Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Re: Very Dangerous post

Reply
Thread Tools

Re: Very Dangerous post

 
 
~BD~
Guest
Posts: n/a
 
      01-22-2010
This was posted to the group (homeusers) using news.btinternet.com but
it doesn't show up on msnews.microsoft.com

Why might that be?


Path:
border1.nntp.ams.giganews.com!border2.nntp.ams.gig anews.com!feeder1.cambriumusenet.nl!feed.tweaknews .nl!209.197.12.242.MISMATCH!nx01.iad01.newshosting .com!newshosting.com!69.16.185.16.MISMATCH!npeer02 .iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!border1.nntp.dca.giganews.com!nntp.gigan ews.com!local2.nntp.dca.giganews.com!nntp.bt.com!n ews.bt.com.POSTED!not-for-mail
NNTP-Posting-Date: Fri, 22 Jan 2010 08:16:10 -0600
Date: Fri, 22 Jan 2010 14:16:10 +0000
From: ~BD~ <""BoaterDave\"@@hotmail.co.uk">
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1
MIME-Version: 1.0
Newsgroups: microsoft.public.security.homeusers
Subject: Re: Very Dangerous post
References: <(E-Mail Removed)>
<Or$(E-Mail Removed)>
<(E-Mail Removed)>
<(E-Mail Removed)>
<O9#(E-Mail Removed)>
<(E-Mail Removed)>
<#r8M$(E-Mail Removed)>
<(E-Mail Removed)>
<(E-Mail Removed)>
<Ozdmk$(E-Mail Removed)>
In-Reply-To: <Ozdmk$(E-Mail Removed)>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <(E-Mail Removed)>
Lines: 118
X-Usenet-Provider: http://www.giganews.com
X-AuthenticatedUsername: NoAuthUser
X-Trace:
sv3-OpEItIWfwlsx0Z9wEPLbbKyTXqp4qOH9A+cSX1vfqMmJnco7ZT 0zgpFX3BRECRBi8gmsHS85LajiZMd!AqVG4YvseFC1WGzMfGF2 mCtWXNKQmrEqSUCfQ1/LpOqgB+UcrJvfif6/nKMhPrIwPEwvEEm+FzAv
X-Complaints-To: http://www.velocityreviews.com/forums/(E-Mail Removed)
X-DMCA-Complaints-To: (E-Mail Removed)
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
complaint properly
X-Postfilter: 1.3.40
Bytes: 5068
X-Original-Bytes: 5014



BT offers. literally, hundreds of 'microsoft.public' newsgroups.

Which newsgroups do you think Microsoft may have removed? (and removed
from where?)

These groups are available which mention Windows 7:-

it.comp.os.win.windows7

microsoft.public.it.windows7

alt.windows7.general

--
Dave (Sometimes man stumbles over the truth ...... Sir Winston Churchill)
 
Reply With Quote
 
 
 
 
Mike Easter
Guest
Posts: n/a
 
      01-23-2010
Posted to a.c.s only
~BD~ wrote:
> This was posted to the group (homeusers) using news.btinternet.com but
> it doesn't show up on msnews.microsoft.com
>
> Why might that be?


Path below edited by spacing bangs for wrapping.

> Path: border1.nntp.ams.giganews.com! border2.nntp.ams.giganews.com! feeder1.cambriumusenet.nl! feed.tweaknews.nl! 209.197.12.242.MISMATCH! nx01.iad01.newshosting.com! newshosting.com! 69.16.185.16.MISMATCH! npeer02.iad.highwinds-media.com! news.highwinds-media.com! feed-me.highwinds-media.com! border1.nntp.dca.giganews.com! nntp.giganews.com! local2.nntp.dca.giganews.com! nntp.bt.com! news.bt.com.POSTED! not-for-mail


> Message-ID: <(E-Mail Removed)>


Every newsserver has its own style of feeds and administration which
includes such as cleanfeed and NoCeUm methods for filtering or
autodeleting or cancelling.

The message in question appeared on NIN news.individual.net. If you
acquire enough news server accounts, you can do an assessment of how
many got the message and how many didn't.

Your path shows that you posted the message via the bt news server and
it propagated to bt's outsourced giganews and then via a big newshosting
outfit with highwinds and then to tweaknews and cambriumusenet.nl and
back to you via the giganews server.

My path (bangs spaced)...

Path: uni-berlin.de!fu-berlin.de! news.glorb.com!
npeer02.iad.highwinds-media.com! news.highwinds-media.com!
feed-me.highwinds-media.com! Xl.tags.giganews.com!
border1.nntp.dca.giganews.com! nntp.giganews.com!
local2.nntp.dca.giganews.com! nntp.bt.com! news.bt.com.POSTED! not-for-mail
NNTP-Post

.... shows your insertion propagating to giga and highwinds (as yours
did) and thence to glorb and NIN.

Howard Knight's tool doesn't show the complete path, just your insertion.

Google's archive, which MID search tool is largely deprecated, works on
this MID to show:

Path: g2news1.google.com! news1.google.com! Xl.tags.giganews.com!
border1.nntp.dca.giganews.com! nntp.giganews.com!
local2.nntp.dca.giganews.com! nntp.bt.com!news.bt.com.POSTED! not-for-mail

....your insertion bt > giga > google.

None of those propagations involve anything about the msnews newsserver.

If your question is actually about how and why the msnews newsserver is
admin'ed in the way it is, you would have to take that up with someone
who knows. Apparently the previous admins don't do that now.


--
Mike Easter
 
Reply With Quote
 
 
 
 
David H. Lipman
Guest
Posts: n/a
 
      01-23-2010
From: "Mike Easter" <(E-Mail Removed)>

| Posted to a.c.s only
| ~BD~ wrote:
>> This was posted to the group (homeusers) using news.btinternet.com but
>> it doesn't show up on msnews.microsoft.com


>> Why might that be?


| Path below edited by spacing bangs for wrapping.

>> Path: border1.nntp.ams.giganews.com! border2.nntp.ams.giganews.com!
>> feeder1.cambriumusenet.nl! feed.tweaknews.nl! 209.197.12.242.MISMATCH!
>> nx01.iad01.newshosting.com! newshosting.com! 69.16.185.16.MISMATCH!
>> npeer02.iad.highwinds-media.com! news.highwinds-media.com!
>> feed-me.highwinds-media.com! border1.nntp.dca.giganews.com! nntp.giganews.com!
>> local2.nntp.dca.giganews.com! nntp.bt.com! news.bt.com.POSTED! not-for-mail


>> Message-ID: <(E-Mail Removed)>


| Every newsserver has its own style of feeds and administration which
| includes such as cleanfeed and NoCeUm methods for filtering or
| autodeleting or cancelling.

| The message in question appeared on NIN news.individual.net. If you
| acquire enough news server accounts, you can do an assessment of how
| many got the message and how many didn't.

| Your path shows that you posted the message via the bt news server and
| it propagated to bt's outsourced giganews and then via a big newshosting
| outfit with highwinds and then to tweaknews and cambriumusenet.nl and
| back to you via the giganews server.

| My path (bangs spaced)...

| Path: uni-berlin.de!fu-berlin.de! news.glorb.com!
| npeer02.iad.highwinds-media.com! news.highwinds-media.com!
| feed-me.highwinds-media.com! Xl.tags.giganews.com!
| border1.nntp.dca.giganews.com! nntp.giganews.com!
| local2.nntp.dca.giganews.com! nntp.bt.com! news.bt.com.POSTED! not-for-mail
| NNTP-Post

| ... shows your insertion propagating to giga and highwinds (as yours
| did) and thence to glorb and NIN.

| Howard Knight's tool doesn't show the complete path, just your insertion.

| Google's archive, which MID search tool is largely deprecated, works on
| this MID to show:

| Path: g2news1.google.com! news1.google.com! Xl.tags.giganews.com!
| border1.nntp.dca.giganews.com! nntp.giganews.com!
| local2.nntp.dca.giganews.com! nntp.bt.com!news.bt.com.POSTED! not-for-mail

| ...your insertion bt > giga > google.

| None of those propagations involve anything about the msnews newsserver.

| If your question is actually about how and why the msnews newsserver is
| admin'ed in the way it is, you would have to take that up with someone
| who knows. Apparently the previous admins don't do that now.


The answer is relatively simple. Filters on the MS New Server do NOT like the alt.*
hierarchy.
Thus the news group... alt.windows7.general
Was most likely the trigger that casued the post to be blocked from being posted.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
Mike Easter
Guest
Posts: n/a
 
      01-23-2010
David H. Lipman wrote:
> "Mike Easter"


> | If your question is actually about how and why the msnews newsserver is
> | admin'ed in the way it is, you would have to take that up with someone
> | who knows. Apparently the previous admins don't do that now.
>
>
> The answer is relatively simple. Filters on the MS New Server do NOT like the alt.*
> hierarchy.
> Thus the news group... alt.windows7.general
> Was most likely the trigger that casued the post to be blocked from being posted.


Such a filter would be really weird and inappropriate and tending toward
reckless behavior.

Are you suggesting that you think that the msnews filter would filter
your post and this one of mine?


--
Mike Easter
 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      01-23-2010
From: "Mike Easter" <(E-Mail Removed)>

| David H. Lipman wrote:
>> "Mike Easter"


>> | If your question is actually about how and why the msnews newsserver is
>> | admin'ed in the way it is, you would have to take that up with someone
>> | who knows. Apparently the previous admins don't do that now.



>> The answer is relatively simple. Filters on the MS New Server do NOT like the alt.*
>> hierarchy.
>> Thus the news group... alt.windows7.general
>> Was most likely the trigger that casued the post to be blocked from being posted.


| Such a filter would be really weird and inappropriate and tending toward
| reckless behavior.

| Are you suggesting that you think that the msnews filter would filter
| your post and this one of mine?


Well if it was x-posted from Usenet at large to the MS News Server, yes.

For example a post made from usenet at large via...
alt.comp.virus,alt.comp.anti-virus,microsoft.public.security.virus

Would NOT be found on the MS News Server in the microsoft.public.security.virus group.

Likewise I have posted to the MS News Server and have suggested the use of alt.comp.virus
& alt.comp.anti-virus and the posts get blocked.
However if I obfuscate it as; alt. comp.virus & alt. comp.anti-virus the post will go
through and not be blocked.

I don't know all the 'rules' applied but there is indeed much rules based filtering on the
Microsoft News server.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
Mike Easter
Guest
Posts: n/a
 
      01-23-2010
David H. Lipman wrote:
> "Mike Easter"
> | David H. Lipman wrote:


>>> Filters on the MS New Server do NOT like the alt.*
>>> hierarchy.
>>> Thus the news group... alt.windows7.general
>>> Was most likely the trigger that casued the post to be blocked from being posted.

>
> | Such a filter would be really weird and inappropriate and tending toward
> | reckless behavior.
>
> | Are you suggesting that you think that the msnews filter would filter
> | your post and this one of mine?
>
>
> Well if it was x-posted from Usenet at large to the MS News Server, yes.


Let's be clear that we are talking about such a string occurring in the
body, not crossposted with alt groups in the Newsgroups line.

> For example a post made from usenet at large via...
> alt.comp.virus,alt.comp.anti-virus,microsoft.public.security.virus
>
> Would NOT be found on the MS News Server in the microsoft.public.security.virus group.


Those lines are saying crossposted; not about the body only.

> Likewise I have posted to the MS News Server and have suggested the use of alt.comp.virus
> & alt.comp.anti-virus and the posts get blocked.


Those lines appear to be saying in the body only.

> However if I obfuscate it as; alt. comp.virus & alt. comp.anti-virus the post will go
> through and not be blocked.


Obfuscated body string works.

> I don't know all the 'rules' applied but there is indeed much rules based filtering on the
> Microsoft News server.


My limited observation shows it to appear to have been a poorly admin/ed
newsserver in the past - notwithstanding whether or not some of your
friends may have been involved with its admin.

Trying to automoderate a news server which is feeding and being fed by
news servers worldwide is a whacky idea.

The perils of trying to have a news server integrated with a web system
are also well established and practically impossible to solve smoothly.


--
Mike Easter
 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      01-23-2010
From: "Mike Easter" <(E-Mail Removed)>

| David H. Lipman wrote:
>> "Mike Easter"
>> | David H. Lipman wrote:


>>>> Filters on the MS New Server do NOT like the alt.*
>>>> hierarchy.
>>>> Thus the news group... alt.windows7.general
>>>> Was most likely the trigger that casued the post to be blocked from being posted.


>> | Such a filter would be really weird and inappropriate and tending toward
>> | reckless behavior.


>> | Are you suggesting that you think that the msnews filter would filter
>> | your post and this one of mine?



>> Well if it was x-posted from Usenet at large to the MS News Server, yes.


| Let's be clear that we are talking about such a string occurring in the
| body, not crossposted with alt groups in the Newsgroups line.

>> For example a post made from usenet at large via...
>> alt.comp.virus,alt.comp.anti-virus,microsoft.public.security.virus


>> Would NOT be found on the MS News Server in the microsoft.public.security.virus
>> group.


| Those lines are saying crossposted; not about the body only.

>> Likewise I have posted to the MS News Server and have suggested the use of
>> alt.comp.virus
>> & alt.comp.anti-virus and the posts get blocked.


| Those lines appear to be saying in the body only.

>> However if I obfuscate it as; alt. comp.virus & alt. comp.anti-virus the post will
>> go
>> through and not be blocked.


| Obfuscated body string works.

>> I don't know all the 'rules' applied but there is indeed much rules based filtering on
>> the
>> Microsoft News server.


| My limited observation shows it to appear to have been a poorly admin/ed
| newsserver in the past - notwithstanding whether or not some of your
| friends may have been involved with its admin.

| Trying to automoderate a news server which is feeding and being fed by
| news servers worldwide is a whacky idea.

| The perils of trying to have a news server integrated with a web system
| are also well established and practically impossible to solve smoothly.


Go back to the thread that started this all.

You will see that I posted comments concerning two MS News Server admins, D. Hite and J.
Eddy and I posted it through the Microsoft News Server and via GigaNews.

You won't find those articles on the MS News server but they exist on Usenet at large. I
don't know what strings hit their filters. Maybe the past news server admin names ? Too
much 'insider' information ? I don't know. However it does prove my point.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
Jim Watt
Guest
Posts: n/a
 
      01-23-2010
On Sat, 23 Jan 2010 08:55:27 -0800, Mike Easter <(E-Mail Removed)>
wrote:


>Are you suggesting that you think that the msnews filter would filter
>your post and this one of mine?


Its a tactic to reduce spam to filter out messages posted to
a number of groups. Personally I normally only ever post to
one at a time and trim the headers accordingly.

Its considered bad practice to post to more than four.

But newsgroups, despite their advantages are in decline
which is a pity as they offer a wider audience than forums.

Google really screwed it up by introducing 'google groups'
rather than just keeping a newsgroup archive.

--
Jim Watt
http://www.gibnet.com
 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      01-24-2010
From: "Jim Watt" <(E-Mail Removed)_way>

| On Sat, 23 Jan 2010 08:55:27 -0800, Mike Easter <(E-Mail Removed)>
| wrote:


>>Are you suggesting that you think that the msnews filter would filter
>>your post and this one of mine?


| Its a tactic to reduce spam to filter out messages posted to
| a number of groups. Personally I normally only ever post to
| one at a time and trim the headers accordingly.

| Its considered bad practice to post to more than four.

| But newsgroups, despite their advantages are in decline
| which is a pity as they offer a wider audience than forums.

| Google really screwed it up by introducing 'google groups'
| rather than just keeping a newsgroup archive.

I agree with that statement.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 
Reply With Quote
 
Beauregard T. Shagnasty
Guest
Posts: n/a
 
      01-24-2010
In alt.computer.security, ~BD~ stupidly cross-posted:

> Methinks Peter Foldes was crying wolf once too often!


Methinks BoaterDave has run out of his anti-paranoia medicine.

Again.

--
-bts
-Four wheels carry the body; two wheels move the soul
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Very Dangerous post Beauregard T. Shagnasty Computer Support 0 01-24-2010 01:16 AM
very very very long integer shanx__=|;- C Programming 19 10-19-2004 03:55 PM
very very very long integer Abhishek Jha C Programming 4 10-17-2004 08:19 AM
Quick Book file access very very very slow Thomas Reed Computer Support 7 04-09-2004 08:09 PM
very Very VERY dumb Question About The new Set( ) 's Raymond Arthur St. Marie II of III Python 4 07-27-2003 12:09 AM



Advertisments