The infamous email shuffle words virus or something

[Dustin]

I wouldn't worry too much about those. If a box pops up in
your email client asking if you accept a new certificate, just say no,
then call the ISP.

Hi Shadow,


I've noticed you are taking some time and going into specific detail to
help him out. I appreciate the effort on your behalf, but I think it's
time to go ahead and tell you, SSL has been explained to death (google if
you'd like) to this individual before. The efforts were a washout. The
guy is essentially humouring you at this point and will soon resort to
his typical nasuating "I know more than you" insults.

Just didn't want to see you wasting too much more time on this pointless
discussion. He won't google anything.

 

[Dustin]

Riiiggght shiite head. Not.

When rolling stones writes something about you in print, I'll take what
you have to say with some respect. When an antimalware company hires
you as a malware researcher, What you have to say might have some
bearing. When you develop and support your own antimalware application
(Obviously you won't be doing this anytime soon, as you can't code),
your opinion might have some value to me... Until then...

Please answer this question: how is email read hostilely, by a
third part? Please describe a typical scenario. The silence is
deafening.

I'm not going to play this game with you, Several others already tried
and failed (imo) to explain how SSL works. You've got fresh bait now
trying again. You won't reel me in.

Go play with your fence now dunce.

The only dunce Ray, is you. I already know how SSL works. I've authored
several crypto programs. Have you authored.. well, anything yet?

Here, I'll make this piss easy. Explain for us all what each of the
following lines of code does. No cheating, you do it yourself.
This is very simple, if you understand things even a little.

Put up or shut the **** up, as they say. [g]

segment code

start:
mov ax,data
mov ds,ax
mov ax,stack
mov ss,ax
mov sp,stacktop

mov dx,hello
mov ah,9
int 0x21

mov ax,0x4c00
int 0x21

segment data

hello: db 'AGRTEYdg1736s1',13,10,'$'

segment stack stack
resb 64
stacktop:

 

[RayLopez99]

I've noticed you are taking some time and going into specific detail to
help him out. I appreciate the effort on your behalf, but I think it's
time to go ahead and tell you, SSL has been explained to death (google if
you'd like) to this individual before. The efforts were a washout. The
guy is essentially humouring you at this point and will soon resort to
his typical nasuating "I know more than you" insults.

Just didn't want to see you wasting too much more time on this pointless
discussion. He won't google anything.

--

STFU ASS. You R an idiot. The thread you are thinking of was on the
mechanics of SSL, not on whether SSL is used by email servers. And
BTW you did little to explain SSL--I pretty much had to figure it out
myself with a help of a few others.

Why drink the water from my hand?
Contagious as you think I am
Just tilt my sun towards your domain
Your cup runneth over again

Water from your hand? F* no. You are full of diseases not even
modern medicine can cure. HIV/AIDS is just the tip of the iceberg.

RL

 

[RayLopez99]

Here, I'll make this piss easy. Explain for us all what each of the
following lines of code does. No cheating, you do it yourself.
This is very simple, if you understand things even a little.

Put up or shut the **** up, as they say. [g]

segment code

start:
mov ax,data
mov ds,ax
mov ax,stack
mov ss,ax
mov sp,stacktop

mov dx,hello
mov ah,9
int 0x21

mov ax,0x4c00
int 0x21

segment data

hello: db 'AGRTEYdg1736s1',13,10,'$'

segment stack stack
resb 64
stacktop:

Oh geez. This azz clown is proud of the fact he still writes in
assembly. Nowadays you let the compiler figure this out and move to a
higher level language like C#.

As for my programming skillz, you can Google my name in Google Groups
and see the questions I have answered as well as the source code I've
posted. And I just finished an IM app that works in Silverlight--
imagine doing dat in assembly?

You are dismissed little nasty hand man.

RL

 

[RayLopez99]

        I would say that  99.9999% of ISPs have ssl. A handfulldo not
use ssl on their mail servers.( So they receive mail from google with
ssl, but users have to use unencrypted connections to access it -
risking password stealing and privacy issues)

OK thank you, it seems then that SSL is indeed 'safe to use' in email
for communicating with nearly everybody on the planet.

        No. ISP employees would quickly get the sack if found selling
OP's mail details.

OK, I agree for 99.9% of the cases, but if the emails are exclusive
enough (say some mailing list of billionaires) or extensive enough
(say 20M users) then selling the emails might be worth getting
sacked... or even risk going to prison. But generally speaking I
agree this is a good deterrent, especially now that it's hard to find
a job.

The easiest way to get someone's email  if the
person uses ports 110 or 25, is to plug a sniffer into the cable

Really? Never heard of this. Is it possible for a rogue employee to
plug a sniffer (and what sort of hardware is that? Who sells it?)
into a cable at the ISP?

or
sniff the wireless,

Yes, this is common--hence I use an anonymizer when I'm using
wireless. This anonymizer uses https, but keep in mind the email
would be unencrypted (via the https tunnel) when it lands at my ISP's
email server.

They could sniff out your password that way too.
        If you use ssl, the only practical way would be with a MITM
attack, and only if you accept the rogue certificate.
       http://en.wikipedia.org/wiki/Man-in-the-middle_attack
        I wouldn't worry too much about those. If a box pops up in
your email client asking if you accept a new certificate, just say no,
then call the ISP.

OK, thanks, that was useful.

RL

 

[FromTheRafters]

OK thank you, it seems then that SSL is indeed 'safe to use' in email
for communicating with nearly everybody on the planet.

But it doesn't stop people from reading your e-mail.

To prevent that, you will want to encrypt it.

[...]

 

[Shadow]

Simple program follows...
And I respect him for that.

Oh geez. This azz clown is proud of the fact he still writes in
assembly. Nowadays you let the compiler figure this out and move to a
higher level language like C#.

What he meant is that you can only DEBUG in assembly. If you
don't know assembly, no matter what language you program in, you are
half knackered. It's hard to learn, but absolutely essential.
IMHO
[]'s

 

[Shadow]

OK, I agree for 99.9% of the cases, but if the emails are exclusive
enough (say some mailing list of billionaires) or extensive enough
(say 20M users) then selling the emails might be worth getting
sacked... or even risk going to prison. But generally speaking I
agree this is a good deterrent, especially now that it's hard to find
a job.

Employees here in Brazil regularly sell email addresses, it's
a bloody nuisance. But only on the free email servers. I get a ton of
spam on them, my filters handle most of it, though.

Really? Never heard of this. Is it possible for a rogue employee to
plug a sniffer (and what sort of hardware is that? Who sells it?)
into a cable at the ISP?

No, anyone could put a hub on your cable, anywhere between
your home and the ISP, and sniff out your mail, anything you do.They
could even set up a laptop and capture every single bit of data, or
launch a MITM attack. Like I said, unless you have very sensitive
data, don't worry about it.

Yes, this is common--hence I use an anonymizer when I'm using
wireless. This anonymizer uses https, but keep in mind the email
would be unencrypted (via the https tunnel) when it lands at my ISP's
email server. Anonymizer ? Which one ?


OK, thanks, that was useful.

This page runs you through how to setup most email clients
using TSL or SSL
http://mail.google.com/support/bin/answer.py?hl=en&answer=13287
It's for google, but can be applied to most mail clients.
Don't forget to change your password after you start encrypting. If
someone was sniffing you, while you used ports 25 and 110, he could
still access your mail using encryption if he has your passwd.

 

[Dustin]

STFU ASS. You R an idiot. The thread you are thinking of was on
the mechanics of SSL, not on whether SSL is used by email servers.
And BTW you did little to explain SSL--I pretty much had to figure
it out myself with a help of a few others.

If you understood SSL, you would know the concept is the same across
both platforms. You didn't do well figuring SSL out as I recall.
Instead, you continued to argue with those who were trying to explain
the process. Either way, you know about as much now about it as you did
then. IE: nothing.

 

[Dustin]

Really? Never heard of this. Is it possible for a rogue employee
to plug a sniffer (and what sort of hardware is that? Who sells
it?) into a cable at the ISP?

And you're calling me an idiot? *laugh laugh laugh*.

Ray, you're still a newbie dumbass punk.

 

[Dustin]

Here, I'll make this piss easy. Explain for us all what each of the
following lines of code does. No cheating, you do it yourself.
This is very simple, if you understand things even a little.

Put up or shut the **** up, as they say. [g]

segment code

start:
mov ax,data
mov ds,ax
mov ax,stack
mov ss,ax
mov sp,stacktop

mov dx,hello
mov ah,9
int 0x21

mov ax,0x4c00
int 0x21

segment data

hello: db 'AGRTEYdg1736s1',13,10,'$'

segment stack stack
resb 64
stacktop:

Oh geez. This azz clown is proud of the fact he still writes in
assembly. Nowadays you let the compiler figure this out and move to a
higher level language like C#.

higher level language? Dude, as you can't read asm, you are very
limited in what you actually can program. I won't insult those of us
who are coders by referring to you as one.

I've been writing in assembler, c++ and various dialects of basic for
years. You have no real skills. Mr Windows language only programmer.
You don't even understand what your high level language statements are
actually translated too.

As for my programming skillz, you can Google my name in Google Groups
and see the questions I have answered as well as the source code I've
posted. And I just finished an IM app that works in Silverlight--
imagine doing dat in assembly?

your programming skills? Laugh laugh. google raid slam. You can't even
explain what that piss simple program does, and it's as easy to read
source as is possible. I can write entire apps in assembly, if I was so
inclined. I typically only write tight functions in pure assembler and
stick with the HLL language for interface. Most "modern" coders do
this, unless there is a specific reason to go pure asm or pure HLL.

Again, since you can't read assembler (and that's very easy source
code, really) you aren't much of a programmer and you damn sure aren't
a coder.

You are dismissed little nasty hand man.

LOL. Google collective soul song lyrics. idiot.

While your at it, feel free to take lessons in programming.

 

[Dustin]

Simple program follows...
And I respect him for that.

It's as simple as one can get. It's the same program we're all supposed
to write at some point, in whatever language. I just wanted to give you a
real idea of the sort of person you're dealing with here.

What he meant is that you can only DEBUG in assembly. If you
don't know assembly, no matter what language you program in, you are
half knackered. It's hard to learn, but absolutely essential.

As I said, RayLopez is a bit of a modern troll, but that's about as far
as it goes.

 

[Loren Pechtel]

Oh geez. This azz clown is proud of the fact he still writes in
assembly. Nowadays you let the compiler figure this out and move to a
higher level language like C#.

You can't truly understand what's going on unless you know the
assembly underneath. You don't need it often but you need to be able
to understand what you see in the CPU window when things go wonky.

Once in a blue moon you might even need to write some to deal with
situations where you have to change something that you can't
recompile.

The last time that comes to mind was patching a showstopper bug in the
run-time library of the language I was using.

 

[Loren Pechtel]

higher level language? Dude, as you can't read asm, you are very
limited in what you actually can program. I won't insult those of us
who are coders by referring to you as one.

I've been writing in assembler, c++ and various dialects of basic for
years. You have no real skills. Mr Windows language only programmer.
You don't even understand what your high level language statements are
actually translated too.

Note that he mentioned C#. That's a .net language, it compiles to an
intermediate language and low-level debugging is done with this
intermediate, not with the machine code spit out by the final JIT
compiler.

I rather suspect he doesn't know even this, though. (Personally I'll
admit to never having needed to deal with it but I have enough
experiene with assembly in the past that when the day comes that I
need to debug at that level I'll be able to figure out what I'm
doing.)

 

[sh@dow]

It's as simple as one can get.

I know. I used to keygen some 11-12 years ago. All was assembly.
Now I just occasionally crack something interesting to try it out.

It's the same program we're all supposed
to write at some point, in whatever language. I just wanted to give you
a real idea of the sort of person you're dealing with here.

As I said, RayLopez is a bit of a modern troll, but that's about as far
as it goes.

His replies are consistent with someone trying to learn. Dunno.
He's probably much younger than we are. Maybe he resents a paternalistic
approach.
[]'s

 

[RayLopez99]

But it doesn't stop people from reading your e-mail.

To prevent that, you will want to encrypt it.

OK, I take this to mean that SSL is only for encrypting the transport
layer, and therefore once on the server an email encrypted by SSL is
in plaintext, and therefore readable (at the server)? Please correct
me if I'm wrong.

BTW, what programs work with Outlook to encrypt email "end to
end" (without the need for SSL)? I recall a PGP (Pretty Good Privacy)
plugin for Outlook. If you know of others please let me know. Or if
there are other email readers with end-to-end encryption, though the
problem will be the recipient has to have this email reader at their
end, and nowadays most people use Outlook it seems.

RL

 

[RayLopez99]

        What he meant is that you can only DEBUG in assembly. If you
don't know assembly, no matter what language you program in, you are
half knackered. It's hard to learn, but absolutely essential.

I respectfully disagree. Though it's true that in C# there is a
Intermediate Language (http://en.wikipedia.org/wiki/
Common_Intermediate_Language) that is somewhat analogous to assembly
(though at a slightly higher level), I don't think that for 99.9% of
debugging you have to know how to read it. Of course for that 0.1% it
comes in handy, but usually there are workarounds (like rewriting your
program 'from scratch' if it does not work--that often will solve any
tough, hidden bugs in it).

RL

 

[RayLopez99]

        Employees here in Brazil regularly sell email addresses, it's
a bloody nuisance. But only on the free email servers. I get a ton of
spam on them, my filters handle most of it, though.

Interesting. Why only on the free servers? Perhaps more
"shady" (corrupt) employees work at the free servers?

        No, anyone could put a hub on your cable, anywhere between
your home and the ISP, and sniff out your mail, anything you do.They
could even set up a laptop and capture every single bit of data, or
launch a MITM attack. Like I said, unless you have very sensitive
data, don't worry about it.

I still don't understand. This "hub" would have to be tapped to the
underground internet cable (if I'm not using wireless) running from my
house to the ISP? Here in Greece it is buried about a half metre
underground, usually next to the side of the paved road in a city. Is
this what you have in mind? This sort of tapping? Very interesting
if true. I've never heard or even read of this happening, and can't
imagine anybody doing this, except maybe by the secret services like
the CIA, SIS, ABIN, KGB, etc. Of course stealing wireless signals at
public hotspots is well known, but that's a different topic.

        Anonymizer ? Which one ?

http://hidemyass.com/

RL

 

[RayLopez99]

And you're calling me an idiot? *laugh laugh laugh*.

Why don't you surprise us just once instead of answering indirectly,
pretending you know the answer? Show your ignorance, and reply on
point, pointy head.

RL

 

[RayLopez99]

higher level language? Dude, as you can't read asm, you are very
limited in what you actually can program. I won't insult those of us
who are coders by referring to you as one.

Nope. Try again. The purpose of a compiler is to avoid having to
write in ASM. Google program maintainability.

I've been writing in assembler, c++ and various dialects of basic for
years.  You have no real skills. Mr Windows language only programmer.
You don't even understand what your high level language statements are
actually translated too.

OMG, did he just type "basic"? As in Visual Basic? And what OS? No
doubt Windows. So this guy programs in Visual Basic? No further
questions Your Honor, I rest my case.

your programming skills? Laugh laugh. google raid slam. You can't even
explain what that piss simple program does, and it's as easy to read
source as is possible. I can write entire apps in assembly, if I was so
inclined. I typically only write tight functions in pure assembler and
stick with the HLL language for interface. Most "modern" coders do
this, unless there is a specific reason to go pure asm or pure HLL.

Nope. An entire program that runs the London Stock Exchange was
recently written in Visual C#. True, it had to be rewritten in C (at
considerable cost, after it was up and running!) at the lower level
because they were not getting the millisecond performance demanded by
high-frequency traders, but that proves my point: the very fact that
a decision was made to initially write such a massive system in Visual
C# proves that it's an enterprise-worthy higher language. What you are
doing would get you fired at most Level 1, grade A software shops: you
are trying to make yourself indispensable and immune from getting
fired by making your code unreadable and unmaintainable. Typical
Dusty Dustbin Dustin Dunce (D4) tactics.

Again, since you can't read assembler (and that's very easy source
code, really) you aren't much of a programmer and you damn sure aren't
a coder.


LOL. Google collective soul song lyrics. idiot.

OK D4. Look, they wrote a song about you and your coding:

"Lack of knowledge has a source (oh boy)
Still my thoughts must run their course (oh yeah)
And they do" - 10 Years Later

RL