80+ people post in the thread and say "Yes I am interested in buying it" and then someone comes along and changes the title to "Anyone interested in buying my fruit bowl for a £100.00"

britvic



Joined: 05/09/2008
Posts: 3039

Message Posted:
27/09/2010 14:51

I am trying to get help here. I am actually very worried.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 14:54

Britvic. How can I help?

britvic



Joined: 05/09/2008
Posts: 3039

Message Posted:
27/09/2010 14:57

Hi Washerman, see post 92 and thereafter.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 15:06

Britvic, on Saturday , I posted a warning about Phishing emails that were doing the rounds from Paypal. First, answer me this......have you ever clicked on a link in an email (that looked like it was from Paypal) and completed your username and password into the linked page? (recently)

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 15:09

Washerman re msg 106/7



As this is really about folks having their emails 'spoofed' *I* think the title thread change was relevant ..



re msg 100 I'm not sure if it is EXACTLY spoofing ... as the nature of the flaw with live.com email MAY be a form of hacking ..



IF the email your son could create caused a response to the GENUINE email account then it IS *spoofing* - the recipient may not have SENT the email - but get a response



If, however, the response goes to an entirely separate account, then that is *hacking* and much more serious.. as the potential for fraud is SERIOUS..



Now it may be another unfortunate slip, but you used the term *emails* ( not email) so I'll ask AGAIN.. why didn't you / he create new live.com addresses - instead of using REAL ones of real people... ?!

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
27/09/2010 15:10

This new heading for this thread is wrong i think.



Its not email spoofing what washerman is talking about,as i see it your all getting it wrong and in panic mode.



Email spoofing is when you change the email address a little but to make it look like the original



example. customerservices@HSBC.co.uk .br

That would be a spoofing email address.

wat washerman is talking about,is original email address being replacated before they are then authenticated.



Does that make a little more sense??



Also i feel it very perverse that a thread can be changed if it was not asked of the publisher of the said thread before changing it .

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 15:11

mmmmmm - I asked you whether we were agreed on the definition of email spoofing in the link to the page that both Izzet and I posted earlier - are we agreed?

britvic



Joined: 05/09/2008
Posts: 3039

Message Posted:
27/09/2010 15:12

In reply to message 111, no I haven't clicked on a link to their email, I pasted the URL, as stated earlier I found out about the 'fraud' by phoning Paypal after they had blocked my account and sent me an email saying that it was blocked.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 15:12

Britvic. OK so what is it you are worried about?

britvic



Joined: 05/09/2008
Posts: 3039

Message Posted:
27/09/2010 15:16

No matter how often I change my email address password someone is getting in, I received (this morning) a reply to an email I had not sent, and it wasn't in my 'sent' folder either!

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 15:19

Britvic....Who is your email address with and is it an online account or, an account using Outlook or, Outlook Express?

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 15:20

mmmmmm - have you missed this?



mmmmmm - I asked you whether we were agreed on the definition of email spoofing in the link to the page that both Izzet and I posted earlier - are we agreed?

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
27/09/2010 15:23

britvic. do you use msn messenger?



or by the sounds of it,your computer is infected with a trojan that works by sending out many emails to all of your contacts in your email contacts,and with a small link inserted within the email,if any of your contacts open the email,but clikk the link inserted into the email by the trojan they will also get infected,its not that some 1 keeps getting into your computer,its just that your already infected.

britvic



Joined: 05/09/2008
Posts: 3039

Message Posted:
27/09/2010 15:23

Message 118, I am with hotmail, I have created a gmail address recently and all is fine with that. I don't know if its connected but, I have only been having problems since May, which happens to be the month I got my new laptop.

Oh, and I don't have broadband where I live, I have a dongle.

britvic



Joined: 05/09/2008
Posts: 3039

Message Posted:
27/09/2010 15:25

Zerochlor, That's the funny thing, it is sending selected emails and all different.

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 15:25

Lots of hotmail accounts were broken into a while back. Have you been through the password changing routine in your Hotmail email account?

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 15:27

Britvic...If you are very worried, stick to the new gmail account and change your password regularly.

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
27/09/2010 15:31

britvic.



thats how clever the program is that was written,that way when it keeps repeating its self and sending more emails to the same person in your email address book,they will think its a diffrent mail from you,as it would not be a good trojan program if it repeated the same email to all of your contacts all of the time,so it randomly changes the email content,that trojan has 1000s of diffrent ways and heading for the emails

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 15:39

mmmmmm - In the absence of your answer to the qualifying question that I asked, I am going to reply to your questions, but in doing so, I must assume that we are agreed on the Wikipedia email spoofing definition.



1. This is not about email spoofing, it is about a weakness in the Microsoft system as described in the article.



2. I am glad to see in your post that you now admit that it is not exactly spoofing (so the title change was wrong)



3. Neither is it hacking



4. The only purpose of this excercise was to send an email to my own account be able to prove that what we claimed was possible.

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
27/09/2010 15:40

This is the virus you may have britvic



WORM_NYXEM.E virus

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 15:42

Now, as the title of this thread has been changed after it was started to make it appear that it was the original title which it wasn't or, in other words, it has been spoofed - I am not prepared to contribute to it any further.



I am going to start a seperate thread - just in case anyone wants to ask any further questions.

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 15:43

re 114 Wsherman



>>I asked you whether we were agreed on the definition of email spoofing in the link to the page that both Izzet and I posted earlier - are we agreed?<<



may I refer you to 112 - was my answer to msg 100 not clear enough !?



re 113 ZC



Dave,



>>Email spoofing is when you change the email address a little but to make it look like the original

<<



NO, mate ! ! Spoofing - in the pure techie sense is making it *seem* like the email was sent by you - from your email address

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
27/09/2010 15:52

ok.well heres the easiest way of describing spoofing for us who not so clued up on it,i made a fone call to egypt to find out,maybe my description of it as told i did not type it or explain it correct.



im sure this will explain it to all who are a little worried



http://www.inf.aber.ac.uk/advisory/faq/133/

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
27/09/2010 16:03

is that a better discription of spoofing mark for the readers?

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 16:30

Dave re msg 131



YES.. perfect x ;)

malsancak


Joined: 23/08/2009
Posts: 2874

Message Posted:
27/09/2010 17:51

Paul, you wrote an article for NCFP explaining there were a hole in a Microsoft system, now I understand it is Windows Live. You say that you informed them and the hack no longer works so why not write a follow-up article for NCFP explaining how your hack worked?

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 17:54

Malcolm, I am not maintaining this thread any longer because the title of the thread was was changed by Izzet, but I will carry your comments over onto the thread that I am maintaining and answer you there.



Hopefully, mmmmmm will come on too and retract his speculative comments.

mmmmmm



Joined: 19/12/2008
Posts: 8398

Message Posted:
27/09/2010 18:16

>>Hopefully, mmmmmm will come on too and retract his speculative comments.<<



I ( and others ) asked you questions - and you took a LONG time to be SPECIFIC.. any 'speculation' was while we waited.. :(

Washerman


Joined: 19/09/2008
Posts: 2301

Message Posted:
27/09/2010 18:17

Wrong thread!

zerochlor


Joined: 03/04/2009
Posts: 4024

Message Posted:
27/09/2010 18:20

im gonna stick to pools



This is all to geekie for me

jock1



Joined: 06/01/2008
Posts: 3786

Message Posted:
27/09/2010 18:48

Littlewoods pools....?

andrew4232



Joined: 04/07/2009
Posts: 1543

Message Posted:
27/09/2010 22:56

or swimming pools

Wiaah


Joined: 12/09/2010
Posts: 45

Message Posted:
17/10/2010 17:01

Still no word from any Microsoft site about this 'flaw'! And No mention of Daniel Alldred in any Microsoft acknowledgements



http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx - September



http://news.techworld.com/security/9203/microsoft-fixes-windows-live-flaw/ - October



http://www.microsoft.com/technet/security/bulletin/ms10-oct.mspx



Makes you wonder why this was announced on the day of the charity concert. Almost like it was a ploy to take the limelight away from the event !

Wiaah


Joined: 12/09/2010
Posts: 45

Message Posted:
17/10/2010 19:15

Microsoft Online Customer Service



Dear Sir, Madam



Thank you for your enquiry related to security support.



There has been no reports related to your enquiry. please visit http://www.microsoft.com/protect.



If you have an urgent virus issue, you can get free telephone support by calling 0870 60 10 100, option 9. Lines are open Monday to Friday 08:00 AM to 6:00 PM.



Yours sincerely,



Microsoft UK



Please do not reply to this email as it is an automatic response sent from an unmonitored email address.

Wiaah


Joined: 12/09/2010
Posts: 45

Message Posted:
17/10/2010 22:35

? Has this been put to bed ?

Wiaah


Joined: 12/09/2010
Posts: 45

Message Posted:
18/10/2010 23:32

I am still receiving emails... anyone else?