medieval-religion: Scholarly discussions of medieval religion and culture
Katie, To do the spoofing, a password is not needed. There is very little
one can do if a miscreant decides to use your e-mail address to spam others,
except change your e-mail address. Rarely does it come from your computer
source; your address is just used to spoof receivers. Wikipedia explains it
nicely:
{E-mail spoofing is a term used to describe fraudulent e-mail activity in
which the sender address and other parts of the e-mail header are altered to
appear as though the e-mail originated from a different source. E-mail
spoofing is a technique commonly used for spam e-mail and phishing to hide
the origin of an e-mail message. By changing certain properties of the
e-mail, such as the From, Return-Path and Reply-To fields (which can be
found in the message header), ill-intentioned users can make the e-mail
appear to be from someone other than the actual sender. It is often
associated with website spoofing which mimics an actual, well-known website
but are run by another party either with fraudulent intentions or as a means
of criticism of the organization's activities. The result is that, although
the e-mail appears to come from the address indicated in the "From" field
(found in the e-mail headers) it actually comes from another e-mail address,
probably the same one indicated in the "Reply To" field; if the initial
e-mail is replied to, the delivery will be sent to the "Reply To" e-mail,
that is, to the spammer's e-mail.
[http://en.wikipedia.org/wiki/E-mail_spoofing]}
Trying to chase down the source is futile. Anyway, I didn't receive any spam
with your name/address, but it is possible that my ISP blocked it as spam.
If everyone in your contact list received mail from you but actually not
sent by you, though, I would be inclined to think you had/have a virus or a
worm on your computer. I'd probably check that out.
Christine
-----Original Message-----
From: medieval-religion - Scholarly discussions of medieval religious
culture [mailto:[log in to unmask]] On Behalf Of Katie Clark
Sent: Tuesday, December 02, 2008 11:51 PM
To: [log in to unmask]
Subject: Re: [M-R] nuisance mail
medieval-religion: Scholarly discussions of medieval religion and culture
Dear all,
I'm so sorry! Apparently I have become victim to something called 'email
spoofing' whereby some rat steals my email address and password and uses it
to send spam to everyone in my contacts list (including about 600 new
'friends' who were added by whomever enjoyed sending you spam). Please rest
assured that I am a real person, and a stand-up citizen (medievalist!) at
that, and that I have taken all possible precautions to ensure that this
won't happen again.
A word of advice to all, however - I am very vigilant about internet
security, and am on a Mac on a home secured network, and got my address and
password stolen anyway. I have absolutely no idea how it happened. So change
your passwords regularly (I know that I will definitely be more proactive
about that).
Again, my sincerest apologies,
Katie Clark
On Wed, Dec 3, 2008 at 2:04 AM, John Dillon <[log in to unmask]>
wrote:
medieval-religion: Scholarly discussions of medieval religion and
culture
Universities vary greatly in their size, in their complexity, and in
the adequacy of their funding for computer security vis-a-vis their size and
their complexity. That being so, the extent to which one can make valid
generalizations about universities' greater or lesser susceptibility as a
class to theft of passwords as opposed to unspecified others seems severely
limited. It is very probably true, for example, that universities are more
susceptible to such theft than are, say, the intelligence agencies of nation
states. But it is very probably not true that universities are more
susceptible to such theft than are, say, many other sorts of agencies of
nation states. Or than many businesses that don't devote the resources
necessary to maintain security in an environment where new vulnerabilities
are, alas, a fact of life.
My university is a rather large one, with about 40,000 FTEs (Full
Time Equivalents, a measure of student registration), some 2000 faculty
members and at least as many non-faculty degreed professionals working as
researchers, instructors, or specialty personnel in a great variety of
fields. It has multiple computer systems (a university that has but one
system would be of a different order of magnitude), not all of which are
linked to each other, and many, many servers. A lot of money (including
paying for personnel time) is spent on security and data theft, while it
does occur, is -- in my experience, at least -- extremely rare. My e-mail
address is spoofed from time to time but (knock on wood) I've never had my
passwords stolen. Other universities probably do a better job, others a
worse one.
Best,
John Dillon
PS: My university's centralized e-mail spam catcher recognized the
offending mail right away as spam and put it directly in my spam folder with
the following endorsement: "Spam Status: The spam scanner labeled this
message as Spam (Highest)".
On Tuesday, December 2, 2008, at 10:39 pm, George Hoelzeman wrote:
> Does this happen more with people at universities using
institutional
> e-mail addresses?
>
> I ask because one of my brothers is a PhD in a local university.
One
> night he was working late and noticed that someone else logged
onto
> the system.
> Since he was the only person in the building, he did a bit of
> detective work and managed to trace the intruder back to Singapore
> before the trail
> disappeared. Whoever it was already had the universitys codes and
> passwords and was pillaging the internal records for more.
Needless
> to say, my
> brother dealt with them aggressively.
>
> Makes me wonder if schools might be more suceptable than others.
>
> George the Less
**********************************************************************
To join the list, send the message: join medieval-religion YOUR NAME
to: [log in to unmask]
To send a message to the list, address it to:
[log in to unmask]
To leave the list, send the message: leave medieval-religion
to: [log in to unmask]
In order to report problems or to contact the list's owners, write
to:
[log in to unmask]
For further information, visit our web site:
http://www.jiscmail.ac.uk/lists/medieval-religion.html
--
Katie E. Clark
Corpus Christi College
Faculty of Modern History
Oxford University
<[log in to unmask]>
<[log in to unmask]>
********************************************************************** To
join the list, send the message: join medieval-religion YOUR NAME to:
[log in to unmask] To send a message to the list, address it to:
[log in to unmask] To leave the list, send the message: leave
medieval-religion to: [log in to unmask] In order to report problems or
to contact the list's owners, write to:
[log in to unmask] For further information, visit our
web site: http://www.jiscmail.ac.uk/lists/medieval-religion.html
**********************************************************************
To join the list, send the message: join medieval-religion YOUR NAME
to: [log in to unmask]
To send a message to the list, address it to:
[log in to unmask]
To leave the list, send the message: leave medieval-religion
to: [log in to unmask]
In order to report problems or to contact the list's owners, write to:
[log in to unmask]
For further information, visit our web site:
http://www.jiscmail.ac.uk/lists/medieval-religion.html
|