WARNING: Your e-mail will be spammed...

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi Folks,

I am writing because MS doesn't seem to be interested in
warning you about the fact that a valid e-mail address
that you may post in this forum will be crawled by
hackers and spammers. Hence, don't use your e-mail
address; make one up. You don't need one to receive a
reply unless you want someone to actually contact you
personally.

What happened?

Within 48 hours of posting a query about Outlook, I
received an e-mail from "MS Internet Public Assistance"
whose e-mail address
was "(e-mail address removed)". This is part of the
e-mail's text:

Microsoft Customer

this is the latest version of security update, the
"August 2003, Cumulative Patch" update which eliminates
all known security vulnerabilities affecting Internet
Explorer,
Outlook and Outlook Express as well as five newly
discovered vulnerabilities. Install now to protect your
computer
from these vulnerabilities, the most serious of which
could allow
an attacker to run executable on your system. This update
includes
the functionality of all previously released patches.

Enclosed in the e-mail was an .exe attachment. Most
likely a virus or worm. I didn't run it, of course. The
text looked unprofessional and the sender's e-mail
address was bogus. Checking the downloads on MS, there
were no "August cumulative patch" for IE etc.

What I did next?

I went to the Privacy page on MS and e-
mailed "(e-mail address removed)" which was the address
given to contact MS. All I got back was an automated
response asking me to resubmit my question or comments at
another web address.

So... rather than waste more of my time trying to contact
MS, I wanted to warn all of you about being spammed.

What should MS do?

Protect the privacy of your e-mail address! It's that
simple. Lots of other web sites or forums do it; I guess
MS couldn't be bothered. So much for their "Trustworthy
computing" slogan.
 
Why should MS warn you about something that is common to all usenet forums?
They don't own usenet. And how should they do so, anyway?

You're absolutely right, spammers send nasty little 'bots around surfin' for
valid email addresses. This is why it's often recommended that people
'munge' their addresses so that real people can figure out how to send to
the person, but a 'bot can't do much with it.
 
Your "holier than thou" is the same response I got back
from another MVP who started his e-mail to me with "Not
to sound like a smart alec, but...".

Just how experienced should we be to participate on the
Internet? Is it asking too much for MS to post a warning
or better still, hide the e-mails from bots? Heard of
the "challenge-response" method used on many other web
sites before they divulge e-mail addresses?

Your attitude that all surfers should be "smart" enough
to know about firewalls, forums, usenets, security, etc
is precisely one of the reasons why the online users are
getting off-line. You don't expect your mechanic to say
to you "You should have taken better care or know more
about your exhaust manifold system - now, you're going to
pay for an expensive repair job!".

I am constantly advicing a lot of my friends on Internet
security. Some of them are not novices; some of them are
even IT pros who may not be as up to speed as I am in
protecting myself. Yet many surfers don't know the
pitfalls.

MS has made some excellent software that made it easy for
average Joes to use. Maybe they should start making more
secure software/web sites that doesn't expect average
Joes to be a web pro to recognize how to avoid being
hacked into or spammed.

BTW, you are deluding yourself into thinking a "bot can't
do much with it" as sooner or later, they will improve
bots to the point of recognizing what your e-mail address
is. It doesn't take a genius to figure that out. Some
spammers are smart enough to figure out what key words to
avoid and how to craft their e-mails to avoid being
detected as spam, it is a senseless battle to try to
outwit each other.

One way to stop spam is to stop it at the source which is
this forum. Take a pre-cautionary stance rather than a
reactory stance. If MS did their job, you won't have to
de-scramble your e-mail addresses.

I know you are MVPs and I commend you for your volunteer
work and a lot of users truly value your advice. But, for
once, stand up to MS and ask them to do something about
this problem. You will not only help your forum users but
also MS.

FYI, just been spammed with a virus again today... this
time, it was "W32/Gibe.B" but my virus scan caught it.
Thanks MS... for making it easier to spread worms and
viruses!

-----Original Message-----
Why should MS warn you about something that is common to all usenet forums?
They don't own usenet. And how should they do so, anyway?

You're absolutely right, spammers send nasty
little 'bots around surfin' for
 
Not trying to offend you in any way; sorry if my reply came across badly.
That said, there is a big learning curve for people who are starting to use
a lot of stuff on the internet, and everyone needs to take responsibility
for getting there - blaming a software manufacturer for one's failure to
exercise caution is just plain silly. Often, unfortunately, people learn the
hard way, as you did. Fortunately, spam is merely an irritant - at least you
weren't hacked.
Perhaps it would be nice if MS could include a simple "how to post" section
on the CDO interface to the groups. It's actually a very good idea, and you
could submit it to (e-mail address removed). How far would that have to go,
though - do they need to tell people not to post their email addresses, home
phone numbers, pet's names, credit card numbers, in public newsgroups or on
handbills taped to a bus kiosk?

I don't mouth off to people when they ask for help. I explain to them how to
protect themselves. The fact that they wrote in to ask for help means they
are usually quite willing to learn, and I respect that. However, I must
question your statement that "online users are getting offline" and would be
quite interested in knowing what precisely you mean by it....

Remember that that usenet is not the web, and a lot of people (most) don't
use a web interface to access it. They use a news client and subscribe to
groups on the server, which is a lot better. In this case, how could MS (or
any news host) hide anything from these nasty little spammer bots? Should
all groups be moderated? Who will pay for that? When you think about the way
usenet works, and how this stuff ends up in Google, reposted elsewhere,
willy nilly, you have to understand that there's no way to protect people
from themselves. Blame spammers, don't blame news servers. Re viruses -
virus writers create viruses for the most commonly used tools, which seems
quite logical to me if you try to get inside the mind of a virus writer.

Everyone needs a firewall of some sort, good AV software, and needs to keep
their OS and software patched. This is the responsibility of the individual,
ultimately. Treat email addresses as you would unlisted phone numbers,
including using the BCC field when sending mass mail out to friends and
acquaintances. You don't need to know how to overhaul your transmission to
drive a car, but I'd sure hope you at least know what a transmission is, and
how to put water in the radiator, and fill the tank, and wear a seatbelt,
etc etc etc....

And re challenge/response, that's for logins, not for text strings in
messages, and is therefore not relevant.

Everyone needs to understand and learn how to protect themselves - if you're
connected to the Internet, you're having "relations" with a great number of
strangers, and you need to use adequate "protection", to use a very valid
analogy.

Done now - was not in any way trying to insult you. Pax.
 
Back
Top