Forum: Community Center

Subject: Leaks - Renderosity got hacked???

rty opened this issue on Feb 16, 2007 · 130 posts

Hawkfyr posted Mon, 19 February 2007 at 10:37 PM

Okay...I'll back-paddle a bit and try to explain what my attempt to explore the plausibility of  JeniferC's post involved.

(In the interest of staying on topic of what may or my not be the original post)

 

8 )

 

BTW...I didn't Say anything remotely close to:. "That's it..She's Right..Problem Solved"...but rather mentioned that "she steps in to offer up a what could be considered, a quite plausible reason, as to how these E-mail address's may have ended up on a spammers list.(Notice the bold type)

 

I then decided to test and explore it myself, to see what I might uncover.(Yes...even as stupid as I am about it, I still made an effort)

 

Jen offers up that an E-mail feature exists that might be a way of someone sending an E-Mail....(She didn't make a declaration that this was the source of the problem...but rather "Asked" if it was known, and that it "Could" be that, as well as many other possibilities).

 

Okay...lets say I have a dedicated E-mail address that is used solely for the use here. (Or Not) I may or may not have "Rules"in my E-Mail client redirecting E-mail meeting certain criteria.to certain folders. "Rules"(filters) that may or may not make it more obvious if a Mock Ebot came through depending on each users method of filtering E-Mail (Which BTW...might be a way of those "Known Cases" to compare notes, and maybe narrow down possibilities, and/or finding "Common Elements")

 

Someone could send me an e-mail from this site via that Profile feature... correct?

 

Okay..if it's my friend..no biggie..but it still went out to me, and thus has a possibility of being intercepted and Harvested at any given point along the way.(Routing Points..etc.)...Incidentally..Even a legitimate Ebot has to make its way to you via these points.

 

Lets say it's not my friend...but a Harvester.

 

The harvester sends a relatively convincing replica of a typical Ebot to me Via the Profile page.(Not Hard...it's only text and links)

 

Not being one who check's the properties "Headers" of every E-mail to check it's origin,path, etc....I Don't notice the To and From: line is different from the typical EBot...I'm in a hurry...or multi-tasking, and simply click on the link.(Or..my filter takes it somewhere else and I don't even know about it,and thus...never gets bounced)

 

The harvester then goes to his Server's Logs and/or Properties to see where that e-mail was ultimately sent.

 

It was at this point I gave up helping...so I don't know if my logs would show it but It might...As my screen capture showed it was sent "From:Me..To: Me" just not through my E-mail Client as a "Sent Item" (Profile Feature does not launch senders E-Mail Client)...So..as the "Sender"(Harvester) I have nothing in my Sent Items to check the 'Properties" Headers, So I'd have to go to my server logs to check....again...I abandoned efforts before going to check my server logs on my test effort

 

If the log does show the complete path ...Harvester now has a new E-mail address to add to his collection.

 

Let's Imagine also...that the scammer is patient, and has been "Collecting" E-mail addresses in this, or similar way for several months...But waits until he has enough to compile a CD to sell.(A CD with guaranteed "Real" E-mail addresses, that might fetch a good price).

 

The CD would then be sold...and then "Deployed" by the buyer...So the Harvesting of the E-Mail addresses would take place over months before the actual "Deployment" (Which would explain why the recipients would receive the "Same Spam" on the "Same Day").

 

Those of us without a dedicated E-Mail address probably wouldn't notice, because we're used to getting spam on those accounts.In fact..it would likely be noticed  by only those that "Do" have dedicated E-Mail accounts.

 

When Jen Posted...my first thought wasn't that said SPAM was being sent via the Profile feature here,..but rather it was possibly a "Vehicle", or "Tool" used by a Harvester to acquire E-Mail addresses.

 

So..what I was trying to Illustrate..is that either way...Friend or Foe...that E-mail feature "Could Possibly" be a way, of an E-mail address being compromised.

(I may never know for sure..because as mentioned...I've given up on efforts to help)

 

So hey...I may not be the geniuses some of you are when it comes to E-mail...but I try to Open-minded enough to at least "Consider Alternatives" to conspiracies,and not simply dismiss them without a second thought.

 

So...That "was going to be" my attempt at exploring a "Possibility" that I abandoned when it became evident to me, that no explanation would suffice.

 

It may have even sparked "discussion" of why it is "Possible" or 'Impossible" Ruling it in..or Out..as a possibility.

 

It may be right,or it may be wrong...After all...I don't know the E-Mail configurations of those 'Known Cases".

 

Additionally...I don't know about the rest of the world...but it was a Weekend the past couple of days around here. I suspect that the Staff is likely looking into possibilities on thier end now... I would imagine also, if it's discovered that a security hole exists, that is with thier power to fix, they will likely find it and fix it.

 

 

BTW...Now *"That's"...*Blabbering on about what I don't understand.

 

8 )

 

[Disclaimer] Any Drama and/or Rudeness found in the above post is Purely Unintentional.

 

 

Tom

“The fact that no one understands you…Doesn’t make you an artist.”